Privacy Policy
This Privacy Policy describes how Stafferin ("Stafferin", "we", "our", or "us") collects, uses, processes, stores, and protects your personal information when you access or use our application or services. We are committed to ensuring that your privacy is protected and that we remain fully compliant with applicable data protection laws, including the General Data Protection Regulation (GDPR) and other regional privacy laws.
1. Overview and Commitment
At Stafferin, safeguarding user privacy is a core priority. We process personal data to deliver workforce scheduling, guard tracking, shift compliance, and related services to employers and employees. We ensure that all data is processed lawfully, fairly, and transparently. By using our services, you acknowledge and agree to this privacy policy.
2. Role of Data Controller and Processor
Stafferin operates as a Data Processor under the authority of your employer, who is the designated Data Controller. Your employer determines the purposes and means of data processing. Stafferin follows their instructions and processes your personal information only as necessary to deliver services under a contractual arrangement.
3. Types of Data Collected
A. Personal Information
This includes your full name, phone number, email address, employee ID, role or designation, and contact preferences.
B. Employment and Work-Related Data
Information regarding your work schedules, assigned shifts, tasks, sites, incident reports, internal messages, licenses, availability, and attendance records.
C. Device Permissions & App Usage Data
To perform essential features of the Stafferin platform, we may request access to:
- Location Services (foreground and background)
- Camera (for task verification and clock-ins)
- Microphone (for voice notes if applicable)
- Device Storage (for logs, files, incident attachments)
D. Background Location Tracking (Core Feature)
Stafferin collects your location data in the background only during active shifts to:
- Track patrols, field movements, or site coverage in real-time
- Verify presence at assigned locations
- Support incident reporting, emergency escalation, and accountability
This feature is critical to core functionality and is not used while off-duty. You are notified when tracking is active, and you may manually disable tracking from within the app when not working.
E. Automatically Collected Data
We may collect anonymized technical data including device type, IP address, mobile OS, timestamps, crash logs, and analytics to improve app reliability and performance.
4. How We Use Your Information
Stafferin processes data strictly for the following purposes:
- To provide workforce management and guard scheduling tools
- To verify your location during working hours for shift monitoring
- To support incident logging, site compliance, and security audits
- To alert employers to emergencies or performance issues
- To comply with legal and regulatory obligations
- To enhance the quality, safety, and effectiveness of our service
5. Legal Basis for Processing
We only collect and process personal data where we have a legal basis to do so. This includes:
- Performance of a contract – Processing necessary to deliver the services your employer contracts us to provide
- Legal compliance – Where processing is required by applicable laws
- Legitimate interest – To operate, maintain, and improve platform performance
- Consent – For specific features such as background tracking where required
6. Data Retention
We retain your personal data only as long as needed to fulfill the purpose for which it was collected or as required by applicable laws or employer contracts. Location data is retained only for audit logs and shift verification, after which it is either anonymized or securely deleted.
7. Data Sharing and Transfers
We do not sell your personal data. We may share data with:
- Your employer
- Our trusted technology and cloud service providers under strict data processing agreements
- Legal authorities if required under applicable law
- Business partners or acquirers, in the event of a merger or restructuring
Where data is transferred internationally, we ensure appropriate safeguards such as Standard Contractual Clauses or data residency guarantees are in place.
8. Data Security
Stafferin implements strict technical and organizational measures to protect your data, including:
- End-to-end encryption during data transmission
- Secure storage using encrypted databases
- Role-based access controls
- Regular security audits and vulnerability assessments
9. Your Rights
You have the following rights under applicable privacy laws:
- Right to Access: Request a copy of your data
- Right to Rectification: Request correction of inaccurate data
- Right to Erasure: Request deletion of data under certain conditions
- Right to Object: Object to data processing on certain grounds
- Right to Restrict Processing: Limit data processing under specific conditions
- Right to Data Portability: Receive your data in a portable format
- Right to Withdraw Consent: Revoke previously given consent at any time
To exercise these rights, please contact our Data Protection Officer or your employer.
10. Children's Privacy
Stafferin is not designed for or directed at children under 16 years of age. We do not knowingly collect data from minors. If you believe a child has submitted personal information, please notify us and we will delete it immediately.
11. Changes to this Policy
We may update this Privacy Policy to reflect changes in practices, laws, or service features. Users will be notified of any significant updates. Please review this policy regularly to stay informed.
12. Cookie Policy
Our website uses cookies to enhance your browsing experience. When you first visit our site, you will see a cookie consent banner that allows you to:
- Accept All: Enable all cookies including analytics and marketing
- Reject All: Only essential cookies will be used
- Customize: Choose which types of cookies to allow
You can change your cookie preferences at any time by clicking the "Cookie Settings" link in our footer or by clearing your browser cookies and revisiting our site.
Types of Cookies We Use:
- Necessary Cookies: Required for the website to function properly (cannot be disabled)
- Analytics Cookies: Help us understand how visitors interact with our website (Google Analytics)
- Marketing Cookies: Used to deliver relevant advertisements
- Preference Cookies: Remember your settings and preferences
13. Request Data Deletion
Under GDPR and other privacy regulations, you have the right to request deletion of your personal data. To submit a data deletion request, please provide your email address below. We will verify your identity and process your request within 30 days.
Submit Data Deletion Request
Enter the email address associated with your account or chat conversations. We will send you a confirmation email to verify your request.
Note: Some data may be retained for legal compliance or legitimate business purposes as outlined in this policy.
14. California Consumer Privacy Act (CCPA)
If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). This section describes your rights and how to exercise them.
Your CCPA Rights:
- Right to Know: You have the right to request information about the categories and specific pieces of personal information we have collected about you, the sources of that information, our business purposes for collecting it, and the categories of third parties with whom we share it.
- Right to Delete: You have the right to request that we delete the personal information we have collected from you, subject to certain exceptions.
- Right to Correct: You have the right to request that we correct inaccurate personal information we maintain about you.
- Right to Opt-Out of Sale/Sharing: You have the right to opt-out of the "sale" or "sharing" of your personal information for cross-context behavioral advertising purposes.
- Right to Limit Use of Sensitive Personal Information: You have the right to limit our use and disclosure of your sensitive personal information.
- Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.
Categories of Personal Information Collected:
In the past 12 months, we have collected the following categories of personal information:
- Identifiers (name, email address, phone number, IP address)
- Professional or employment-related information
- Geolocation data (during active work shifts only)
- Internet or network activity information
- Inferences drawn from the above categories
Sale of Personal Information:
We do not sell your personal information. We do not exchange your personal data for monetary consideration. We also do not "share" your personal information for cross-context behavioral advertising purposes as defined under CCPA/CPRA.
Do Not Sell or Share My Personal Information
While we do not sell your personal information, you can submit a request to ensure your data is never sold or shared for advertising purposes.
How to Exercise Your Rights:
To exercise any of your CCPA rights, you may:
- Email us at ccpa@stafferin.ca
- Use the "Do Not Sell" form above
- Use the Data Deletion Request form in Section 13
We will verify your identity before processing your request. We will respond to verifiable consumer requests within 45 days. If we need more time, we will inform you of the reason and extension period in writing.
15. Contact Us
If you have questions or concerns regarding your personal data or this policy, you may contact our Data Protection Officer:
Email: privacy@stafferin.ca
For GDPR inquiries: gdpr@stafferin.ca
For CCPA inquiries: ccpa@stafferin.ca
Or contact your employer's internal privacy administrator for site-specific inquiries.