Legal

Privacy Policy

Last updated: March 1, 2026

At Workisy, Inc. ("Workisy," "we," "us," or "our"), we are committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our platform, or interact with our services (collectively, the "Services"). Please read this policy carefully. By accessing or using our Services, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

Information You Provide Directly

We collect information that you voluntarily provide to us when you register for an account, request a demo, fill out a contact form, subscribe to our newsletter, or otherwise communicate with us. This information may include:

  • Account Information: Your name, email address, phone number, company name, job title, and password when you create an account or request a demo.
  • Billing Information: Payment method details, billing address, and transaction history necessary to process your subscription payments. We use PCI-compliant third-party payment processors and do not store full credit card numbers on our servers.
  • Workforce Data: Employee records, candidate information, scheduling data, payroll information, performance reviews, and other HR-related data that you upload to or create within the platform in the course of using our Services.
  • Communications: Any messages, feedback, support requests, or other communications you send to us through our Services, email, chat, or other channels.

Information Collected Automatically

When you access our Services, we automatically collect certain technical and usage information, including:

  • Device and Browser Information: IP address, browser type and version, operating system, device type, screen resolution, and unique device identifiers.
  • Usage Data: Pages visited, features used, time spent on pages, clickstream data, search queries within the platform, and other interaction data that helps us understand how you use our Services.
  • Log Data: Server logs that record requests made to our servers, including timestamps, URLs, referrer URLs, and response codes.
  • Cookies and Similar Technologies: We use cookies, web beacons, pixels, and similar tracking technologies to collect information about your browsing activity. See the Cookies & Tracking section below for more details.

Information from Third Parties

We may receive information about you from third-party sources, including:

  • Integration Partners: Data from third-party services you connect to your Workisy account (such as HRIS systems, payroll providers, or calendar tools).
  • Business Partners: Contact information from business partners for co-marketing or referral purposes, where you have consented to sharing.
  • Publicly Available Sources: Information from public databases, social media profiles, and other publicly available sources to supplement the data we hold.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Providing and Improving Our Services: To operate, maintain, and improve the Workisy platform, including delivering the features and functionality you request, processing transactions, and providing customer support.
  • Personalization: To tailor the platform experience to your preferences, including customizing dashboards, recommendations, and AI-powered insights based on your usage patterns and organizational data.
  • AI and Analytics: To train and improve our artificial intelligence and machine learning models that power workforce analytics, predictive hiring insights, and other intelligent features. We use aggregated, de-identified data for model training wherever possible.
  • Communications: To send you transactional emails (such as account confirmations and billing receipts), service-related announcements, product updates, and, where you have opted in, marketing communications about new features, promotions, or events.
  • Security and Fraud Prevention: To detect, prevent, and investigate security incidents, fraud, abuse, and other harmful activity, and to protect the rights and safety of Workisy, our users, and the public.
  • Legal Compliance: To comply with applicable laws, regulations, legal processes, and governmental requests.
  • Business Operations: To conduct internal business operations such as auditing, data analysis, testing, research, and troubleshooting.

3. Information Sharing

We do not sell your personal information to third parties. We may share your information in the following circumstances:

  • Service Providers: We share information with trusted third-party service providers who perform services on our behalf, such as cloud hosting (AWS), payment processing (Stripe), email delivery, analytics, and customer support tools. These providers are contractually obligated to protect your data and use it only for the purposes we specify.
  • Within Your Organization: Workforce data you enter into Workisy may be accessible to authorized users within your organization based on the role-based access controls configured by your account administrator.
  • Business Transfers: In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you of any such change and the choices you may have regarding your information.
  • Legal Requirements: We may disclose your information if required to do so by law, or in the good-faith belief that such action is necessary to comply with a legal obligation, protect and defend our rights or property, prevent fraud, or protect the personal safety of users or the public.
  • With Your Consent: We may share your information with third parties when you explicitly consent to or direct us to do so.

4. Data Security

We implement industry-standard technical and organizational measures to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption: All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption.
  • Access Controls: Role-based access controls, multi-factor authentication, and the principle of least privilege are enforced across our infrastructure and applications.
  • Infrastructure Security: Our platform is hosted on SOC 2 Type II certified cloud infrastructure with continuous monitoring, intrusion detection, and regular penetration testing.
  • Incident Response: We maintain a comprehensive incident response plan and will notify affected users and relevant authorities in accordance with applicable data breach notification laws.

