Privacy Policy

This Privacy Policy ("Policy") describes how WorkwrK ("Company," "we," "us," or "our") collects, uses, stores, shares, and protects your personal information when you access or use the WorkwrK platform, including all associated services, features, content, and applications (collectively, the "Service"). By accessing or using the Service, you consent to the practices described in this Policy. If you do not agree with this Policy, please do not use the Service.

1. Information We Collect

We collect different categories of information depending on how you interact with the Service:

Account Information

When you create an account, we collect your name, email address, phone number, job title, and authentication credentials. If you sign up on behalf of an organization, we also collect your company name, business address, and billing details.

Organization Data

Through your use of the Service, you and your authorized users may upload or generate organizational data including employee records, team structures, performance reviews, KPI definitions and scores, task assignments, standard operating procedures, attendance records, survey responses, goals, and other operational content ("Customer Data"). You retain full ownership of all Customer Data as outlined in our Terms of Service.

Usage Data

We automatically collect information about how you interact with the Service, including pages visited, features used, actions taken, timestamps, session duration, click patterns, and search queries. This data helps us understand how the Service is used and identify opportunities for improvement.

Device & Technical Information

We collect technical information from the devices you use to access the Service, including IP address, browser type and version, operating system, device type, screen resolution, language preferences, and referring URLs. This information is used for security monitoring, troubleshooting, and optimizing the Service for different devices and environments.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Service Delivery — To provide, operate, and maintain the Service, including processing your requests, managing your account, and delivering the core functionality of each module (People Management, KPI Tracking, Task Management, Performance Reviews, and all other features).
• Analytics & Improvement — To analyze usage patterns, diagnose technical issues, measure feature adoption, and improve the performance, reliability, and user experience of the Service. We may use anonymized, aggregated data to generate industry benchmarks and insights.
• Customer Support — To respond to your inquiries, troubleshoot issues, provide technical assistance, and deliver onboarding guidance. Support interactions may be logged to improve the quality of our assistance.
• Communication — To send you transactional notifications (such as account confirmations, billing receipts, security alerts, and system updates), as well as product announcements and feature updates. You can opt out of non-essential communications at any time through your account settings.
• Security & Fraud Prevention — To detect, prevent, and respond to security incidents, unauthorized access attempts, and fraudulent activity.
• Legal Compliance — To comply with applicable laws, regulations, legal processes, and enforceable governmental requests.

3. Data Storage & Security

We take the security of your data seriously and implement industry-standard technical and organizational measures to protect it:

• Encryption at Rest — All Customer Data and personal information stored in our databases is encrypted using AES-256 encryption, one of the strongest block cipher standards available.
• Encryption in Transit — All data transmitted between your device and our servers is protected using TLS 1.2 or higher, ensuring that your information cannot be intercepted during transmission.
• Secure Infrastructure — The Service is hosted on enterprise-grade cloud infrastructure with SOC 2 Type II compliance, redundant storage, automated backups, and 24/7 infrastructure monitoring. Access to production systems is restricted to authorized personnel through multi-factor authentication and role-based access controls.
• Regular Audits — We conduct periodic security assessments, penetration testing, and code reviews to identify and remediate vulnerabilities.

While we strive to protect your information using commercially reasonable measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security, but we are committed to promptly notifying affected users in the event of a data breach in accordance with applicable law.

4. Data Sharing

We do not sell your personal data. We do not sell, rent, or trade your personal information or Customer Data to third parties for their marketing or advertising purposes.

We may share your information with the following categories of third-party service providers (sub-processors) who assist us in operating the Service:

• Payment Processors — To process subscription payments and manage billing. Payment processors receive only the information necessary to complete transactions and are PCI DSS compliant.
• Email & Communication Providers — To deliver transactional emails, notifications, and support communications on our behalf.
• Cloud Hosting & Infrastructure — To store and process data on secure, compliant cloud infrastructure.

All third-party service providers are bound by contractual obligations to maintain the confidentiality and security of your data and are prohibited from using it for any purpose other than fulfilling their services to us. We conduct due diligence on all sub-processors and maintain an up-to-date list of providers available upon request.

