Privacy Policy

This Privacy Policy explains how Clockspot, Inc. ("Clockspot," "we," "us") collects, uses, shares, and protects your information when you use our time tracking platform (the "Service").

Key points:

• You own your data. We never sell it.
• We collect only what's needed to provide the service.
• GPS is event-based — we record location at clock-in/out, never continuously.
• You can export or delete your data at any time.
• We don't use your data for advertising.

Clockspot is operated by Clockspot, Inc. For privacy questions, contact us at privacy@clockspot.com.

Our role: When an employer uses Clockspot to track employee time, the employer is the data controller (they decide what data to collect and why) and Clockspot is the data processor (we process data on the employer's behalf to provide the service).

Account data: Name, email address, company name, and billing information when you sign up.

Employee profile data: Name, email, role, department, and pay rate — as provided by your employer's administrator.

Time tracking data: Clock-in and clock-out times, hours worked, breaks, job assignments, notes, and custom field entries.

Location data (optional): GPS coordinates recorded at the moment of a clock event (clock-in, clock-out, break start/end). This is only collected when the employer enables GPS features AND the employee grants device-level location permission. We do not track routes, continuous movement, or off-duty location.

Device and usage data: Browser type, operating system, IP address, pages visited, and feature usage. Collected automatically to maintain and improve the service.

Payment data: Processed by our payment provider. We do not store full credit card numbers on our servers.

Communications: Support tickets, emails, and feedback you send us.

Directly from you: When you create an account, clock in/out, submit time entries, or contact support.

From your employer: When an administrator adds your profile to a workspace, configures jobs, or sets up teams.

Automatically: When you use the Service, we collect device and usage data through cookies and similar technologies.

We use your data to:

• Provide the service: Process clock events, generate timesheets, calculate hours, and run reports
• Send notifications: Timesheet reminders, approval requests, and account alerts via email and SMS
• Process payments: Bill your account and manage subscriptions
• Provide support: Respond to your questions and resolve issues
• Improve the product: Analyze usage patterns to fix bugs and build better features
• Comply with law: Respond to legal requirements, enforce our terms, and protect rights

We do not use your data for advertising, profiling, or automated decision-making that affects your employment.

If you are in the European Economic Area, we process your data under these legal bases:

• Contract performance: Processing time entries, generating reports, and providing the service you signed up for
• Legitimate interest: Product improvement, security, and fraud prevention
• Legal obligation: Tax record-keeping, responding to lawful requests
• Consent: Optional features like GPS tracking and marketing communications (you can withdraw consent at any time)

We share data with the following categories of third parties, solely to provide the Service:

• Cloud infrastructure: Hosting and database services
• Payment processing: For subscription billing
• Email and SMS: For notifications and communications
• Analytics: To understand usage patterns and improve the product
• Error tracking: To detect and fix bugs

We do not:

• Sell personal data to anyone
• Share data with advertisers
• Use employee time data for any purpose other than providing the service to their employer

We may disclose data when required by law, court order, or government request. We may also share data in connection with a merger, acquisition, or sale of assets — in which case we will notify you in advance.

Clockspot offers optional GPS verification. Here is exactly what we do and don't do:

What we collect:

• GPS coordinates at the moment of a clock event (clock-in, clock-out, break start, break end)
• Approximate accuracy of the GPS reading
• Timestamp of the reading

What we don't collect:

• Continuous location or movement tracking
• Routes or travel paths between locations
• Off-duty location data
• Location when the app is in the background

Two layers of consent:

1. The employer must enable GPS features for their workspace (it is off by default)
2. The employee must grant device-level location permission when clocking in

Employees can revoke device location permission at any time through their device settings. Without permission, clock events are recorded without location data.

Retention: Location data is retained as long as your account is active and for a reasonable period after, aligned with applicable record-keeping requirements.

