Privacy Policy

1. Introduction & Scope

2. Information We Collect

3. How We Use Your Information

We use the personal information we collect to:

• Provide workforce management services, including time and attendance tracking, employee scheduling, payroll processing, and paid time off management
• Process payroll and generate tax documents, including T4 slips and Records of Employment
• Verify clock-in and clock-out locations to support employer compliance and attendance policies
• Send transactional communications via email, SMS, and push notifications, such as shift reminders, schedule updates, and payroll notifications
• Authenticate your identity and secure your account through password-based login, one-time passcodes (OTP), Google Sign-In, or Apple Sign-In
• Monitor and resolve application errors through our error tracking service to maintain service reliability
• Process subscription payments for employer accounts

4. How We Share Your Information

We do not sell your personal information. We share your information only in the following circumstances:

5. Location Data

We understand that location data is sensitive. Here is how we handle it:

• Location data is collected only in the foreground when you explicitly tap the clock-in or clock-out button
• We do not perform background location tracking at any time
• We collect high-accuracy GPS coordinates along with a reverse-geocoded street address
• Location data is shared with your employer as part of your time tracking records to verify attendance
• You can deny location permission on your device at any time; however, your employer may require location verification for clock-in and clock-out, and this functionality may be restricted without location access

6. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

• Encryption at rest: Sensitive data, including Social Insurance Numbers and bank account details, is encrypted at rest
• Secure device storage: Authentication tokens are stored using platform-native secure storage (iOS Keychain and Android Keystore)
• Encryption in transit: All data transmitted between your device and our servers is encrypted using HTTPS/TLS
• Log protection: Authorization headers and sensitive credentials are automatically stripped from error logs
• Access controls: Role-based access control ensures that users can only view data they are authorized to access
• Session management: Sessions are authenticated with configurable expiry to limit exposure

While we strive to protect your personal information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

7. Data Retention

We retain your personal information for the following periods:

When personal information is no longer required for the purposes for which it was collected, or when the applicable retention period expires, we securely delete or anonymize the data.

8. Your Rights Under PIPEDA

As a user in Canada, you have the following rights under PIPEDA:

• Right of access: You may request a copy of the personal information we hold about you
• Right of correction: You may request that we correct any inaccurate or incomplete personal information
• Right to withdraw consent: You may withdraw your consent for non-essential data processing at any time, subject to legal or contractual restrictions
• Right to deletion: You may request the deletion of your account and associated personal data by emailing [email protected]
• Right to complain: If you are not satisfied with our response to your privacy concerns, you have the right to file a complaint with the Office of the Privacy Commissioner of Canada

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days.

9. Cookies & Session Technologies

Our Services use the following session technologies:

• Essential session cookies: Used for authentication and maintaining your logged-in state. These cookies are HTTP-only and configured with SameSite: Lax for security.
• No advertising or tracking cookies: We do not use any advertising cookies, retargeting pixels, or similar tracking technologies.
• No third-party analytics cookies: We do not use Google Analytics or any other third-party analytics services that place cookies on your device.

10. Children's Privacy

NumaTrack is a business-to-business (B2B) workforce management platform. Our Services are not directed at and are not intended for use by individuals under the age of 18. We do not knowingly collect personal information from minors. If we become aware that we have collected personal information from a person under 18, we will take steps to delete that information promptly.

11. Third-Party Links

Our Services may contain links to third-party websites, employer systems, or external services. We are not responsible for the privacy practices or content of these third-party sites. We encourage you to review the privacy policies of any third-party services you access through our platform.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by:

• Sending a notification to the email address associated with your account, or
• Displaying a prominent notice within the app

Your continued use of the Services after the effective date of a revised Privacy Policy constitutes your acceptance of the changes. We encourage you to review this policy periodically.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: