PRIVACY POLICY

Fareclock, LLC. (“Fareclock,” “we,” “us,” or “our”) processes personal information to provide, maintain, and improve the Fareclock services (the “Services”). In some cases, Fareclock processes personal information on behalf of a business Customer (“Customer,” “you,” “your,” or “they”). When we do so, the Customer acts as the data controller, and Fareclock acts as the data processor (or “service provider”).

Our data processing practices are designed to comply with applicable privacy and data protection laws, including the EU/UK General Data Protection Regulation (GDPR) and the EU-U.S. Data Privacy Framework (EU-U.S. DPF).

If a Fareclock Customer requires additional contractual terms governing Fareclock’s processing of personal information (including processor obligations), those terms may be set out in a separate Data Processing Addendum (“DPA”) that forms part of the agreement between Fareclock and the Customer. If there is any conflict between this Privacy Policy and an executed DPA, the DPA will control with respect to the processing of personal information covered by that DPA.

1. About Fareclock, Contact Information, and Key Definitions

Fareclock operates the organization console at https://console.fareclock.com/ and provides other Fareclock related Services. Fareclock is responsible for the personal information collected through the console and Services as described in this Privacy Policy.

If you have any questions, concerns, or requests about this Privacy Policy or our privacy practices, please contact us at the email provided at Section 15.

To help explain this Privacy Policy, we use the following terms:

Fareclock: Refers to Fareclock, LLC., its administration console, Fareclock mobile application, and other related Services. Fareclock may act as a (a) data controller when we collect and use information for our own business purposes (such as operating our website, billing, and Customer support), and (b) data processor/service provider when we process personal information on behalf of a Customer.

Customer: An organization (such as a business or employer) that uses Fareclock and its Services. The Customer controls the personal information submitted to the Services and determines how it is used.

Personal Information / Personal Data: Information that identifies, relates to, describes, or could reasonably be linked to an individual, including information processed through the Services.

Subprocessors / Service Providers: Trusted third parties that help us operate the Services and process personal information on our behalf, such as cloud hosting providers, email delivery providers, and Customer support tools.

Super Administrator: The account role with the highest level of access on Fareclock, including full control over settings, user management, permissions, reporting, and configuration.

Administrator: A user authorized to manage users, assign roles, access reports, and configure certain settings, based on permissions granted by the Super Administrator.

Services: The Fareclock administration console, Fareclock mobile application, and other related Services we provide, including support and other activities connected to operating and improving Fareclock.

2. Scope of This Policy

Fareclock is a cloud-based SaaS platform that includes time and attendance tracking, scheduling, payroll support, and related human resources tools. The Services are available through the Fareclock organization console at https://console.fareclock.com/, the Fareclock mobile application available on iOS and Android, and any application programming interfaces (“APIs”) made available by Fareclock.

The Services include access to the tools, features, documentation, and other content made available through the Fareclock console, mobile application, or APIs.

Fareclock may introduce new tools, features, enhancements, or functionality as part of the Services. Any such updates are covered by this Privacy Policy to the extent they involve the collection or processing of personal information.

Third-party services. This Privacy Policy does not apply to third-party websites, platforms, or services that may be linked from or integrated with Fareclock. Their privacy practices are governed by their own policies.

3. Information We Collect and How We Use It

Purpose of Data Collection and Use: Fareclock collects and processes personal information only as necessary to provide, operate, maintain, and improve the Services, to support our Customers, and to comply with applicable legal obligations. We use personal information for the following purposes:

• Providing the Services, including time and attendance tracking, employee scheduling, payroll support, and HR-related tools
• Verifying employee identity, including during clock-in or clock-out (where enabled)
• Managing user accounts, administering organizations, and providing Customer support
• Sending Service-related communications, including notifications, confirmations, security alerts, and product updates
• Maintaining security and reliability, including monitoring performance, preventing fraud, investigating suspicious activity, and enforcing our policies
• Billing and account administration, including invoicing, subscription management, and financial recordkeeping
• Compliance, including meeting legal and regulatory requirements and responding to lawful requests
  
  

Fareclock limits the collection and processing of personal information to what is reasonably necessary and relevant for the purposes described in this Privacy Policy. We do not use personal information for purposes that are materially different from or incompatible with the purposes described above without providing notice and, where required, obtaining consent. We also take reasonable steps to help ensure that personal information we maintain is accurate, complete, and kept up to date.