For employers (workspace administrators):

• You are the data controller for your employees' data. Clockspot processes it on your behalf.
• You decide what data to collect (which features to enable, which custom fields to create).
• You are responsible for having a legal basis to collect data from your employees and for complying with applicable privacy and labor laws.
• A Data Processing Agreement (DPA) is available upon request for GDPR compliance.

For employees:

• Your employer has engaged Clockspot to track time on their behalf.
• Your employer controls what data is collected and how it is used.
• You can view your own time data through the Service.
• For data access, correction, or deletion requests, contact your employer first. If your employer is unresponsive, contact us at privacy@clockspot.com.

We retain data for as long as your account is active and for a reasonable period after, based on the type of data and applicable legal requirements:

• Time records: Retained to meet federal and state record-keeping requirements (e.g., FLSA, IRS)
• GPS/location data: Retained to support applicable wage dispute and compliance timelines
• Account and profile data: Duration of your account. You can export your data at any time.
• Payment records: As required by tax law and our payment processor
• Usage and analytics data: Retained for product improvement, periodically purged
• Support communications: Retained for quality and reference

You may request deletion of your data by contacting us. Deletion requests are subject to applicable legal record-keeping requirements. Aggregated, de-identified data may be retained indefinitely.

Depending on your location, you may have the following rights:

• Access: Request a copy of the personal data we hold about you
• Correction: Request that we correct inaccurate data
• Deletion: Request that we delete your personal data
• Export: Request your data in a portable, machine-readable format
• Restriction: Request that we limit how we process your data
• Objection: Object to processing based on legitimate interest
• Withdraw consent: Where processing is based on consent, withdraw it at any time

CCPA/CPRA rights (California residents): You have the right to know what data we collect, request deletion, request correction, and opt out of the sale of personal data. We do not sell personal data.

To exercise any of these rights, email privacy@clockspot.com. We will respond within 30 days (GDPR) or 45 days (CCPA). For employees, please contact your employer first, as they are the data controller.

Clockspot's servers and data are located in the United States. If you are accessing the Service from outside the U.S., your data will be transferred to and processed in the U.S.

For transfers of personal data from the European Economic Area, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission. A copy is available upon request.

We protect your data with:

• Encryption in transit (TLS) and at rest (AES-256)
• Role-based access controls
• Regular security assessments and code reviews
• Logging and monitoring for suspicious activity
• Incident response procedures

No system is 100% secure. If we discover a data breach that affects your personal data, we will notify you and applicable authorities as required by law.

We use the following types of cookies:

• Strictly necessary: Session and authentication cookies required for the Service to function. These cannot be disabled.
• Functional: Preference cookies that remember your settings (e.g., sidebar state, theme).
• Analytics: Usage tracking to understand how the Service is used and where to improve.

We do not use marketing or advertising cookies.

EU visitors: Non-essential cookies require your consent before activation.

Global Privacy Control: We honor GPC signals from your browser. If your browser sends a GPC signal, we treat it as an opt-out of non-essential cookies.

Clockspot is not directed at children under the age of 16. We do not knowingly collect personal data from children. If we learn that we have collected data from a child under 16, we will delete it promptly.

If you are a California resident, the following additional disclosures apply under the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA):

Categories of personal information collected in the last 12 months:

• Identifiers (name, email, IP address)
• Professional information (employer, role, department)
• Geolocation data (GPS coordinates at clock events, if enabled)
• Internet activity (usage data, feature interactions)
• Commercial information (subscription and billing data)

Categories of personal information sold: None. We do not sell personal information.

Categories of personal information shared for cross-context behavioral advertising: None.

You have the right to request access, deletion, and correction of your data, and to opt out of the sale of personal information (which we do not engage in). To make a request, email privacy@clockspot.com. We will not discriminate against you for exercising your rights.

We may update this Privacy Policy from time to time. When we make material changes, we will:

• Email account administrators at least 30 days before the changes take effect
• Post a notice within the Service
• Update the "Last Updated" date at the top of this page

We encourage you to review this policy periodically.

For privacy questions, data requests, or concerns, email us at privacy@clockspot.com.

For general support, visit our contact page.