TheCloudTree through the Service is governed by our comprehensive privacy policy outlined in this document. Your election to use the Service indicates your acceptance of all the terms, conditions, and privacy practices detailed in this comprehensive policy document. You are responsible for maintaining confidentiality of your username, password and other sensitive information.

You are responsible for all activities that occur in your user account and you agree to inform us immediately of any unauthorized use of your user account via HCMportal Support Module. We are not responsible for any loss or damage to you or to any third party incurred as a result of any unauthorized access and/or use of your user account, or otherwise.

Types of Information Collected

TheCloudTree collects several types of information about users and customers of the Service:

• Personal information such as name, email address, phone number, job title, company name, and address.
• Internet connection and equipment information, including IP address, operating system, and browser type.
• Employment and organizational data, including employee records, organizational structure, and departmental information.
• Usage information, including browsing patterns, features accessed, and time spent on the Service.

How We Collect Information

TheCloudTree collects information in multiple ways:

• Directly provided by users when registering for the Service, filling forms, or providing contact information.
• Automatically collected as users navigate and interact with the Service, including through automatic data collection technologies such as cookies and web beacons.
• From third parties, including social media, marketing platforms, and business directories.

Mobile Check-In Data Collection

When using the TheCloudTree mobile application for employee check-in processes, we collect the following types of information:

• Employee Location Data: – We capture and record the geographic location of the employee's mobile device during check-in to verify attendance and workplace presence. This location data is collected via GPS and network-based location services.
• Photographic Data for Check-In: – We capture photographs or selfies of employees during the check-in process using the mobile device's camera to verify employee identity and prevent unauthorized check-ins.
• Biometric Data - Fingerprint Authentication: – We collect and process fingerprint biometric data for employee check-in and authentication purposes. Fingerprint data is securely captured through the mobile device's biometric sensors and used only for identity verification and check-in validation. All mobile check-in data is collected with the explicit consent of employees and is subject to the same security, retention, and usage policies outlined in this Privacy Policy. Employees can manage their mobile check-in preferences through the HCMportal Support Module.

Automatic Data Collection Technologies

We use cookies, web beacons, and other tracking technologies to collect information about how you interact with the Service. These technologies help us understand usage patterns and optimize the user experience. We collect:

• Details of visits to the Service, including traffic source, pages viewed, and time spent.
• Technical information about your equipment, such as IP address, operating system, and browser type.

Cookies

Cookies are small text files stored on your browser. TheCloudTree uses cookies for the following purposes:

• Required Cookies: These enable core functionality of the Service, such as user authentication and account identification.
• Functional Cookies: These help improve and analyze the Service experience by collecting information on how visitors interact with the platform.
• Advertising Cookies: These help deliver more relevant advertising and measure campaign effectiveness.

How We Use Your Information

TheCloudTree uses the collected information for the following purposes:

• To present our website and Service and its contents to you.
• To provide you with information, products, or services that you request from us.
• To fulfil any other purpose for which you provide information.
• To carry out our obligations and enforce our rights arising from any contracts entered into with you.
• To notify you about changes to our website or Service.
• To allow you to participate in interactive features of our Service.
• For product support and customer service.
• To process transactions and send related information.
• To analyze and improve the quality and performance of the Service.

Data Security

TheCloudTree implements comprehensive security measures to protect your personal information:

• All information is stored on secure servers behind firewalls.
• Transactions are encrypted using SSL (Secure Sockets Layer) technology.
• Administrative, physical, and technical safeguards protect the security and integrity of your personal data.
• Regular security assessments and updates are performed to maintain protection standards.
• However, no method of data transmission over the Internet is 100% secure. While we take reasonable precautions, we cannot guarantee absolute security.

Disclosure of Your Information

TheCloudTree may disclose personal information in the following circumstances:

• When required by law, regulation, legal process, or another legal requirement.
• When disclosure is necessary or appropriate to respond to an emergency.
• To protect our rights, your safety, or the safety of others.
• To enforce our agreements, policies, and terms of use. With your consent.
• Business Transfers: If TheCloudTree is sold or merged, personal data may be transferred as part of the transaction assets.
• With affiliated companies and subsidiaries for purposes consistent with this Privacy Policy.
• With service providers assisting in providing the Service.
• To prevent fraud and mitigate credit risk.

