← Back to ClockOut
Legal

Privacy Policy

Effective: April 29, 2026·useclockout.com

ClockOut (“ClockOut,” “we,” “us”) is a time-tracking, scheduling, and payroll-export application for small businesses. This policy explains what data we collect, why, how long we keep it, and the choices you have. We tried to write it in plain English. Where we couldn’t, we’ve added a one-line summary.

1. Who this policy applies to

This policy applies to anyone who uses ClockOut, including business owners and administrators (“Customers”) and the employees they invite to use the Service (“Users”). When a Customer signs up, they become a data controller for their employees’ data; ClockOut acts as a processor on the Customer’s behalf.

2. What we collect

2.1 Account information

  • Email address (required to sign in).
  • Hashed password (we never store or transmit plaintext passwords).
  • Name, role, department, and assigned location(s).
  • Phone number, if provided for invitations or notifications.

2.2 Time and location data

  • GPS coordinates at the moment of clock in, clock out, and break events. We do not track location continuously or in the background. Location is captured only when an action requires it.
  • Geofence membership for each event (inside / outside / flagged).
  • Timestamp, device type, and IP address of each event.

Plain English: we capture one coordinate the moment you tap Clock In, check it against the geofence, and store the result. We do not record your location at any other time.

2.3 Schedule, PTO, and timesheet data

  • Shifts, schedules, swaps, open-shift claims, conflict records.
  • PTO accruals, balances, and approvals.
  • Timesheet entries, edits, approvals, and the audit trail.

2.4 Payroll-export data (Pro plan)

  • Hours, overtime, PTO, and earnings codes mapped to your payroll provider.
  • PDF payroll reports generated for your records.

We do not store bank or pay-stub data. Payroll exports are generated on demand and delivered as CSV or PDF files; we do not transmit them to your payroll provider on your behalf.

2.5 Billing data

Subscription and payment processing are handled by Stripe. We receive subscription metadata (plan, employee count, status) but never your full credit-card number. Stripe’s privacy policy applies to card data.

2.6 Technical data

  • IP address, user agent, and device type.
  • Application logs (errors, latency, feature usage).
  • Cookies for session management and preferences.

3. How we use your data

  • To deliver the Service: process clock-ins, build schedules, run reports.
  • To verify identity and authenticate sessions.
  • To enforce plan limits and bill your subscription.
  • To send transactional notifications (shift reminders, exception alerts, password resets).
  • To improve the product through aggregated, de-identified analytics.
  • To comply with legal obligations and respond to lawful requests.

We do not sell your data. We do not use your data to train third-party AI models. We do not run third-party advertising networks inside the application.

4. Location permissions and your control

ClockOut requests location permission as “While Using App”. We never request “Always” permission. You can revoke location permission at any time in your device settings; if you do, GPS-verified clock-ins will fail and your manager may need to verify your time manually.

Geofence behavior is configured by your employer (“Block” or “Flag”) and disclosed in their employee handbook. If you have questions about how your specific employer uses location data, ask your manager first.

5. How we share data

We share data only with these categories of recipients:

  • Your employer. Customers who invited you can access timesheets, schedules, GPS coordinates of punches, and exception records for their own employees. Cross-company access is technically prevented.
  • Payment processors. Stripe, for subscription billing.
  • Infrastructure providers. Convex (database and application hosting), Vercel (web hosting), AWS SES (email delivery), and similar service providers acting under contract.
  • Legal authorities, when required by valid process. We will notify Customers of demands targeting their data unless legally prohibited.

6. How long we keep data

  • Active account data is retained while your account is active.
  • Timesheets and payroll records are retained for at least 7 years to support tax and labor compliance.
  • GPS coordinates older than 24 months are aggregated or deleted unless required for an active dispute.
  • Application logs are retained for 90 days for debugging and security.

When a Customer cancels, we retain their data for 60 days to support reactivation, then permanently delete it (subject to legal hold requirements).

7. Security

  • Passwords are hashed with PBKDF2-SHA256 (100,000 iterations) plus a random per-user salt. Plaintext passwords are never stored or transmitted.
  • Session tokens are randomly generated, unique per device, and rotated when you change your password.
  • All data is encrypted in transit (TLS 1.2+) and at rest.
  • Data is logically scoped per Customer; cross-Customer access is prevented at the application layer.
  • HIPAA-aligned audit logs are available for clinics on Starter and above.

8. Your rights

Depending on where you live, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Delete your data, subject to legal retention requirements.
  • Port your data in a machine-readable format.
  • Object to or restrict certain processing.
  • Withdraw consent for processing where consent is the legal basis.

For Users invited by an employer, requests should be directed to your employer first; ClockOut acts as a processor in that relationship. If your employer is unresponsive, contact us at hello@useclockout.com and we will help.

9. Children

ClockOut is intended for workplace use. Some industries (restaurants, retail) may employ minors aged 14–17. We rely on the employer to comply with state-specific minor-employment laws. We do not knowingly collect data from anyone under 13. If you believe we have, contact us and we will delete it.

10. International users

ClockOut is operated from the United States. If you use the Service from outside the U.S., your data will be transferred to and processed in the U.S. By using the Service, you consent to this transfer. We do not currently target or operate data-residency services for the EU or UK; for inquiries about international transfers, contact hello@useclockout.com.

11. California, Virginia, and other state rights

Residents of California (CCPA/CPRA), Virginia (VCDPA), Connecticut (CTDPA), Colorado (CPA), and Utah (UCPA) have additional rights to access, delete, correct, and opt out of certain data uses. We honor these rights for all users regardless of state. We do not sell personal information and we do not engage in targeted advertising.

12. HIPAA, BAAs, and DPAs

For clinics and medical offices, ClockOut offers HIPAA-aligned audit logs on Starter and above. We can execute Business Associate Agreements (BAAs) on a case-by-case basis. For Data Processing Agreements (DPAs) or other contractual privacy terms, contact hello@useclockout.com.

13. Changes to this policy

We’ll notify Customers by email at least 30 days before any material change to this policy. The “Effective” date at the top of this page reflects the most recent revision.

14. Contact

Privacy inquiries: hello@useclockout.com
ClockOut, Houston, Texas, United States