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to continuously improving our security practices.

5. Your Rights

Depending on your location and applicable law, you may have the following rights regarding your personal information:

  • Access: The right to request a copy of the personal information we hold about you.
  • Correction: The right to request that we correct inaccurate or incomplete personal information.
  • Deletion: The right to request that we delete your personal information, subject to certain legal exceptions.
  • Portability: The right to receive your personal information in a structured, commonly used, machine-readable format and to transmit it to another controller.
  • Restriction: The right to request that we restrict the processing of your personal information in certain circumstances.
  • Objection: The right to object to the processing of your personal information for direct marketing or where processing is based on legitimate interests.
  • Withdraw Consent: Where processing is based on your consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal.

To exercise any of these rights, please contact us at privacy@appitsoftware.com. We will respond to your request within 30 days, or sooner if required by applicable law. We may need to verify your identity before fulfilling certain requests.

California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including the right to know what personal information we collect, the right to delete your personal information, the right to opt out of the sale or sharing of personal information, and the right to non-discrimination for exercising your rights. Workisy does not sell personal information as defined by the CCPA/CPRA.

European Economic Area (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data in accordance with the General Data Protection Regulation (GDPR). Our lawful bases for processing include performance of a contract, legitimate interests, consent, and legal obligation. We offer Data Processing Agreements (DPAs) and Standard Contractual Clauses (SCCs) for international data transfers upon request.

6. Cookies & Tracking

We use cookies and similar tracking technologies to enhance your experience, analyze usage, and deliver relevant content. The types of cookies we use include:

  • Essential Cookies: Required for the basic functionality of our Services, such as authentication, session management, and security. These cookies cannot be disabled.
  • Analytics Cookies: Help us understand how visitors interact with our website by collecting anonymous usage data. We use services such as Google Analytics and Mixpanel for this purpose.
  • Functional Cookies: Enable enhanced functionality and personalization, such as remembering your preferences, language settings, and display configurations.
  • Marketing Cookies: Used to track visitors across websites and display ads that are relevant and engaging. We may use services such as Google Ads and LinkedIn Insights for remarketing purposes.

You can manage your cookie preferences through your browser settings or through the cookie consent banner displayed when you first visit our website. Please note that disabling certain cookies may affect the functionality of our Services.

7. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements. The specific retention periods depend on the type of data and the context in which it was collected:

  • Account Data: Retained for the duration of your account and for 90 days after account closure to allow for reactivation or dispute resolution.
  • Workforce Data: Retained in accordance with your organization's data retention policy as configured in the platform. Upon account termination, all workforce data is permanently deleted within 60 days unless a longer retention period is required by law or requested by the customer.
  • Usage and Analytics Data: Retained in aggregated, de-identified form for up to 36 months for product improvement and analytics purposes.
  • Marketing Data: Retained until you unsubscribe or request deletion, after which we will remove your data from our marketing systems within 30 days.

8. Children's Privacy

Our Services are designed for business use and are not directed at individuals under the age of 16. We do not knowingly collect personal information from children under 16 years of age. If we become aware that we have inadvertently collected personal information from a child under 16, we will take steps to delete that information as quickly as possible. If you believe that we may have collected information from a child under 16, please contact us immediately at privacy@appitsoftware.com.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will notify you by posting the updated policy on this page with a revised "Last updated" date. For significant changes, we may also provide additional notice through email or an in-app notification. We encourage you to review this policy periodically to stay informed about how we protect your information. Your continued use of our Services after the effective date of the revised policy constitutes your acceptance of the changes.

10. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

  • Email: privacy@appitsoftware.com
  • Mail: APPIT Software Solutions, Attn: Privacy Team, PSR Prime Towers, 704 C, 7th Floor, Gachibowli, Hyderabad, Telangana 500032, India

For GDPR-related inquiries, you may also contact our Data Protection Officer at dpo@appitsoftware.com. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.

This Privacy Policy is effective as of March 1, 2026. For previous versions of this policy, please contact us at privacy@appitsoftware.com.

View our Terms of Service