Privacy Policy

1. Introduction

SafeKeeper ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our HR management platform. This policy complies with the EU General Data Protection Regulation (GDPR) and Irish data protection laws.

2. Data Controller

SafeKeeper is the data controller for the personal data we process. For any data protection queries, please contact us at:

• Email: privacy@safekeeper.work
• Address: SafeKeeper, Ireland

3. Information We Collect

3.1 Account Information

• Name and email address
• Company/organization name
• Password (encrypted)
• Payment information (processed by Stripe, not stored by us)

3.2 Employee Data

• Employee names, contact information, and employment details
• Training records and certifications
• Compliance documentation
• Time and attendance records
• Leave requests and approvals
• Documents uploaded by you

3.3 Usage Information

• IP address and browser information
• Pages visited and features used
• Date and time of access
• Device information

4. How We Use Your Information

We use your information for the following purposes:

• Service Delivery: To provide and maintain our HR management platform
• Account Management: To manage your account and subscription
• Communication: To send important updates, notifications, and support messages
• Compliance: To help you maintain compliance with employment laws and regulations
• Security: To protect against unauthorized access and maintain data security
• Analytics: To improve our service and user experience (aggregated, anonymized data only)
• Legal Obligations: To comply with legal requirements and protect our rights

5. Legal Basis for Processing (GDPR)

We process your personal data based on:

• Contract Performance: Processing necessary to provide our services to you
• Legitimate Interests: Improving our service, fraud prevention, and security
• Legal Obligation: Complying with legal and regulatory requirements
• Consent: Where you have explicitly given consent (e.g., marketing communications)

6. Data Sharing and Disclosure

We do not sell your personal data. We may share data with:

6.1 Service Providers

• Supabase: Database and authentication (EU servers)
• Vercel: Hosting and infrastructure (EU/Ireland)
• Stripe: Payment processing (PCI DSS compliant)

6.2 Legal Requirements

We may disclose your information if required by law, court order, or to protect our rights or the rights of others.

7. Data Storage and Security

7.1 Storage Location

All data is stored in secure data centers within the European Union (Ireland/EU region), ensuring compliance with EU data protection laws.

7.2 Security Measures

• AES-256 encryption for data at rest
• TLS 1.3 encryption for data in transit
• Role-based access control (RBAC)
• Regular security audits and updates
• Daily automated backups
• Multi-factor authentication option

8. Data Retention

We retain your personal data for as long as necessary to provide our services and comply with legal obligations:

• Active Accounts: Data retained while account is active
• Deleted Accounts: 30-day grace period, then permanently deleted
• Audit Logs: Retained for 7 years for compliance purposes
• Backup Data: Automatically deleted after 30 days

9. Your Rights Under GDPR

You have the following rights:

• Right to Access: Request a copy of your personal data (available in Settings → Export Data)
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data (available in Settings → Delete Account)
• Right to Restriction: Request limitation of data processing
• Right to Data Portability: Receive your data in a machine-readable format
• Right to Object: Object to certain types of processing
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
• Right to Lodge a Complaint: File a complaint with the Irish Data Protection Commission

To exercise these rights, contact us at privacy@safekeeper.work or use the self-service features in your account settings.

10. Cookies and Tracking

We use cookies for:

• Essential Cookies: Required for authentication and security (cannot be disabled)
• Functional Cookies: Remember your preferences (e.g., dark mode)
• Analytics Cookies: Understand how you use our service (only with consent)

You can manage your cookie preferences through your browser settings or our cookie consent banner.

11. Children's Privacy

SafeKeeper is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children.

12. International Data Transfers

All data is stored within the EU. We do not transfer personal data outside the European Economic Area (EEA) unless necessary and with appropriate safeguards in place (e.g., EU Standard Contractual Clauses).

13. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours as required by GDPR.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through our platform. Continued use of our service after changes constitutes acceptance of the updated policy.

15. Contact Us

For any questions about this Privacy Policy or to exercise your data rights, contact us:

• Email: privacy@safekeeper.work
• Data Protection Officer: dpo@safekeeper.work
• Support: support@safekeeper.work

16. Supervisory Authority

If you have concerns about our data practices, you have the right to lodge a complaint with: