HR holds more sensitive personal data than almost any other function. Where you store it matters more than most people realise.
Bigby gives HR teams and HR consultants encrypted, UK-based cloud storage built around the data protection obligations that come with handling employee information.
Salary data, disciplinary records, health disclosures. The sensitivity of what HR holds rarely gets the storage arrangements it deserves.
HR sits at the intersection of some of the most sensitive data an organisation holds: health and disability records, performance and disciplinary files, salary information, right to work documents, and redundancy plans. Employees share that information because they have to, not because they have a choice.
Most HR teams store their files wherever the broader organisation’s IT settled on first – often a general-purpose cloud platform whose terms were written for productivity, not for the protection of sensitive personal data. As a data controller under UK GDPR, the function that holds the most personal data in the business is also the one that carries the most exposure if something goes wrong.
The risks standard cloud storage creates for HR
General-purpose cloud platforms were not built with HR data in mind. The gap between what those services offer and what the data HR holds actually requires is worth understanding.
Special category data in every HR folder
Health and disability information, pregnancy and maternity records, religious beliefs relevant to leave or workplace adjustments, and trade union membership are all GDPR special categories requiring the highest level of protection. HR files routinely contain all of them. Storing them on a platform that can scan content, applies broad data usage rights, or holds data outside the UK creates exposure that sits squarely on the HR function as data controller.
Employment tribunal and subject access risk
In the event of an employment dispute, HR files become disclosable. The integrity, completeness, and security of your records becomes a matter for scrutiny. Subject access requests give employees the right to see what you hold and how it has been handled. A storage arrangement that lacks clear data residency, proper access controls, or audit trails is a liability in a tribunal context that is entirely avoidable.
Salary, redundancy, and commercial sensitivity
Salary bandings, bonus structures, redundancy lists, and succession plans are among the most commercially and personally sensitive documents an organisation produces. Their exposure, whether through a platform breach, overly broad access permissions, or data leaving UK jurisdiction, creates consequences that extend well beyond an ICO investigation. The trust damage within the workforce alone can be severe.
Overseas data exposure
The major US cloud providers store data under US jurisdiction. Mechanisms exist under US law by which that data can be accessed by US authorities, regardless of where it is physically held. For employee records, which are some of the most personal data any organisation processes, that is an exposure most employees would not knowingly consent to if clearly explained to them.
How Bigby works
Encryption at rest, UK infrastructure, and no business model built on your employee data
Unlike the major cloud platforms, Bigby does not scan, analyse, or profit from the files you store. Here is how that works.
01. Encrypted at rest
Your files are encrypted on our UK servers. The data stored on our infrastructure is in encrypted form, which provides meaningful protection in the event of a storage breach and ensures HR records are not sitting as readable plain text on any server.
02. No access to file contents
Bigby does not open, scan, or read the contents of what you store. We have no business reason to and our data processing terms prohibit it. Performance records, salary documents, disciplinary files, and health correspondence are stored without anyone at Bigby reading them.
03. No AI training or secondary use
Your stored content is not used for AI training, advertising targeting, or any analysis of any kind. The subscription fee covers the cost of running the service. That is the entire arrangement.
04. Employee data stays in the UK
All data is stored on UK-based infrastructure. UK GDPR applies. There is no transfer to US servers and no exposure to US jurisdiction. Your employees’ personal information does not leave the UK.
Frequently asked questions
What types of HR data can we store on Bigby?
Any file your HR function holds. Employment contracts, offer letters, right to work documents, performance reviews, disciplinary and grievance records, absence and health information, salary and bonus documentation, redundancy paperwork, and general HR correspondence can all be stored securely. Bigby does not access the contents of stored files, and all data is held on UK infrastructure under UK GDPR.
How does Bigby help with subject access requests and employment tribunal disclosure?
Bigby provides a clear, organised storage environment with access controls you manage. Files are stored in encrypted form and can be retrieved and shared as required. For subject access requests, the ability to demonstrate that employee records are held in a structured, access-controlled system with UK data residency is considerably more defensible than an ad hoc collection of files across a general-purpose cloud drive. For specific legal advice on data disclosure obligations, we recommend consulting an employment law specialist.
Can we control which HR staff access which files?
Yes. The Group plan provides shared encrypted storage with per-user access, allowing you to structure folders and permissions so that different team members access only what is relevant to their role. A recruitment coordinator does not need access to disciplinary files; a payroll manager does not need access to performance review notes. That kind of separation is straightforward to maintain on Bigby.
What happens if Bigby receives a legal demand related to our employee data?
Bigby is a UK company subject to UK law. We may be required to comply with lawful UK court orders or other legal demands. We do not hold data under US jurisdiction and are not subject to the CLOUD Act. We will challenge any demands we consider unlawful and will notify users where the law permits. For advice on how this intersects with your specific data protection or employment obligations, we recommend a qualified data protection specialist.
We are a small HR team. What plan suits us best?
For teams of three or more, the Group plan provides shared encrypted storage, document collaboration, and per-user access controls from £4.99 per user per month on annual billing. For a standalone HR consultant or a sole HR manager storing and working with files independently, the Office plan provides encrypted document editing within your Bigby workspace, which many HR practitioners find useful for drafting policies and correspondence without passing content through a general-purpose application.
How does Bigby’s commercial model work?
Bigby charges a straightforward fee for storage. There is no advertising, no data monetisation, and no secondary use of stored content. The service is funded entirely by subscription. For HR professionals who need a clear and auditable basis for their choice of storage provider, and who understand better than most the risks of platforms with opaque data practices and that simplicity matters.
Storage that matches the sensitivity of what HR actually holds
Private, encrypted, UK-based cloud storage from £3.99 per month. Built for teams who handle people’s most sensitive data and can’t afford to treat storage as an afterthought.
Annual billing · All prices in GBP · UK data residency · GDPR compliant