1. Introduction
SparkSoft ("we", "our") operates the Teamyo platform. This Privacy Policy explains how we collect, use, and protect your information when you use our services.
By using Teamyo, you agree to the collection and use of information in accordance with this policy.
2. Information We Collect
Information provided by the user:
- Account information (name, email)
- Profile information (photo, department)
- Content you submit through the service
Information collected automatically:
- Usage data and interaction with the service
- Device and browser information
- IP address and approximate location data
Time Clock feature (when enabled by your organisation):
- Clock in/out timestamps and work location type
- GPS coordinates and address (if location capture is enabled)
- IP address at time of clock action
- Biometric verification status (whether verification occurred, not biometric data itself)
3. How We Use Your Information
We use the information collected to:
- Provide, maintain, and improve our services
- Process transactions and send related notifications
- Respond to your requests and provide support
- Send technical communications, updates, and security alerts
- Monitor and analyse trends and usage
- Detect, investigate, and prevent fraudulent activities
4. Information Sharing
We do not sell your personal information. We may share information in the following circumstances:
- With your organisation: Information necessary for absence management
- Service providers: Third parties that help us operate the service
- Legal requirements: When required by law or to protect rights
- Business transfers: In case of merger, acquisition, or sale of assets
5. Data Retention
We retain your information while your account is active or as needed to provide services, comply with legal obligations, resolve disputes, and enforce agreements.
6. Time Clock & Biometric Verification
When your organisation enables the Time Clock feature, the following applies:
Location Data:
- If enabled by your organisation, we may capture GPS coordinates when you clock in/out
- Location data is used to verify you are at an authorised work location
- You will be prompted for location permission by your browser/device
- You can deny location access, though this may prevent clock actions if required by your organisation
Biometric Verification (Face ID / Touch ID / Fingerprint):
- If enabled by your organisation, you may be asked to verify your identity using your device's biometric features
- Your biometric data (fingerprint, face scan) is NEVER transmitted to our servers
- Biometric verification happens entirely on your device using industry-standard WebAuthn technology
- We only receive confirmation that verification was successful or failed
- We record whether biometric verification occurred (true/false) for audit purposes
- This feature is used to prevent "buddy punching" (one employee clocking for another)
Your choices:
- Biometric verification uses your device's built-in security (Face ID, Touch ID, Fingerprint, Windows Hello)
- If your device doesn't support biometrics and your organisation allows fallback, you can still clock in/out
- Contact your organisation's administrator if you have concerns about these features
7. Third-Party Calendar Integration (Google Calendar, Microsoft Outlook)
Teamyo offers optional integration with third-party calendar services to sync your approved holidays. This section describes how we handle data from these services.
What Data We Access:
- We request permission to create, update, and delete calendar events in your connected calendar
- We access your email address to identify your account
- We do NOT read your existing calendar events - we only create events for your approved holidays
How We Use This Data:
- To create calendar events when your holiday requests are approved
- To update events if holiday dates change
- To delete events if holidays are cancelled
- Events are created as "Out of Office" entries to show your availability to colleagues
How We Store This Data:
- OAuth access tokens and refresh tokens are stored encrypted in our database
- Tokens are only used to sync calendar events on your behalf
- We store the external event ID to update or delete events later
Data Sharing:
- Your calendar tokens and data are not shared with any third parties
- We only communicate with Google/Microsoft APIs to manage your calendar events
Your Control:
- Calendar integration is entirely optional - you choose whether to connect
- You can disconnect your calendar at any time from your profile settings
- When you disconnect, all synced holiday events are deleted from your external calendar
- Your OAuth tokens are immediately revoked and deleted from our systems
- You can also revoke access directly from your Google or Microsoft account settings
8. Security
We implement appropriate technical and organisational security measures to protect your information against unauthorised access, alteration, disclosure, or destruction. However, no method of transmission over the Internet is 100% secure.
9. Your Rights
Depending on your location, you may have rights regarding your personal data, including:
- Access and receive a copy of your data
- Rectify incorrect information
- Request deletion of your data
- Object to or restrict processing
- Data portability
To exercise these rights, contact us at privacy@teamyo.app.
10. Cookies
We use cookies and similar technologies to operate and improve the service. You can control cookie preferences through your browser settings. See our Cookie Policy for more details.
11. International Transfers
Your information may be transferred and processed on servers located outside your country of residence. We take steps to ensure your data receives adequate protection.
12. Changes to This Policy
We may update this policy periodically. We will notify you of significant changes through the service or by email. Continued use after changes constitutes acceptance.
13. Contact
For questions about this Privacy Policy:
SparkSoft
Email: privacy@teamyo.app