Privacy Policy

Last updated: March 18, 2026

This Privacy Policy explains how Clock It Labs ("Clock It", "we", "us", "our") collects, uses, stores, shares, and protects personal data when you use our website, landing pages, and applications. Clock It Labs processes personal data in accordance with applicable law, including the Data Privacy Act of 2012 (Republic Act No. 10173) and related regulations.

1. Scope

This Policy applies to:

• Website visitors and people who submit inquiries through our landing page.
• Users of Clock It web and mobile applications.
• Organization administrators and employees whose data is processed through Clock It.

2. Our Role

Depending on context, Clock It Labs may act as a Personal Information Controller (for data we collect directly, such as inquiries and account operations) or as a Personal Information Processor on behalf of customer organizations using Clock It.

3. Data We Collect

3.1 Inquiry and Website Data

• Name, email address, phone number, and message content submitted through our inquiry form.
• Technical metadata (for example, IP address, timestamps, anti-spam and rate-limit logs).

3.2 Account and Profile Data

• Name, email, and account identifiers.
• Profile details such as birthday and emergency contact details (where provided).

3.3 Workforce and Payroll Data (organization-managed)

• Company role and employment details (for example, department, shift, wage details).
• Attendance and time logs.
• Leave, overtime, correction, and offset request records.
• Payroll and payslip-related records, benefits, and loan records.
• Government identifiers and payroll compliance data (for example, SSS, PhilHealth, Pag-IBIG, and TIN), where applicable.
• Payroll disbursement details (for example, bank account details), where provided.

3.4 Usage and Security Data

• Browser/app/device type and diagnostic logs.
• Access timestamps and service interaction data used for reliability and security.

4. How We Use Personal Data

We use personal data to:

• Provide, operate, and improve Clock It services.
• Authenticate users and secure accounts.
• Process attendance, payroll, and related workforce workflows.
• Respond to inquiries and support requests.
• Send service-related updates and operational notices.
• Perform analytics, fraud prevention, and security monitoring.
• Comply with legal obligations and defend legal claims when necessary.

5. Legal Bases

Where required by law, we rely on appropriate legal bases, including consent, contract performance, legal obligation, and legitimate interests, depending on the processing activity.

6. Sharing and Disclosure

We do not sell personal data. We may disclose personal data only when needed to:

• Provide services to customer organizations and authorized users.
• Work with service providers (for example, hosting, authentication, and email delivery providers).
• Comply with legal, regulatory, or lawful government requests.
• Support mergers, acquisitions, or business restructuring (subject to safeguards).

7. International Transfers

Personal data may be processed in jurisdictions outside the Philippines. Where cross-border processing occurs, we apply appropriate safeguards consistent with applicable law.

8. Retention

We retain personal data only as long as needed for the purposes in this Policy and for legal, security, tax, accounting, and dispute-resolution requirements.

• Inquiry/support records: generally up to 24 months, unless longer retention is required.
• Account and operational records: for the account lifecycle and a limited post-closure period.
• Workforce and payroll records: retained according to contractual and legal obligations.
• Security logs and backups: retained per security and backup schedules.

9. Security

We implement reasonable technical and organizational safeguards, including access controls, encryption in transit, role-based data access controls, and monitoring. No method of transmission or storage can be guaranteed as absolutely secure.

10. Data Breach Response

If a qualifying personal data breach occurs, we investigate and take corrective action. We notify affected parties and regulators as required by applicable law.

11. Your Rights

Subject to applicable law, you may have rights to:

• be informed,
• access your personal data,
• object to processing in applicable cases,
• correct inaccurate or incomplete data,
• erase or block data where legally permitted,
• data portability (where applicable),
• file a complaint, and
• seek damages where legally available.

For employee-user data processed on behalf of an organization, some requests may need to be coordinated with that organization.

12. Children

Clock It is intended for business and workforce use. It is not directed to children, and we do not knowingly collect personal data from children in violation of applicable law.

13. Third-Party Links

Our services may contain links to third-party websites. Their privacy practices are governed by their own policies.

14. Changes to This Policy

We may update this Policy from time to time. We will post the updated version and update the "Last updated" date.

15. Contact Us

For privacy questions or requests, contact:

• Entity: Clock It Labs
• Email: customer@clockitlabs.com
• Country: Philippines