Back to home
Privacy & Data Protection

Clear, professional
privacy standards.

This page explains how AstraPeople handles workforce and platform data — what is collected, why it is processed, how it is protected, and how users or client organizations can raise privacy-related requests.

Effective
Version 3.0
Platform Web & Mobile

Data Controller

Client organization or employer

Coverage

Web, mobile, and related HR workflows

Sensitive feature

Location only when enabled for work use

We never sell personal data

Purpose-bound processing

Data is handled strictly for employment operations, compliance, security, and approved workforce workflows.

Controlled access

Only authorized personnel and approved systems may access data necessary for their responsibilities.

Operational retention

Records are retained according to business need, legal obligations, and your organization's policy.

We collect what is needed to run the service responsibly.

Core platform records

Account details, employee records, attendance, documents, and role-based workflow activity.

Sensitive operational data

Location or device metadata only when features are enabled for approved business use.

Controlled sharing

Access limited to authorized administrators, employers, and supporting service providers.

Retention and rights

Records are retained according to operational and legal needs; requests handled through the proper controller.

Scope of this policy

AstraPeople is an HR and workforce operations platform used by organizations to manage employee records, attendance, communication, payroll-linked workflows, and related administrative functions.

This Privacy Policy explains what information is collected through the platform, why it is processed, how it is protected, and what choices are available to users and client organizations.

In most cases, your employer or the organization using AstraPeople acts as the primary data controller, and AstraPeople acts as a service provider processing information on their behalf.

Information we collect

We collect information that is required to operate the platform — profile details, employment information, attendance records, leave activity, uploaded documents, and support communications.

Depending on your organization configuration, this may include identity details, contact information, department and reporting structure, payroll-related references, and policy acknowledgements.

For field operations and attendance verification, the platform may process device-based metadata such as location, timestamps, and device session activity when those features are enabled.

Employee profile and employment records
Attendance logs, shift activity, and notes
Uploaded HR, onboarding, and compliance documents
Operational metadata required for security and support

How location data is used

Location information is used only where your organization has enabled attendance verification, geofencing, or field tracking workflows.

Foreground location may be used during clock-in and clock-out events to validate work presence. Background tracking, if enabled for approved roles, is limited to active work sessions and is expected to stop after clock-out or task completion.

Location data is not used for advertising and is processed solely for business operations, auditability, compliance, and authorized workforce management.

Why information is processed

We process information to provide core HRMS functionality, maintain account security, support attendance and leave operations, generate reports, and meet lawful business or statutory requirements.

Processing may also support internal analytics, issue resolution, fraud prevention, platform reliability, and role-based administrative access for authorized personnel.

Payroll and attendance operations
Security, fraud prevention, and audit trails
Regulatory, tax, and labor-law compliance
Support, reporting, and service improvement

When information may be shared

Information is shared on a limited basis with authorized client administrators, managers, or HR personnel who require access to perform legitimate operational responsibilities.

We may also use trusted infrastructure or service providers that process data under confidentiality and security obligations. We do not sell personal information or share it for unrelated marketing use.

Information may be disclosed where required by law, regulation, court order, or a valid governmental request.

How data is protected

AstraPeople applies technical and organizational safeguards designed to protect confidentiality, integrity, and availability of platform data.

These measures may include access controls, encryption in transit, protected storage, audit logging, environment restrictions, and operational monitoring appropriate to the service.

No internet-based platform can guarantee absolute security, but we maintain reasonable controls and continuously review risks as part of ongoing operations.

How long records are kept

Information is retained for as long as necessary to provide the service, satisfy client instructions, and comply with employment and financial recordkeeping obligations.

Retention periods can vary by data category, organization policy, and applicable legal requirements. Once information is no longer required, it is deleted, anonymized, or archived according to operational policy.

Your choices and rights

Subject to applicable law and the role of your organization as controller, you may request access to your records, correction of inaccurate information, export of eligible data, or deletion where retention is no longer required.

You may also control certain device permissions, such as location or media access, through your device or browser settings where supported by the platform.

Access and correction requests
Export and portability where applicable
Permission control on supported devices
Deletion requests routed through your employer

Infrastructure providers exist to deliver the product — not commercialize your data.

AstraPeople relies on secure third-party infrastructure and service providers for storage, notifications, mapping, monitoring, and operational reliability. These relationships are structured to support the service only.

Cloud infrastructure and storage providers
Maps and geolocation services for attendance verification
Notification or messaging services for alerts
Support and monitoring tools for service reliability

Privacy questions or support requests

If you need help understanding this policy, want to report a privacy concern, or need platform-level support, use the official support channel below. For employment-specific data actions, coordinate with your HR team or organization administrator first.

First contact