Categories of Information We Collect: Depending on how the Services are configured by a Customer and how users interact with the Services, Fareclock may collect the following categories of personal information:

• Identity and Contact Information: Name, Email address, Employee identifier (such as employee ID), Username and login credentials (including hashed passwords where applicable)
• Employment and Workforce Information: Job role, department, and work location, Shift schedules, Time and attendance records (clock-in/out, breaks, hours worked), Payroll-related information (such as pay periods and time totals), Reporting structure (such as manager-employee hierarchy)
• Biometric Information (Optional): If a Customer enables face recognition, Fareclock may collect and process biometric-related information for identity verification during clock-in and clock-out. Encrypted facial images may be stored for identity verification purposes only. This information is accessible only to authorized organization administrators. Fareclock does not sell or share biometric information with third parties for marketing purposes. Customers and authorized administrators may delete biometric data in accordance with the settings and features available in the platform.
• Geolocation Information (Optional): If a Customer enables location features, Fareclock may collect geolocation data through the Fareclock mobile app. Location may be recorded when a user clocks in or clocks out. If live location tracking is enabled, location may be recorded during the shift between clock-in and clock-out. Location data is stored securely and accessible only to authorized organization administrators
• Device, Usage, and Log Information: Fareclock may automatically collect certain technical and usage information, including IP address, device type, operating system, browser type, app usage data, diagnostic logs, date/time stamps, interaction data, support-related communications, and troubleshooting information. We use this information to operate the Services, troubleshoot issues, maintain security, and improve performance.
• Customer Administrative and Billing Information: For organizations that subscribe to Fareclock, we may collect billing contact information, subscription and payment records, and communications with Customer administrators. This information is used solely to administer the Customer relationship and provide the Services.

Information collected is (a) encrypted and stored securely, (b) accessible only by authorized administrators, (c) not shared with outside parties for marketing purposes, and (d) may be permanently deleted by authorized administrators through the organization console.

Orders and Account Setup: When a Customer signs up for Fareclock or submits information through an order or registration form, we may request contact and account information (such as name and email address). We use this information to (a) set up accounts and organization access, (b) provide the Services, (c) process billing and subscription administration, and (d) contact the Customer if there are issues with an order or account

Cookies and Similar Technologies: We may use cookies and similar technologies (such as local storage and analytics tools) to collect information about how users interact with our Services. This information may be used to (a) remember user preferences, (b) improve website functionality and user experience, and (3) understand usage patterns. We do not use cookies to sell personal information, and we do not share cookie-based user profiles with third parties for their own marketing purposes.

Log Files: Like most SaaS services, Fareclock uses log files and related technologies. These logs may include IP addresses, browser type, internet service provider, referring/exit pages, date/time stamps, and clickstream data. We use this information to (a) analyze trends and usage patterns, (b) administer and secure the Services, (c) troubleshoot issues, and (d) improve overall functionality.

4. Data Protection Compliance

Fareclock participates in and complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), as administered by the U.S. Department of Commerce, and is committed to handling personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) where applicable.

Fareclock will maintain its certification and comply with the DPF Principles for as long as it processes personal data subject to the EU-U.S. DPF. If Fareclock determines it can no longer meet its obligations under the DPF Principles, we will take reasonable and appropriate steps to prevent, stop, and remediate any unauthorized processing of such personal data.

To learn more, please refer to our Data Privacy Framework notice.

5. Use of Subprocessors

Engagement of Subprocessors. Fareclock may engage trusted third-party service providers to assist in delivering the Services. This may include providers for SMS, voice, email communications, Customer support, cloud hosting, data security, monitoring and analytics, billing, and payment processing. These Subprocessors may have access to certain personal information, such as names or email addresses, but only to the extent necessary to provide their services. Fareclock does not permit Subprocessors to use personal information for their own purposes. Fareclock maintains a current list of subprocessors, including the name and purpose of each, available here.

Updates and Notice. Fareclock may update its Subprocessor List. Customers will be notified of any new or replacement Subprocessor before the Subprocessor begins processing personal data, either through an updated list, email, or in-product notification.