Data Retention

TheCloudTree retains personal data for as long as necessary to fulfil the purposes for which it was collected, including:

• Fulfilling business purposes and providing products and services.
• Maintaining transaction and business records.
• Complying with legal and regulatory requirements.
• Handling disputes and addressing complaints.
• Establishing, exercising, or defending legal claims.
• Data may be deleted when no longer needed for these purposes, as permitted by applicable law.

Your Rights and Choices

Depending on your location and applicable laws, you may have the following rights:

• The right to access: You can request copies of your personal data.
• The right to correction: You can request that inaccurate or incomplete data be corrected.
• The right to erasure/deletion: You can request deletion of your personal data under certain conditions.
• The right to restrict processing: You can request limitations on how your data is processed.
• The right to data portability: You can request a copy of your data in a portable format.
• The right to object: You can object to processing of your data for certain purposes.
• The right to withdraw consent: If processing is based on your consent, you can withdraw it at any time.
• The right not to be discriminated against: You cannot be denied services or charged different prices for exercising your privacy rights.
• To exercise any of these rights, please submit a request through the HCMportal Support Module. TheCloudTree will respond within the timeframes required by applicable law.

Contact Information

For privacy-related questions or to exercise your rights, please contact us through the HCM Portal Support Module or by email at career@thecloudtree.ai.

Changes to This Privacy Policy

TheCloudTree may update this Privacy Policy from time to time. We will notify users of any significant changes by posting the updated policy on our website. Your continued use of the Service after such changes constitutes your acceptance of the updated Privacy Policy.

Grievance Redressal

In case of any grievance, as defined under the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, our Grievance Officer, Namita Samantaray, can be contacted by submitting a support query through the HCM Portal Support Module.

Inactive User Accounts Policy

We reserve the right to terminate unpaid user accounts that are inactive for a continuous period of 120 days. In the event of such termination, all data associated with such a user account will be deleted. We will provide you prior notice of such termination and option to back-up your data. The data deletion policy may be implemented with respect to any or all of the Services. Each Service will be considered an independent and separate service for the purpose of calculating the period of inactivity. In other words, activity in one of the Services is not sufficient to keep your user account in another Service active. In case of accounts with more than one user, if at least one of the users is active, the account will not be considered inactive.

Hosting Location

The location of the cloud facility from which you are served depends on the mapping of your region/country to the available cloud facilities at the time of your sign-up. We may migrate your account or require you to migrate your account to a different cloud facility in the event of any updates to the region/country to cloud facility mapping at any point of time.

You must not mask your internet protocol (IP) address at the time of sign-up since your region/country is determined based on your IP address. If, at any time, your actual region/country is found to be different from the region/country in our records, TheCloudTree may take appropriate action such as migrate your account or require you to migrate your account to the cloud facility corresponding to your region/country, or close your account and deny the Service to you. If you are served from a cloud facility outside your region/country and a TheCloudTree group entity has an office in your region/country, apart from storing the data in the cloud facility assigned to you, we may store a local copy of the data in your region/country.

Data Ownership

We respect your right to ownership of content created or stored by you. You own the content created or stored by you. Unless specifically permitted by you, your use of the Services does not grant TheCloudTree the license to use, reproduce, adapt, modify, publish or distribute the content created by you or stored in your user account for TheCloudTree’s commercial, marketing or any similar purpose. But you grant TheCloudTree permission to access, copy, distribute, store, transmit, reformat, publicly display and publicly perform the content of your user account solely as required for the purpose of providing the Services to you.

Sample files and Applications

TheCloudTree may provide sample files and applications for the purpose of demonstrating the possibility of using the Services effectively for specific purposes. The information contained in any such sample files and applications consists of random data. TheCloudTree makes no warranty, either express or implied, as to the accuracy, usefulness, completeness or reliability of the information or the sample files and applications.

Summary of our Privacy Policy

It covers every TheCloudTree website that links here, and all of the products and services contained on those websites. This privacy policy follows the same structure as this summary and constitutes the actual legal document.

