Privacy Policy

EmpTrack AI ("we," "us," "our," or "Company") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website https://www.emptrackai.online and use our employee monitoring software.

We understand that privacy is paramount in the employee monitoring space. Our commitment is to transparency and compliance with Indian data protection laws, specifically the Digital Personal Data Protection (DPDP) Act 2023, and international standards including GDPR.

We may collect information about you in a variety of ways. The information we may collect includes:

Personal Information

• Name, email address, company name, and job title
• Contact information provided through demo requests or support inquiries
• Payment information (processed securely through third-party providers)

Device & Technical Information

• IP address, browser type, and operating system
• Device hardware specifications (CPU, RAM, storage)
• Network connectivity status and performance metrics

Usage & Activity Data

• Application usage patterns and session duration
• Pages visited on our website and features used
• Features of our software accessed by your organization

Employee Activity Data (When Monitoring is Active)

• Keyboard and mouse activity (collected locally on-device, never transmitted without consent)
• Application and website usage
• Screenshots (encrypted and stored locally by default)
• Screen time and work session tracking

EmpTrack AI uses advanced machine learning models to analyze employee activity data and generate productivity insights. This processing occurs in two ways:

Local Processing (Default & Recommended)

• AI models run directly on employee devices
• No raw data leaves your network
• Processed summaries are encrypted before cloud sync
• Your organization retains full data ownership

Optional Cloud Processing

Organizations may opt into cloud-based AI analysis for advanced features. When enabled:

• Only aggregated, anonymized data is transmitted
• End-to-end encryption protects data in transit
• We do not train public models on your data
• All processing complies with DPDP and GDPR requirements

No Data Sharing with Third Parties

Your activity data is never sold, shared with competitors, or used for purposes outside your organization without explicit written consent.

We implement comprehensive security measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction.

Encryption

• AES-256 encryption for all activity data at rest
• TLS 1.2+ for all data in transit
• Encryption keys managed separately from data stores

Access Controls

• Role-based access control (RBAC) for administrators
• Multi-factor authentication (MFA) for sensitive operations
• Audit logs for all data access events
• Limited employee visibility based on organization policy

Infrastructure Security

• Regular security audits and penetration testing
• Secure data centers with physical access controls
• Automated threat detection and incident response
• Data redundancy across geographically distributed servers

Data Retention

You control how long activity data is retained. By default, we retain data for 90 days on cloud servers and allow you to configure local retention policies. You can request deletion of your data at any time.

DPDP Act 2023 (India)

EmpTrack AI complies with India's Digital Personal Data Protection Act 2023. Our commitment includes:

• Clear notice to employees about data collection before monitoring begins (notice and consent workflows built into our platform)
• Purpose limitation (data used only for stated productivity and security purposes)
• Data minimization (collecting only necessary information)
• Encryption and security standards exceeding DPDP requirements
• Right to access: Employees can view their activity data upon request
• Right to erasure: Organizations can delete employee records within configurable timeframes
• Grievance redressal mechanism for employee privacy concerns (available through admin dashboard)

GDPR Compliance (EU & UK)

For organizations operating in the EU or with EU employees, EmpTrack AI provides GDPR-compliant monitoring:

• Data Processing Agreement (DPA) available upon request
• Standard Contractual Clauses (SCCs) for international data transfers
• DPIA (Data Protection Impact Assessment) templates provided
• Lawful basis documentation for all processing activities

Local Compliance

• Compliant with US state privacy laws (CCPA, CPRA, state-level regulations)
• APEC Privacy Framework compliance for Asia-Pacific operations
• Industry standards: ISO 27001 certification in progress

Transparency & Consent

We are transparent about how employee data is processed. Organizations must provide clear notice to employees with the following elements:

• What data is collected and why
• How long it is retained
• Who has access to it
• Employee rights regarding their data
• Process for raising privacy concerns