Your data, protected.
This policy explains how the ESS platform collects, uses, and protects personal data for each tenant organization.
Read alongside our Terms & Conditions which govern your use of the portal.
Contents
Overview
This Privacy Policy describes how the Employee Self-Service (ESS) platform collects, uses, stores, and protects personal data entered by authorized users of tenant organizations. Each organization controls its own employee records, configuration, workflows, and tenant-level access.
By using the ESS platform, authorized users acknowledge that their data will be handled as described in this policy. Use of the portal constitutes acceptance of these practices.
Data We Collect
We collect the following categories of personal data through the ESS platform:
Identity & Employment Data: Full name, employee code, email address, joining date, department, designation, role, manager assignment, employment type (full-time, part-time, intern, contract), and probation end date.
Personal & Demographic Data: Date of birth, gender, blood group, marital status, father and mother name, and residential address including city, state, country, and PIN code.
Contact Information: Personal phone number, alternate phone, secondary email address, and emergency contact name and phone.
Financial & Identity Documents: Aadhaar number, PAN number, bank account number, bank name, and IFSC code. These are collected solely for payroll and statutory compliance purposes.
Attendance, Roster & Location Data: Check-in and check-out timestamps, roster days, shift assignments, GPS coordinates at time of attendance (for geo-fenced verification), IP address, and attendance photo URL.
Work Activity Data: Daily task logs, project associations, hours spent, on-duty request details, leave requests and types, expense claims with receipt images, and asset assignments.
Security Data: Hashed passwords, two-factor authentication secrets (TOTP), session version numbers, and password reset tokens.
User Preference Data: Dashboard widget visibility and order, sidebar favorite navigation ids, appearance preferences such as font family and text size, and timestamps for preference updates.
Profile Media: Profile photograph, uploaded receipt images, and asset images where applicable.
How We Use Your Data
Your data is used exclusively for the following internal operational purposes:
Workforce Operations: Managing rosters, attendance, leave, on-duty, and regularization processes. Processing expense claims and maintaining audit trails for approvals.
Asset & Resource Management: Tracking organization-assigned devices, software subscriptions, and other physical or digital assets allocated to employees.
Performance & Development: Running skill evaluation cycles, recording task completion, and generating reports for performance reviews.
Security & Access Control: Enforcing role-based access control, two-factor authentication, session management, and audit logging to maintain platform security.
User Experience Preferences: Remembering dashboard layout, sidebar favorites, and appearance settings so employees can personalize the portal without changing profile, security, or administrative data.
HR Administration: Facilitating onboarding, managing employee status transitions, department assignments, and offboarding processes.
Communications: Sending in-app Notification Center messages for approvals, rejections, workflow updates, employee status changes, holidays, and announcements. Notifications may include unread/read status, internal links, and recipient targeting by role, reporting relationship, or department.
Compliance & Reporting: Generating attendance, expense, leave, and task reports for management review and statutory compliance where applicable.
We do not use your data for advertising, marketing, profiling for commercial purposes, or any purpose not listed above.
Data Sharing & Disclosure
We do not sell, rent, or trade your personal data to any third party. Data may be accessed or shared in the following limited circumstances:
Tenant Access: Managers can view attendance, task, and leave data for their direct reports. Directors and Admins have broader access within their organization scope. Tenant System Admins have administrative access inside their organization. Organizational Admins can manage platform-level organization setup without becoming a normal employee in every tenant.
Service Providers: Third-party infrastructure providers (cloud hosting, database services) process data on our behalf under strict data processing agreements. These providers are contractually prohibited from using your data for any purpose other than providing the service.
Legal Requirements: We may disclose data if required by applicable Indian law, court order, or regulatory authority. We will notify affected employees to the extent permitted by law.
Business Transfers: In the event of a merger, acquisition, or restructuring, employee data may be transferred to the successor entity, which will be bound by equivalent privacy protections.
Data Security
We implement technical and organisational measures to protect your personal data against unauthorised access, loss, alteration, or disclosure:
Passwords are hashed using industry-standard algorithms and are never stored in plain text. Session tokens are versioned and invalidated on password change or admin reset.
Two-factor authentication (TOTP) is enforced by default for all accounts, providing an additional layer of protection beyond passwords.
Attendance location data is captured at the point of check-in and is not tracked continuously. The geo-fence radius is set by administrators and verified server-side only at the time of punch.
Access to sensitive data fields (Aadhaar, PAN, bank details) is restricted by role. Only System Admins and designated HR personnel have access to financial identity data.
All data in transit is encrypted using TLS. Database access is restricted to internal systems and authenticated service connections only.
Despite these measures, no system can guarantee absolute security. Employees are responsible for maintaining the confidentiality of their credentials and for reporting suspected unauthorised access promptly.
Data Retention
We retain personal data for as long as necessary to fulfill the purposes described in this policy:
Active employment data is retained for the duration of employment plus an additional 7 years in accordance with Indian labour law and tax compliance requirements.
Attendance and leave records are retained for a minimum of 3 years from the date of creation.
Expense claims and receipts are retained for a minimum of 7 years for financial audit compliance.
Security logs, session records, and password reset tokens are retained for 12 months and then purged. In-app Notification Center records are retained for 15 days and then automatically deleted.
User preference records are retained while the employee account exists and are deleted or anonymised along with the employee account according to the applicable employment-data retention schedule.
Profile photographs and uploaded documents are retained for the duration of employment. Employees may request removal of such media post-employment by contacting the system administrator.
When an employee's account is moved to TERMINATED or DEACTIVATED status, their data is preserved in a read-only state for the applicable retention period and then deleted or anonymised.
Your Rights
As an employee using the ESS platform, you have the following rights with respect to your personal data:
Right to Access: You may request a summary of personal data held about you by contacting your organization HR or system administrator.
Right to Correction: If any information in your profile is inaccurate, you may update it directly through the portal's profile section or request a correction via the HR team.
Right to Deletion: Upon the end of your employment, you may request deletion of data not required for legal compliance. Requests are subject to applicable retention obligations.
Right to Portability: You may request a structured copy of your personal data in a machine-readable format through your organization HR or system administrator.
Right to Object: You may raise concerns about how your data is being used by contacting your tenant administrator. Response timelines may vary by organization policy.
To exercise any of these rights, please contact the HR or IT team through the details listed on the Contact page.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal obligations, or platform features. When material changes are made, we will update the "Last Updated" date shown at the top of this page and may issue an in-portal announcement.
Continued use of the ESS platform following the posting of changes constitutes acceptance of the revised policy. We encourage employees to review this page periodically.
Questions about your data?
Reach out to the HR or IT team - we're happy to clarify anything.