We may also disclose your information if required to do so by law, regulation, legal process, or governmental request, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.

5. Data Retention

We retain your information according to the following schedule:

• Active Accounts — Your personal information and Customer Data are retained for as long as your account remains active and you maintain a valid subscription. We will continue to store and process your data as necessary to provide the Service.
• After Account Termination — Upon termination of your account, we retain your Customer Data for 30 days to allow you to request a data export or reactivate your account. After this 30-day window, your Customer Data will be permanently deleted from our active systems.
• Backups — Residual copies of your data may persist in encrypted backup systems for up to 90 days following deletion from active systems, after which they are automatically purged. Backup data is not accessible for operational use and is retained solely for disaster recovery purposes.

Certain information may be retained beyond these periods where required by applicable law, regulation, or legitimate legal obligations (such as tax, accounting, or audit requirements).

6. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Right of Access — You may request a copy of the personal information we hold about you, including the categories of data collected, the purposes of processing, and any third parties with whom it has been shared.
• Right to Correction — You may request that we correct any inaccurate or incomplete personal information we hold about you. You can also update most of your information directly through your account settings.
• Right to Deletion — You may request that we delete your personal information and Customer Data, subject to our retention obligations and any legal requirements that may prevent immediate deletion.
• Right to Data Export — You may request an export of your Customer Data in a standard, machine-readable format (such as CSV or JSON) at any time during your active subscription or within 30 days of account termination.
• Right to Restrict Processing — You may request that we limit the processing of your personal information in certain circumstances, such as while we verify the accuracy of your data or evaluate an objection to processing.

To exercise any of these rights, please contact us at privacy@workwrk.com. We will respond to your request within 30 days, or as required by applicable law. We may need to verify your identity before processing your request.

7. Cookies & Tracking

We use essential cookies only. These cookies are strictly necessary for the operation of the Service and enable core functionality such as user authentication, session management, security protections, and preference storage. The Service cannot function properly without these cookies.

We do not use third-party advertising trackers. We do not embed third-party ad networks, social media tracking pixels, or cross-site tracking technologies in the Service. Your activity on WorkwrK is not tracked by external advertisers or data brokers.

You can configure your browser to block or delete cookies, but doing so may impair your ability to use certain features of the Service. By continuing to use the Service, you consent to our use of essential cookies as described above.

8. Children's Privacy

The Service is designed for use by businesses and professionals and is not intended for individuals under the age of 18. We do not knowingly collect personal information from anyone under 18 years of age.

If we become aware that we have inadvertently collected personal information from a person under 18, we will take prompt steps to delete that information from our systems. If you believe that a child under 18 has provided us with personal information, please contact us immediately at privacy@workwrk.com.

9. International Data Transfers

WorkwrK operates from India, and your data may be processed and stored in India or in other jurisdictions where our cloud infrastructure providers maintain data centers. If you access the Service from outside India, your information may be transferred to, stored in, and processed in a jurisdiction with data protection laws that differ from those in your country of residence.

Where we transfer personal data across borders, we implement appropriate safeguards to ensure that your information receives an adequate level of protection, including contractual obligations with our sub-processors, compliance with applicable data transfer frameworks, and adherence to the data protection requirements of relevant jurisdictions.

By using the Service, you consent to the transfer of your information to India and other jurisdictions as described in this Policy. If you have concerns about international data transfers, please contact us before using the Service.

10. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time. When we make changes, we will revise the "Effective Date" at the top of this page and post the updated Policy on our website.

For material changes that significantly affect how we collect, use, or share your personal information, we will provide prominent notice through the Service or via email to the address associated with your account at least 30 days before the changes take effect.

Your continued use of the Service after the updated Policy becomes effective constitutes your acceptance of the revised terms. If you do not agree with the changes, you must stop using the Service and terminate your account before the updated Policy takes effect.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

WorkwrK
Email: privacy@workwrk.com
Website: https://workwrk.com

For data protection inquiries specific to the Digital Personal Data Protection Act, 2023 or other applicable privacy regulations, please direct your correspondence to our Data Protection Officer at privacy@workwrk.com.