Privacy Policy

1. Who We Are

TeamsMaster (operated by DigiGyaani Pvt. Ltd., hereinafter "TeamsMaster", "we", "our", "us") is a Software-as-a-Service ("SaaS") platform offering voice-first attendance, HR, payroll, CRM, task management, AI assistants, and related productivity tools to organisations and their employees worldwide. This Privacy Policy explains how we handle personal information that we collect from visitors, customers (companies), and end users (employees) of our website www.teamsmaster.com and our mobile applications.

2. Information We Collect

2.1 Information you provide

• Account data: name, email address, phone number, password (hashed), profile photo, role, designation, branch.
• Company data: company name, address, GSTIN, branding (logo, colours), branch locations, billing details.
• Employee data: employee names, employee IDs, designations, salary structure (when payroll is enabled), shift schedules, leave balances.
• Operational content: tasks, projects, clients, invoices, expenses, proposals, contracts, attendance records, voice transcripts.
• Communications: emails sent through the platform, support requests, feedback.

2.2 Information we collect automatically

• Device & usage data: IP address, browser type, OS, mobile device model, OS version, app version, time-zone, language, log files, click-stream.
• Location data: geographic coordinates captured when an employee performs an attendance check-in or check-out (only when geofencing is enabled by their company). Location is used solely to verify that a punch occurred within the allowed branch radius and is not used for continuous tracking.
• Selfie/photo data: Selfies captured at check-in/out (only when selfie verification is enabled). Stored as base64 image attached to that attendance record.
• Voice data: Audio recordings or voice transcripts created when an employee uses the voice command feature (e.g., "create invoice for Acme ₹50,000"). Used solely to fulfil the requested action and produce a text transcript; not used to train third-party models.
• Cookies & tokens: JWT authentication tokens stored in browser/secure storage for session management. We use minimal first-party cookies; no third-party advertising cookies.

2.3 Information from third parties

• Payment processors (e.g., Razorpay) provide payment confirmation; we do not store full card numbers.
• Cloud storage providers (e.g., Bunny CDN) host static media uploads on our behalf.
• AI providers (OpenAI, Google, Anthropic via Emergent Integrations) process voice transcripts to interpret commands; the providers' privacy terms apply to their processing.

3. How We Use Your Information

We use personal information to:

• Authenticate users and provide the requested service (attendance, payroll, voice commands, etc.).
• Calculate working hours, attendance compliance, payroll, and generate reports for the company admin.
• Process payments, generate invoices, and manage subscription billing.
• Send transactional emails (e.g., task assignment, leave approval, invoice email, password reset).
• Send push notifications related to tasks and attendance.
• Improve, secure, and debug the service; detect fraud and abuse.
• Comply with legal obligations and respond to law-enforcement requests where required.

4. Legal Basis (GDPR / DPDP Act)

Where the EU GDPR or the Indian DPDP Act, 2023 applies, our legal bases for processing are:

• Contract performance — we need to process attendance, payroll, and account data to deliver the service the company has contracted us for.
• Legitimate interests — securing the platform, preventing fraud, basic analytics.
• Consent — for optional features (e.g., voice recording, location-based check-in, marketing emails).
• Legal obligation — tax records, statutory payroll registers.

5. Data Sharing & Disclosure

We do not sell or rent personal information. We share data only with:

• Your employer/organisation — your attendance, tasks, and payroll data is visible to your company's authorised administrators.
• Service providers who process data on our behalf under written contracts (hosting, payment processors, transactional email, SMS, push notifications, AI inference). They are bound to confidentiality and security.
• Authorities when required by law, court order, or to protect rights, safety, or property.
• Successors in case of merger, acquisition, or asset sale — under equivalent privacy commitments.

6. Data Retention

We retain personal data only as long as necessary to provide the service and to comply with legal obligations:

• Active account data — for the duration of the customer subscription.
• Attendance, payroll, and invoice records — minimum 7 years after the financial year of creation, as required by Indian tax and labour laws.
• Voice transcripts & selfies — 12 months by default; the company admin may configure shorter retention.
• Backups — encrypted backups retained for up to 30 days then rotated.

On verified deletion requests, we anonymise or remove personal data within 30 days unless we are required to keep it for legal purposes.

7. Security

We implement reasonable technical and organisational measures to protect your data:

• HTTPS/TLS in transit; AES-256 at rest for sensitive media.
• Bcrypt-hashed passwords; JWT with short-lived tokens.
• Role-based access control with per-action permissions.
• Sealed-box encrypted secrets in CI/CD; principle of least privilege for production access.
• Routine vulnerability patching and dependency updates.

No system is 100% secure. In the event of a personal data breach affecting you, we will notify you and the relevant supervisory authority within the timeline required by applicable law.

8. International Transfers

Our primary servers are located in India. Some processing (e.g., AI inference) may occur on servers in the United States or the European Union via our service providers. Where transfers occur outside your jurisdiction, we rely on Standard Contractual Clauses or equivalent legal mechanisms.

9. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access — request a copy of the personal data we hold about you.
• Rectification — correct inaccurate or incomplete data.
• Erasure — request deletion of your data, subject to legal retention obligations.
• Restriction — limit how we use your data.
• Portability — receive your data in a machine-readable format.
• Object — to processing based on legitimate interests or for marketing.
• Withdraw consent — for any consent-based processing.
• Lodge a complaint with a supervisory authority.

To exercise any of these rights, please email privacy@teamsmaster.com. If you are an employee of a TeamsMaster customer, please first contact your company's admin since they are the data controller of your workplace data.

10. Children's Privacy

TeamsMaster is intended for organisational use only. We do not knowingly collect data from individuals under 18. If you believe a minor has provided us personal data, contact us and we will delete it.

11. Cookies & Tracking

We use only essential first-party cookies/storage required for authentication and preferences. We do not use third-party advertising or cross-site tracking cookies. The marketing site uses privacy-respecting analytics where available.

12. Changes to this Policy

We may update this Privacy Policy from time to time. The "Last Updated" date at the top will reflect the latest revision. Material changes will be communicated via email or in-product notice. Continued use of the platform after the effective date of changes constitutes acceptance.