WORK OS
PRIVACY POLICY
Embedded Files
Privacy Policy
Privacy Policy
Work OS — Workforce Management Platform
Effective Date: March 5, 2026
Last Updated: March 5, 2026
1. Introduction
1. Introduction
Welcome to Work OS ("App", "we", "our", or "us"). Work OS is a multi-tenant workforce management platform designed for organizations to manage employees, attendance, tasks, leave requests, and reports.
This Privacy Policy explains what information we collect, how we use it, who we share it with, and what rights you have over your data. By using the Work OS application, you agree to the practices described in this policy.
This policy applies to all users of the App — including organization administrators, HR personnel, and employees.
2. Who We Are
2. Who We Are
Work OS is operated as a B2B SaaS workforce management tool. Each organization that uses Work OS is a separate tenant. Within each tenant, there are three roles:
Admin — the organization owner who creates and manages the workspace.
HR — manages employees, attendance, and requests within the organization.
Employee — an individual member of the organization.
The organization's Admin acts as the primary data controller for all employee data within their tenant. Work OS acts as the data processor.
3. Information We Collect
3. Information We Collect
3.1 Information You Provide Directly
3.1 Information You Provide Directly
Account information: Full name, work email address, phone number, designation, department.
Employee profile data: Father's name, date of birth, national ID card number, blood group, emergency contact name, emergency contact phone, emergency contact relation, alternate phone number, home address.
Banking/payroll information: Bank name, account title, IBAN, branch code (collected for payroll purposes by the organization admin).
Profile photo: An optional photograph uploaded by the user or their administrator.
Organization data: Company name, industry type, and related setup information entered during organization registration.
3.2 Information Collected Automatically
3.2 Information Collected Automatically
Device information: Device model, operating system version, and unique device identifiers (collected via device_info_plus).
App version and build information: Collected via package_info_plus to facilitate support and version-specific features.
Usage and session data: Authentication state, last activity timestamp.
3.3 Location Information
3.3 Location Information
Work OS collects location data for the following purposes:
Geofenced attendance: The App may use your device's GPS location to verify that you are within a designated office zone when clocking in or out.
Zone status monitoring: The App periodically checks your proximity to configured office zones during active work hours.
Location data is collected using the geolocator package and the device's GPS/network-based location services. Background location is not collected. Location is only accessed when the App is in use (foreground).
Your last known distance from the office zone is stored in Firestore as an advisory field. It has no security implications and you may request its deletion at any time.
You can disable location access in your device settings at any time. Doing so may limit the App's ability to auto-verify your attendance check-in.
3.4 Files and Media
3.4 Files and Media
Attachments: Files you upload to tasks (documents, images) are stored in Firebase Storage.
Profile photos: Images selected via the camera or photo library (image_picker, image_cropper) are uploaded to Firebase Storage.
File access: The App uses file_picker to let you attach files from your device to tasks. We access only the files you explicitly select.
3.5 Push Notifications
3.5 Push Notifications
We use Firebase Cloud Messaging (FCM) to send you push notifications about:
Task assignments and status updates.
Leave request approvals or rejections.
Attendance reminders and overdue task alerts.
You can revoke notification permission at any time from your device settings.
3.6 Authentication Data
3.6 Authentication Data
Sign-in is handled via Google Sign-In and Firebase Authentication. We do not store your Google password. We receive and store your Google account email address and a unique Firebase Auth UID to link you to your organizational profile.
4. How We Use Your Information
4. How We Use Your Information
We process personal data to create and manage your account and organizational profile on the basis of contract performance. This processing is necessary to provide access to the platform and deliver the core services agreed upon.
We record and verify attendance, including location-based clock-in where applicable, based on legitimate interest and, where relevant, contract performance. This ensures accurate time tracking, operational transparency, and compliance with workplace policies.
We assign, track, and manage task completion under the legal basis of contract performance, as these functions are essential to delivering the agreed workplace management services.
Leave requests and approvals are processed under contract performance, as this functionality is required to administer employee absences in accordance with organizational policies.
Attendance records and employee reports, including exports in PDF or CSV format, are generated under contract performance to fulfill reporting and administrative requirements.
Push notifications related to work activity are sent based on user consent. This consent is voluntary and may be withdrawn at any time without affecting the core functionality of the service.
We detect and prevent unauthorized access based on legitimate interest and security obligations. This processing is necessary to safeguard user accounts, company data, and system integrity.
App integrity and fraud prevention mechanisms, including Firebase App Check, operate under legitimate interest to protect the platform from abuse, misuse, and automated threats.
