Privacy Policy

Last Updated: 14 April 2025

1. Introduction

Welcome to HRSaathi (the “Platform”), operated by Skysoft IT Services Pvt. Ltd. (“we,” “us,” or “our”), a CMMI Level 3 and ISO 27001:2013 certified company. This Privacy Policy explains how we collect, use, disclose, process, and safeguard your information when you use our Platform, including both the HRSaathi web platform and mobile application.

This Privacy Policy is designed to help you understand:

  • What personal information do we collect
  • How do we use your information
  • How do we share your information
  • How do we protect your information
  • Your rights regarding your information
  • How to contact us with questions

By accessing or using HRSaathi, you acknowledge that you have read, understood, and agree to the terms of this Privacy Policy. If you do not agree with our practices, please do not use the Platform.

2. Information We Collect

We collect the following types of information:

2.1 Personal Information

  • Identity Information: Full name, email address, phone number, job title, company details, profile photos
  • Authentication Information: Login credentials (username and password)
  • Government-issued Identification: For verification purposes, where required by law or for specific functionality
  • Financial Information: Bank account details, tax identification numbers (for payroll processing)

2.2 Employee and HR Data

  • Employment Records: Name, contact details, department, position, employment history, education, skills
  • Attendance Data: Clock-in/out times, work hours, shift schedules, overtime records
  • Leave Management Data: Applied leaves, approvals, leave balances, leave history
  • Payroll Information: Salary details, tax information, allowances, deductions
  • Performance Data: Evaluations, feedback, goals, achievements

2.3 Location Data

  • Precise Location: GPS-based location when using geo-attendance features (with your permission)
  • Approximate Location: General location based on IP address or network information

2.4 Media and Files

  • Photos and Videos: Profile pictures, uploaded documents, scanned records
  • Audio Files: Voice recordings, audio notes, music files, and other audio content
  • Documents and Files: PDF files, spreadsheets, presentations, and other uploaded documents

2.5 Usage and Technical Data

  • Device Information: IP address, browser type, operating system, device model, unique device identifiers
  • Activity Data: Login timestamps, session duration, feature usage, actions performed
  • Cookies and Tracking Technologies: Cookies, web beacons, pixels, and similar technologies
  • Log Data: Error reports, performance data, system activity, hardware settings

2.6 Communication Data

  • Messages: Emails, in-app messages, support requests
  • Notifications: Information about notifications sent via WhatsApp, email, or SMS
  • Feedback: Surveys, suggestions, reported issues

3. How We Collect Information

We collect information through various methods:

3.1 Direct Collection

  • Information you provide when registering an account
  • Data entered while using the Platform’s features
  • Information submitted through forms, uploads, or communications

3.2 Automated Collection

  • Cookies and similar tracking technologies
  • Server logs and analytics tools
  • Mobile device permissions (when granted)

3.3 Third-Party Sources

  • Information from your employer (if HRSaathi is provided by your organization)
  • Integration with other HR systems or applications (with proper authorization)
  • Public sources, where permitted by law
  •  

4. Legal Basis for Processing (Under GDPR)

We process your personal information based on the following legal grounds:

  • Contractual Necessity: To perform our contractual obligations to you
  • Legitimate Interests: For our legitimate business interests, such as providing and improving our services
  • Legal Compliance: To comply with applicable laws and regulations
  • Consent: With your explicit consent, where required by law
  • Vital Interests: To protect your vital interests or those of another person

5. How We Use Your Information

We use the collected information for the following purposes:

5.1 Service Provision and Administration

  • Creating and managing user accounts
  • Authenticating users and maintaining account security
  • Processing attendance, leave requests, and payroll
  • Generating reports and analytics for HR management
  • Providing employee self-service features

5.2 Communication and Notifications

  • Sending system notifications, alerts, and important updates
  • Delivering information about your account, requests, or approvals
  • Responding to your inquiries and support requests
  • Sending service-related announcements

5.3 Platform Improvement and Development

  • Enhancing existing features and developing new ones
  • Analyzing usage patterns to improve user experience
  • Conducting research and development
  • Troubleshooting issues and fixing bugs

5.4 Legal and Compliance Purposes

  • Ensuring compliance with applicable laws and regulations
  • Responding to legal requests from authorities
  • Enforcing our Terms and Conditions
  • Protecting our rights, privacy, safety, or property

5.5 Location-Based Services

  • Enabling geo-attendance functionality
  • Verifying employee location during work hours (when enabled)
  • Supporting location-based analytics and reporting

5.6 Media and File Management

  • Storing and processing user-uploaded photos, videos, and documents
  • Facilitating file sharing and collaboration
  • Managing profile photos and organizational documents

6. Data Sharing and Disclosure

We respect your privacy and do not sell or rent your personal information to third parties. However, we may share your information in the following circumstances:

6.1 Service Providers and Business Partners

  • Cloud hosting and storage providers
  • Payment processors for subscription billing
  • SMS, email, and communication service providers
  • Analytics and monitoring services
  • IT and security service providers

All third-party service providers are contractually obligated to use your information only for providing services to us and in compliance with applicable data protection laws.

6.2 Within Your Organization

  • For customers using HRSaathi as an organization, authorized administrators and managers within your organization may access certain employee information as required for HR management purposes.