Our privacy commitment: TheCloudTree has never sold your information to someone else for advertising, or made money by showing you other people's ads, and we never will. This has been our approach for many years, and we remain committed to it. This policy tells you what information we collect from you, what we do with it, who can access it, and what you can do about it.

Part I – Information TheCloudTree collects and controls

We only collect the information that we actually need. Some of that is information that you actively give us when you sign up for an account, register for an event, ask for customer support, or buy something from us. We store your name and contact information, but we don't store credit card numbers (except with your permission and in one of our secured payment gateways).

When you visit one of our websites or use our software, we automatically log some basic information like how you got to the site, where you navigated within it, and what features and settings you use. We use this information to improve our websites and services and to drive new product development. Sometimes we receive information indirectly. If you ask about our products through one of our referral programs or reselling partners, or sign in to one of our products through an authentication service provider like LinkedIn or Google, they'll pass on your contact information to us. We'll use that information to complete the request that you made. If you engage with our brand on social media (for instance, liking, commenting, retweeting, mentioning, or following us), we'll have access to your interactions and profile information. We'll still have that information even if you later remove it from the social media site.

What we do with your information

We use your information to provide the services you've requested, create and maintain your accounts, and keep an eye out for unauthorized activity on your accounts. We also use it to communicate with you about the products you're currently using, your customer support requests, new products you may like, chances for you to give us feedback, and policy updates. We analyze the information we collect to understand user needs and to improve our websites and services.

We're required to have a legal basis for collecting and processing your information. In most cases, we either have your consent or need the information to provide the service you've requested from us. When that's not the case, we must demonstrate that we have another legal basis, such as our legitimate business interests.

You can decline certain kinds of information use either by not providing the information in the first place or by opting out later. You can also disable cookies to prevent your browser from giving us information, but if you do so, certain website features may not work properly. We completely disable non-essential and intrusive third-party cookies from all TheCloudTree websites and products.

We limit access to your personal information to our employees and contractors who have a legitimate need to use it. If we share your information with other parties (like developers, service providers, domain registrars, and reselling partners), they must have appropriate security measures and a valid reason for using your information, typically to serve you.

The European Economic Area (EEA) provides certain rights to data subjects (including access, rectification, erasure, restriction of processing, data portability, and the right to object and to complain). TheCloudTree undertakes to provide you the same rights no matter where you choose to live. We keep your personal information for as long as it is required for the purposes stated in this Privacy Policy. When we no longer have a legitimate need to process your information, we will delete, anonymize, or isolate your information, whichever is appropriate.

Part II – Information that TheCloudTree processes on your behalf

If you handle other people's data using TheCloudTree apps, such as information about your customers or employees, you are entrusting that data to us for processing. If you use a TheCloudTree mobile app and give the app access to your contacts and photo library, you are entrusting data to us. The data you entrust to us for processing is called service data.

You own your service data. We protect it, limit access to it, and only process it according to your instructions. You may access it, share it through third-party integrations, and request that we export or delete it.

We hold the data in your account as long as you choose to use TheCloudTree Services. After you terminate your account, your data will be automatically deleted from our active database within 6 months and from our backups within 3 months after that.

If you are in the European Economic Area and you believe that someone has entrusted your information to us for processing (for instance, your employer or a company whose services you use), you can request certain actions from us regarding your data. To exercise those data rights, please contact the person or company that entrusted the data to us and we will work with them on your request.

Part III – General

There are some limitations to the privacy we can promise you. We will disclose personal information if it's necessary to comply with a legal obligation, prevent fraud, enforce an agreement, or protect our users' safety. We do not currently honor Do Not Track signals from internet browsers; when a universal standard for processing them emerges, we will follow it.

Third-party websites and social media widgets have their own separate privacy policies. Always check the relevant privacy policy before sharing personal information with third parties.

You can always contact us to: ask questions about our privacy practices, request a GDPR-compliant Data Processing Addendum, alert us if you believe we have collected personal data from a minor, or ask to have your personal information removed from our blogs or forums. You can also check our Security Policy and Privacy Policy.

We will contact you to let you know if we make any major changes to our privacy policy, or in the highly unlikely event that we ever decide to sell our business.