We process certain technical data to improve app stability and debug issues under the legal basis of legitimate interest. This enables continuous performance optimization and service reliability.
5. Data Storage and Security
5. Data Storage and Security
5.1 Where Data Is Stored
5.1 Where Data Is Stored
All data is stored in Google Firebase services, including:
Cloud Firestore — structured data (users, attendance, tasks, leave requests, notifications).
Firebase Storage — file attachments and profile photos.
Firebase App Check — to protect backend APIs from abuse.
Firebase infrastructure is hosted on Google Cloud and may be located in multiple geographic regions. For more information, see Google Firebase's privacy page.
5.2 Security Measures
5.2 Security Measures
Firestore Security Rules enforce row-level access control. Employees can only access their own data; admins can only access data within their own organization. No cross-tenant data access is possible.
Firebase App Check verifies that requests come from genuine instances of the App.
Role-based access control is enforced at both the client and server (Firestore rules + Cloud Functions).
Organization immutability: An employee's organizationId cannot be changed after account creation. A Cloud Function independently enforces this and writes a security violation to audit logs if any attempt is made.
Forced logout is triggered immediately if an administrator deactivates an account, even if the user is currently logged in.
Data in transit is encrypted using TLS. Data at rest is encrypted by Firebase/Google Cloud.
5.3 Data Retention
5.3 Data Retention
Active user data is retained for as long as the account exists within the organization.
Deleted tasks are soft-deleted for 30 days, then permanently purged by a nightly Cloud Function.
FCM deduplication records are purged after 24 hours.
Organizations may request full data deletion by contacting us (see Section 9).
6. Who We Share Your Data With
6. Who We Share Your Data With
We do not sell your personal data.
We share data only in the following circumstances:
Google Firebase
Purpose: Cloud infrastructure, database management, storage, authentication, and push notifications.
Google Sign-In
Purpose: User authentication and secure login.
Your Organization’s Admin/HR
Purpose: To view and manage employee profiles, attendance records, and task-related data within their respective organization.
Law enforcement authorities
Purpose: Disclosure only if legally required under a valid court order or applicable law.
All third-party services used by Work OS are listed in Section 10.
7. Your Rights
7. Your Rights
Depending on your jurisdiction, you may have some or all of the following rights:
Access: Request a copy of your personal data held by Work OS.
Correction: Request correction of inaccurate data (employees may also update their own profile within the App).
Deletion: Request deletion of your account and personal data. Note that your organization's admin may also independently delete your account.
Portability: Request your data in a machine-readable format.
Withdraw consent: Withdraw consent for location access or push notifications at any time via device settings.
Object: Object to certain processing activities based on legitimate interest.
Employees: Many of these rights can be exercised directly inside the App (e.g., editing your profile). For account deletion or full data export, contact your organization's admin or contact us directly.
Organization Admins: You are responsible for ensuring that your employees are informed about this policy and that data collection complies with applicable laws in your jurisdiction.
8. Children's Privacy
8. Children's Privacy
Work OS is intended for use by working adults within an employment context. We do not knowingly collect data from individuals under the age of 16. If you believe a minor's data has been submitted, please contact us immediately.
9. Contact Us
9. Contact Us
For any privacy-related questions, data requests, or to report a concern:
Email: raoahmad.r.22@gmail.com
App: Work OS
Response time: We aim to respond to all requests within 30 days.
10. Third-Party Services Used
10. Third-Party Services Used
Firebase Authentication
Purpose: User sign-in
Privacy Policy: https://firebase.google.com/support/privacy
Cloud Firestore
Purpose: Database
Privacy Policy: https://firebase.google.com/support/privacy
Firebase Storage
Purpose: File storage
Privacy Policy: https://firebase.google.com/support/privacy
Firebase Cloud Messaging
Purpose: Push notifications
Privacy Policy: https://firebase.google.com/support/privacy
Firebase App Check
Purpose: API integrity
Privacy Policy: https://firebase.google.com/support/privacy
Google Sign-In
Purpose: Authentication
Privacy Policy: https://policies.google.com/privacy
Google Cloud Functions
Purpose: Server-side logic
Privacy Policy: https://cloud.google.com/terms/cloud-privacy-notice
11. Changes to This Policy
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the Last Updated date at the top. If changes are material, we will notify organization admins via in-app notification or email. Continued use of the App after changes constitutes acceptance of the updated policy.
12. Governing Law
12. Governing Law
This Privacy Policy is governed by the laws of the jurisdiction in which the organization operating Work OS is registered. If you have questions about the applicable law, please contact us.
Work OS V1.0.0 — Build 1
Page updated
Google Sites
Report abuse