Privacy Policy

How we collect, use, store, and protect your information.

Effective Date: 1 January 2026 ·

1. Introduction

StaffHub360 ("we," "our," "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our workforce management platform, including our website (https://staffhub360.com), mobile applications, and desktop apps (collectively, the "Service").

This Policy is published in accordance with the Digital Personal Data Protection Act, 2023 (DPDP Act), the Information Technology Act, 2000, and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 of India.

By using StaffHub360, you consent to the practices described in this Policy. If you do not agree, please discontinue use of the Service.

2. Information We Collect

2.1 Information You Provide Directly

  • Account information: name, work email, company name, password (encrypted), phone number.
  • Employee information: names, contact details, designation, department, salary structures, banking information for payroll, government IDs (PAN, Aadhaar — last 4 digits only), PF/ESI numbers, attendance records.
  • Communications: messages sent through our chat system, support tickets, feedback, and any content you upload (documents, files, images).
  • Payment information: billing address and tax details. Payment card data is processed by PCI-DSS-compliant payment processors and is not stored on our servers.

2.2 Information Collected Automatically

  • Device & usage data: IP address, browser type, operating system, device identifiers, pages visited, click events, session duration.
  • Location data: GPS coordinates when employees check in/out (used solely for attendance verification).
  • Cookies & similar technologies: see Section 8.

2.3 Information from Third Parties

We may receive information from authentication providers (e.g., Google, Microsoft) when you sign in via single sign-on, and from integration partners you authorize.

3. How We Use Your Information

We process your information for the following lawful purposes:

  • To provide, maintain, and improve the Service
  • To authenticate users and prevent unauthorized access
  • To process transactions and manage subscriptions
  • To compute attendance, leave balances, payroll, and statutory deductions (PF, ESI, TDS)
  • To enable communication between team members
  • To send service announcements, security alerts, and support messages
  • To respond to inquiries and provide customer support
  • To detect, investigate, and prevent fraud or abuse
  • To comply with applicable Indian laws and respond to lawful requests
  • To analyse usage patterns and improve our offerings (in aggregated, anonymized form)

4. Sharing & Disclosure

We do not sell your personal data. We share it only as described below:

  • Within your organization: data is accessible to authorized administrators and team members based on role-based permissions configured by your account admin.
  • Service providers: with trusted vendors (cloud hosting, email delivery, analytics, payment processing) under written contracts requiring confidentiality and DPDP-aligned safeguards.
  • Legal compliance: when required by Indian law, court order, or to protect the rights, property, or safety of StaffHub360, our users, or the public.
  • Business transfers: in connection with a merger, acquisition, or asset sale, with notice to affected users.

5. Data Security

We implement industry-standard technical and organizational measures to protect your data, including:

  • 256-bit SSL/TLS encryption in transit
  • AES-256 encryption at rest for sensitive fields
  • Role-based access control with audit logging
  • Regular security audits and penetration testing
  • Multi-factor authentication for admin accounts
  • Secure password hashing (bcrypt/Argon2)
  • Data centers located in India with ISO 27001 certification

While we work hard to safeguard your data, no system is impenetrable. You are responsible for keeping your credentials secure.

6. Data Retention

We retain personal data only for as long as necessary to provide the Service and comply with legal obligations:

  • Active account data: retained for the duration of your subscription
  • Payroll & tax records: retained for 7 years as required under Indian tax law
  • Attendance & employment records: retained per applicable labour law (typically 3-5 years)
  • Account closure: personal data is deleted or anonymized within 90 days of account termination, except where retention is legally required

7. Your Rights Under the DPDP Act, 2023

As a Data Principal under Indian law, you have the right to:

  • Access: obtain a summary of personal data we hold about you
  • Correction & erasure: request correction of inaccurate data or deletion of data no longer required
  • Withdraw consent: withdraw previously given consent at any time (this may affect Service availability)
  • Grievance redressal: raise complaints to our Grievance Officer (see Section 12)
  • Nominate: nominate another individual to exercise rights on your behalf in case of incapacity or death

To exercise any of these rights, contact us at info@staffhub360.com. We will respond within 30 days.

8. Cookies & Tracking Technologies

We use cookies and similar technologies to:

  • Keep you signed in (essential cookies)
  • Remember your preferences (functional cookies)
  • Understand how the Service is used (analytics cookies)

You can control cookies through your browser settings. Disabling essential cookies may break core functionality.

9. Children's Privacy

StaffHub360 is a business tool and is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If we learn we have collected such information, we will delete it promptly.

10. International Data Transfers

Your data is stored on servers located in India. If we transfer data outside India for any reason (e.g., for specific service providers), we will only do so to jurisdictions notified by the Central Government as approved under the DPDP Act, with appropriate safeguards in place.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. The "Last Updated" date at the top of this page indicates when this Policy was last revised.

12. Contact Us / Grievance Officer

If you have questions, concerns, or wish to exercise your rights, please contact our Grievance Officer:

  • Entity: StaffHub360
  • Email: info@staffhub360.com
  • Address: Radhey Shyam Complex, Mayani Chowk, Rajkot - 360004, Gujarat, India

We aim to acknowledge complaints within 48 hours and resolve them within 30 days, in compliance with the DPDP Act, 2023.