Privacy Policy
Last updated: 2026. This policy describes how ClockAll (“we”) handles personal information. Please have it reviewed by your own counsel for your jurisdiction before relying on it.
What we collect
- Account & employee data — names, email, role, location, pay rate, and work schedule you enter to run your workforce.
- Time & location data — clock-in/out times and, where you enable it, GPS coordinates at punch time for geofencing.
- Biometric data — when face verification is enabled, we store an encrypted mathematical face embedding, never a raw photo or image of your face.
- Usage & device data — basic logs needed to operate and secure the service.
How we use it
We use this data solely to provide workforce management — recording time, scheduling, payroll export, and compliance — and to secure and support the service. We do not sell personal information.
Biometric privacy (BIPA / CCPA)
Face verification is optional and per-employer. Where used, we capture biometric data only with notice and consent, store it as an encrypted embedding (not a raw image), retain it only while the employment relationship is active, and delete it on request or when no longer needed. Employees may decline face verification and use a PIN instead.
Sharing
We share data only with sub-processors needed to run the service (hosting, payments) under contract, and when required by law. Payroll exports go only where your administrator directs them.
Your rights
Depending on your location, you may have rights to access, correct, or delete your personal information, and to withdraw consent. Contact privacy@clockall.com.
Security & retention
Data is encrypted in transit and at rest, access is role-restricted, and sensitive actions are audit-logged. We retain records only as long as needed to provide the service and meet legal obligations.