Pandora.ly logo

Pandora.ly Privacy Policy (B2B)

Effective date: 5 February 2026

This Privacy Policy explains how GLORIAPR Ltd (we, us, our) processes personal data in connection with the Pandora.ly website and reseller platform (the Services).

This Privacy Policy does not replace the privacy notices that Resellers must provide to their own end customers and participants. Where we process participant data on behalf of a Reseller, the Reseller is typically the controller and we are the processor (see below).

1) Who we are

GLORIAPR Ltd
182-184 High Street North, East Ham, London, E6 2JA, Office 12012
Company number: 16313878
Contact: support@b5.ly

If you are a Reseller and need a signed Data Processing Agreement (DPA), contact us at support@b5.ly.

2) Key definitions

  • Reseller: a business customer using Pandora.ly (including its administrators and representatives).
  • End Customer / Participant: an individual who interacts with a Reseller storefront or completes an assessment that the Reseller offers.
  • Reseller Account Data: personal data about Reseller administrators/representatives.
  • Participant Data: personal data processed in connection with a participant assessment, results, and report.

3) Our role: controller vs processor

3.1 Reseller Account Data (we are controller)

For Reseller Account Data, we act as a data controller. We determine why and how Reseller Account Data is processed to operate the Services (account creation, credits/billing administration, security, support, and compliance).

3.2 Participant Data (we are processor; Reseller is controller)

For Participant Data processed through a Reseller storefront or via Reseller instructions, the Reseller is the data controller and we act as a data processor, processing Participant Data on the Reseller documented instructions to provide the assessment experience, generate reports, and provide platform functionality.

3.3 Security and integrity (we may be controller for limited technical data)

We may process certain technical and security data (for example IP address, device/browser details, and security logs) as a controller to protect the Services, prevent fraud/abuse, and maintain integrity.

3.4 Rights requests

  • Reseller administrators should contact us at support@b5.ly.
  • End Customers/Participants should generally contact the Reseller first. If an End Customer/Participant contacts us directly, we will generally redirect them to the Reseller and assist the Reseller where required under our DPA and applicable law.

4) Data we collect

4.1 Reseller Account Data (controller)

We may collect and process:

  • identity and contact details (name, business email),
  • company/organisation information (company name and related account details),
  • credits and billing administration data (for example invoices/receipts, transaction identifiers, billing country and address fields where provided),
  • communications (support requests and messages sent to us), and
  • technical/security data (IP address, device/browser information, authentication events, and administrative access logs).

4.2 Participant Data (processor)

When a Reseller uses the Services, we may process Participant Data such as:

  • identifiers (for example name and email) if provided by the Reseller,
  • assessment content and results (responses, derived scores, and report outputs),
  • usage and technical data (timestamps, IP address, and device/browser details) for security and integrity.

Resellers may choose what participant identifiers to provide. Resellers are responsible for providing appropriate notices and obtaining any necessary consents.

5) How we use data (purposes)

5.1 As controller (Reseller Account Data)

We use Reseller Account Data to:

  • create and manage Reseller accounts and administrator access,
  • provide customer support and respond to inquiries,
  • administer credits and billing (including fraud prevention and payment reconciliation),
  • secure and maintain the Services, and
  • comply with legal obligations and enforce our terms.

5.2 As processor (Participant Data)

We use Participant Data only to provide the Services to the Reseller (for example, to deliver assessments and generate reports) and as otherwise permitted under our DPA and applicable law.

6) Payments

6.1 Reseller purchases from Pandora (B2B)

When you purchase credit packs from us, payment processing is handled by our payment processor (for example Stripe). We receive limited billing and transaction data necessary to provision credits and operate the Services.

6.2 End-customer purchases from Resellers (B2C)

End Customers purchase from the Reseller. The Reseller is the merchant of record for those transactions. We are not responsible for Reseller sales terms or end-customer payment disputes.

7) Subprocessors and service providers

We use third-party service providers (subprocessors) to operate the Services. This may include providers for:

  • payment processing (for example Stripe),
  • application hosting (for example Vercel),
  • database infrastructure (Neon, PostgreSQL database, provisioned via Vercel integration where applicable),
  • email delivery (for example Resend), and
  • security, monitoring, and operational tooling.

Resellers may request an updated list of subprocessors by contacting support@b5.ly.

8) Retention

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy, including to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements.

When data is deleted, it may persist in backups for a limited period in accordance with our backup and retention practices.

9) International transfers

Our service providers may process data in different countries. Where international transfers apply, we use appropriate safeguards as required by applicable law (for example contractual clauses).

10) Security

We implement technical and organisational measures designed to protect personal data, including access controls and encryption in transit (HTTPS/TLS). No method of transmission or storage is completely secure, but we maintain safeguards proportionate to the nature of the Services.

11) Cookies

We use essential cookies and similar technologies (including local storage) to operate the Services, including authentication, security, and saving preferences such as language and theme. See the Cookie Policy for details.

12) Children

The Services are not intended for individuals under 18. Resellers must not invite or submit data relating to individuals under 18.

13) Changes to this Privacy Policy

We may update this Privacy Policy from time to time. We will post the updated version on pandora.ly and revise the effective date.

14) Contact

For privacy questions or requests, contact:

support@b5.ly
Subject: Privacy Request