6.3 Legal Requirements

  • Government authorities or law enforcement agencies, when required by law
  • In response to legal process or court orders
  • To protect our rights, privacy, safety, or property
  • To investigate, prevent, or take action regarding illegal activities, suspected fraud, or violations of our Terms

6.4 Business Transfers

  • In connection with a merger, acquisition, reorganization, bankruptcy, or sale of assets, in which case personal information may be transferred as a business asset

6.5 With Your Consent

  • With your explicit consent or at your direction
  • When you choose to share information through the Platform

7. Data Security

We implement industry-standard security measures to protect your information:

7.1 Technical Safeguards

  • Encryption: Data is encrypted during transmission (TLS/SSL) and at rest
  • Access Controls: Strict access controls and authentication mechanisms
  • Network Security: Firewalls, intrusion detection, and prevention systems
  • Regular Security Testing: Vulnerability assessments and penetration testing

7.2 Organizational Measures

  • Employee Training: Regular security awareness training for all staff
  • Access Limitations: Access to personal data is limited to authorized personnel
  • Security Policies: Comprehensive information security policies and procedures
  • Regular Audits: Periodic security audits to ensure compliance with ISO 27001:2013 standards

7.3 Data Breach Procedures

We have procedures in place to detect, report, and investigate suspected personal data breaches. In the event of a breach that may affect your personal information, we will notify you and relevant authorities as required by applicable law.

7.4 Limitations

While we implement appropriate security measures, no method of transmission over the Internet or electronic storage is 100% secure. Users are responsible for maintaining the security of their account credentials and should report any suspected unauthorized access immediately.

8. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

8.1 Access and Portability

  • Request access to the personal information we hold about you
  • Receive a copy of your data in a structured, commonly used, and machine-readable format

8.2 Correction and Update

  • Correct inaccurate or incomplete personal information
  • Update your personal details when they change

8.3 Deletion and Restriction

  • Request deletion of your personal data (subject to legal obligations)
  • Request restriction of processing in certain circumstances

8.4 Objection and Withdrawal of Consent

  • Object to processing based on legitimate interests
  • Withdraw consent previously given for specific processing activities

8.5 Notification Preferences

  • Opt out of certain non-essential communications
  • Manage notification preferences within the Platform

8.6 Device Permissions

  • Manage app permissions through your device settings
  • Control access to location, camera, storage, and other device features

To exercise these rights, please contact us using the information provided in Section 14. We will respond to your request within the timeframe required by applicable law.

9. Cookies and Tracking Technologies

9.1 Types of Cookies We Use

  • Essential Cookies: Required for the Platform to function properly
  • Functional Cookies: Enable enhanced functionality and personalization
  • Analytics Cookies: Help us understand how users interact with the Platform
  • Performance Cookies: Collect information about Platform performance

9.2 Your Cookie Choices

You can control cookies through your browser settings, which allow you to:

  • Block certain types of cookies
  • Delete existing cookies
  • Set preferences for certain websites

Please note that blocking some types of cookies may impact your experience on the Platform and limit certain functionalities.

10. Data Retention

10.1 Retention Period

We retain your personal information for as long as necessary to:

  • Provide the services you requested
  • Fulfill the purposes outlined in this Privacy Policy
  • Comply with legal and regulatory obligations
  • Resolve disputes
  • Enforce our terms and agreements

10.2 Account Deletion

When you delete your account or request deletion of your data, we will delete or anonymize your personal information within a reasonable time, unless:

  • We are required to retain it for legal or regulatory compliance
  • Retention is necessary to protect our legal rights or legitimate interests
  • The data has been anonymized and no longer identifies you

11. International Data Transfers

As a global service, we may transfer, store, and process your information in countries other than your country of residence, including India and other countries where we or our service providers operate.

We ensure that any international transfers are conducted in accordance with applicable data protection laws, including implementing appropriate safeguards such as:

  • Standard Contractual Clauses approved by relevant authorities
  • Ensuring recipients adhere to adequate data protection standards
  • Obtaining your consent where required

12. Third-Party Links and Services

The Platform may contain links to third-party websites, applications, or services that are not owned or controlled by us. This Privacy Policy applies only to our Platform. We are not responsible for the privacy practices or content of any third-party sites. We encourage you to review the privacy policies of any third-party sites you visit.

13. Children's Privacy

The Platform is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us. If we become aware that we have collected personal information from a child without verification of parental consent, we will take steps to remove that information from our servers.

14. Device Permissions

Our mobile application may request the following permissions to provide core functionality:

14.1 Storage Permissions

  • Purpose: To allow uploading and sharing of photos, videos, documents, and other files
  • Impact: Enables features like profile photo uploads, document sharing, and file attachments

14.2 Location Permissions

  • Purpose: To enable location-based features like geo-attendance
  • Impact: Records location data when checking in/out and for location verification

14.3 Camera Permissions

  • Purpose: To enable profile photo captures and document scanning
  • Impact: Allows taking photos directly within the app for various features

14.4 Microphone Permissions

  • Purpose: To enable voice notes and audio recording features
  • Impact: Allows recording audio content within the app

You can manage these permissions through your device settings at any time. Denying certain permissions may limit specific features, but will not prevent you from using the platform’s core functionality.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. The updated policy will be posted on the Platform with a revised “Last Updated” date.

We will notify you of any material changes through:

  • A notice on the Platform
  • Email notifications (for registered users)
  • App notifications (for mobile app users)

We encourage you to review this Privacy Policy periodically to stay informed about our information practices. Your continued use of the Platform after any modifications indicates your acceptance of the updated Privacy Policy.

16. Compliance with Data Protection Laws

We comply with applicable data protection laws, including:

  • The Information Technology Act, 2000 (India)
  • The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (India)
  • The Digital Personal Data Protection Act, 2023 (India)
  • General Data Protection Regulation (GDPR) (where applicable)
  • California Consumer Privacy Act (CCPA) (where applicable)

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: We will respond to your inquiry within a reasonable timeframe and in accordance with applicable data protection laws.