Privacy Policy

1. Information We Collect

Personal Information

When you use our HR software platform, we collect information that identifies you personally:

• Contact information (name, email address, phone number)
• Account credentials and authentication data
• Professional information (job title, company name, department)
• Payment and billing information for our services
• Communications with our support team

Automatically Collected Information

We automatically collect certain information when you visit our website:

• IP address and device identifiers
• Browser type and operating system
• Pages visited and time spent on our website
• Referring website and search terms
• Usage patterns and feature interactions

HR System Data

When you use our Human Capital Management software, we process employee data on behalf of your organization, including payroll information, attendance records, performance data, and other HR-related information as determined by your organization's use of our services.

2. How We Use Your Information

We use the collected information for the following purposes:

• Providing and maintaining our HR software services
• Processing payments and managing your account
• Communicating with you about our services and support
• Improving our software functionality and user experience
• Ensuring security and preventing fraud
• Complying with legal obligations and regulatory requirements
• Marketing our services (with your consent)

3. Legal Basis for Processing

We process your personal information based on the following legal grounds:

• Contract Performance: To provide our HR software services
• Legitimate Interests: To improve our services and ensure security
• Legal Obligation: To comply with applicable laws and regulations
• Consent: For marketing communications and non-essential cookies

4. Information Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

• Service Providers: With trusted third parties who assist in providing our services
• Legal Requirements: When required by law or to protect our rights
• Business Transfers: In connection with mergers, acquisitions, or asset sales
• Your Organization: Employee data is accessible to authorized users within your organization

5. Data Security

We implement industry-standard security measures to protect your information:

• Encryption of data in transit and at rest
• Multi-factor authentication for account access
• Regular security audits and penetration testing
• Access controls and employee training
• Incident response and breach notification procedures

6. Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations:

Data Type	Retention Period	Purpose
Account Information	Duration of service + 7 years	Service provision and legal compliance
Employee HR Data	As directed by customer	Customer's business requirements
Usage Analytics	2 years	Service improvement and analytics
Support Communications	3 years	Support history and quality assurance

7. Your Privacy Rights

Depending on your location, you may have the following rights:

• Access: Request a copy of your personal information
• Rectification: Correct inaccurate or incomplete information
• Erasure: Request deletion of your personal information
• Portability: Receive your data in a machine-readable format
• Restriction: Limit how we process your information
• Objection: Object to processing based on legitimate interests
• Withdraw Consent: Remove consent for marketing or cookies

8. International Data Transfers

We may transfer your information to countries outside your residence. When we do so, we ensure appropriate safeguards are in place:

• Adequacy decisions by relevant authorities
• Standard contractual clauses approved by the European Commission
• Binding corporate rules for intra-group transfers
• Certification schemes and codes of conduct

9. Children's Privacy

Our HR software services are not intended for individuals under 16 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will take steps to delete it promptly.

10. Third-Party Services

Our website and services may contain links to third-party websites or integrate with external services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any information.

11. California Privacy Rights

California residents have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information we collect and how it's used
• Right to delete personal information (subject to exceptions)
• Right to opt-out of the sale of personal information
• Right to non-discrimination for exercising CCPA rights

We do not sell personal information as defined by the CCPA.

12. Updates to This Policy

We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will:

• Update the "Last updated" date
• Notify you via email or prominent website notice
• Obtain your consent where required by law
• Provide a summary of key changes

13. Data Protection Officer

We have appointed a Data Protection Officer to monitor compliance with data protection laws and serve as a point of contact for privacy matters. You can reach our DPO at support@cfrappe.com.