Last updated: June 14, 2026
Privacy Policy
This Privacy Policy describes how SignHR Technologies Pvt. Ltd. (“SignHR”, “we”, “us”) collects, uses, stores, and protects personal data we receive through our websites, applications, and services.
1. Who we are
SignHR is an HR management platform built and operated by SignHR Technologies Pvt. Ltd., a company incorporated in India with its registered office at Indiranagar, Bengaluru 560038. For privacy questions, write to info@signhr.io.
2. What data we collect
We collect data in three categories:
- Account data — name, email, role, company name, and authentication tokens, provided when you sign up.
- Workspace data — employee profiles, leave records, payroll data, attendance, documents, and other HR records you upload or generate while using SignHR. We process this on your behalf.
- Usage and device data — IP address, browser, device type, pages visited, timestamps. Used for security monitoring, performance, and analytics.
- Location data (mobile app only)— when your employer turns on location-based attendance and you clock in from the SignHR mobile app, we collect your device’s precise location (latitude, longitude, accuracy) in both the foreground and the background. This is described in full in section 3 below.
We do not collect special categories of personal data (race, religion, biometric, etc.) unless you explicitly choose to upload them as part of an employee profile field, in which case you are responsible for the legal basis to do so.
3. Location data (mobile app)
The SignHR mobile app can collect device location to support location-based attendance. Because this includes background collection, we describe it here in full.
- When we collect location. We collect location only through the SignHR mobile app, and only while you are clocked in to a work session that your employer has configured for location-based attendance. We do not collect location on the web or desktop apps, and we do not collect it when you are clocked out.
- Background location.When your employer’s attendance setup requires it, the app collects location in the background — while the app is closed, running in the background, or your device is locked — for the duration of your clocked-in session. This requires the “Allow all the time” / “Always” location permission, which the app requests separately and explains before asking. Background collection stops as soon as your session ends (when you clock out manually, or when you are automatically clocked out).
- What we collect. Latitude, longitude, location accuracy, and a timestamp, sampled at an interval set by your employer (typically every few minutes). We also log periods when location was unavailable — for example if the permission was turned off, device location was disabled, or there was no signal.
- Why we collect it. To verify attendance and automatically clock you out if you leave your assigned work-site area; and, for field-based roles, to record the locations visited during working hours. We do not use location data for any purpose outside your clocked-in work sessions.
- Your control.Location sharing is granted through your device’s permission prompt and can be withdrawn at any time in your device settings. Withdrawing it disables location-based clock-in. If you have questions about why it is enabled, contact your employer.
- Who can see it, and sharing.Location records are visible to your employer’s authorized administrators within their SignHR workspace. We process this data on your employer’s behalf — your employer is the data controller. We do not sell location data and do not use it for advertising.
- Retention. Location records are retained for a period set by your employer (between 1 and 365 days), after which they are deleted from our production systems and, within 90 days, from backups.
4. How we use your data
We process personal data for the following purposes:
- To provide, operate, and improve the SignHR service.
- To authenticate you and secure your account.
- To send essential transactional emails (account, billing, security alerts).
- To send marketing emails — only with your explicit opt-in.
- To comply with our legal and contractual obligations.
- To investigate, prevent, and address fraud and abuse.
5. Legal basis for processing
Where the GDPR or DPDP applies, we rely on the following legal bases: contract performance for service delivery; legitimate interest for security and product improvement; consent for marketing communications; and legal obligation for tax, audit, and similar requirements.
6. Where your data is stored
Workspace data is stored in AWS data centers in your selected region — ap-south-1 (Mumbai) by default for India and APAC customers, eu-west-1 (Dublin) for EU customers, and us-east-1 (Virginia) for North American customers. We do not transfer workspace data across regions without your explicit configuration.
7. Sharing of data
We share data only with sub-processors that are contractually bound to equivalent data protection obligations. Our current sub-processors are listed at our DPA. We do not sell personal data, and we do not share it for advertising purposes.
8. Retention
We retain workspace data for the lifetime of your subscription plus 30 days after cancellation, after which we delete it from production systems and (within 90 days) from backups. Account data may be retained longer where required by law or for fraud prevention.
9. Your rights
Depending on the jurisdiction, you may have rights to access, correct, delete, or port your personal data; to object to processing; or to withdraw consent. To exercise these rights, write to info@signhr.io — we respond within 30 days.
For data we process on behalf of our customers, please contact your employer (the data controller) directly. We will assist them in responding to you.
10. Security
We use industry-standard encryption (TLS 1.3 in transit, AES-256 at rest), strict access controls, and continuous monitoring. We are SOC 2 Type II certified. For details, see our Security Annex.
11. Cookies
We use a minimal set of first-party cookies for authentication and preferences. We do not use third-party tracking cookies on our marketing site or product. Analytics is privacy-respecting and aggregate-only.
12. Changes to this policy
We may update this policy from time to time. Material changes will be announced by email to account administrators at least 30 days before they take effect. The “Last updated” date at the top reflects the most recent change.
13. Contact
Questions, concerns, or complaints? Reach our Data Protection Officer at info@signhr.io. EU residents may also lodge a complaint with their local data protection authority.