Customer Objection Rights. If a Customer has reasonable objections to a new or replacement Subprocessor on data protection grounds, the Customer may submit an objection within 30 days of receiving the notice. The objection should include the grounds for the concern. Fareclock will use reasonable efforts to address any valid objections. If Fareclock determines that it cannot reasonably accommodate the objection, the Customer may terminate the affected Services as its sole and exclusive remedy.

Subprocessor Compliance. Fareclock ensures that all Subprocessors are bound by agreements that require a level of data protection no less protective than Fareclock’s own obligations under this Privacy Policy. Fareclock remains responsible for the actions of its Subprocessors to the extent required under applicable data protection laws.

6. Information Sharing and Third-Party Links

Legal Disclosures. Fareclock may disclose personal information when required by law, including in response to judicial proceedings, court orders, or other legal obligations.

Business Transitions. In the event of a business transition such as a merger, acquisition, or sale of assets, the personal information may be transferred as part of the business assets. Users’ personal information will continue to be protected under this Privacy Policy.

Links to Other Websites. Fareclock and its Services may contain links to third-party websites or services. Fareclock is not responsible for the privacy practices of these external sites. We encourage users to review the privacy policies of any site they visit outside of Fareclock. This Privacy Policy applies only to information collected by Fareclock.

Surveys and Polls. Fareclock may request information from users through surveys or polls. Participation is voluntary, and users may choose whether or not to provide the requested information. Information collected may include contact details (e.g., name, address) and demographic information (e.g., ZIP code). The survey and poll responses may be used to improve the Services or monitor user satisfaction. Personal identifiable information is not shared  with third parties without prior notice and consent.

Supplementation and Address Verification. To provide and maintain the Services, Fareclock may supplement information it collects with data from trusted third-party sources. For example, we use Stripe to verify user addresses for purposes like credit card authentication.

7. Data Retention and Deletion

Fareclock retains personal information only as long as necessary to provide and operate the Services, comply with legal and contractual obligations, enforce agreements, and meet legitimate business needs.

If a Customer cancels its subscription or closes its account, the cancellation takes effect at the end of the current billing cycle. After account closure or the end of a subscription or contract, Fareclock will permanently delete associated data and content after 30 days, unless a longer retention period is required or permitted by law. Once deleted, the data cannot be recovered. Customers may download reports and other available data within that 30-day period.

Customers may also delete specific data, including individual user information, through the Services at any time, subject to account permissions and settings.

System backups are maintained for a limited period for security and continuity purposes and are automatically deleted according to our backup retention schedule.

8. Security of Personal Information

Fareclock implements reasonable administrative, technical, and physical safeguards to protect personal information from accidental or unlawful destruction, loss, alteration, unauthorized access, or disclosure.

Our security measures may include:

Role-Based Access Controls (RBAC): Access to personal information is restricted based on user roles (e.g., super administrator, administrator, worker), ensuring users can only access the data necessary for their role.

Authentication and Administrative Security: Enhanced authentication controls, including multi-factor authentication (MFA) for administrative accounts, and configurable password and login settings.

Biometric Verification Protections (if enabled): Face recognition safeguards, including liveness and anti-spoofing checks, help prevent impersonation and fraudulent clock-ins. Biometric reference data is retained for up to one year, unless deleted earlier by authorized administrators.

Geolocation Controls (if enabled): Location is collected only at clock-in and clock-out, and not continuously tracked unless live location tracking is enabled. Controls help detect or prevent falsified location data.

Audit Logs and Monitoring: Logs of system and account activities, including access events and administrative actions, are maintained to monitor for suspicious activity and support security investigations.

Device and Application Security: Measures such as optional device binding and detection of compromised devices help protect against tampering.

Fraud and Abuse Prevention: Systems detect and alert for unusual login activity, spoofing attempts, or anomalous clock-in behavior.

Data Encryption. Sensitive information submitted via the website (e.g., credit card numbers, billing addresses) is encrypted using industry-standard SSL technology. Access to personal information is restricted to employees who require it to perform specific job duties (e.g., billing, Customer support).

9. Customer Privacy Rights

Individuals whose personal information is processed through the Fareclock Services have certain rights regarding their data. These rights may vary depending on applicable law and include:

• Right to Confirmation: Request confirmation of whether Fareclock holds your personal information.
• Right of Access: Request access to the personal information we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete personal information.
• Right to Erasure: Request deletion of personal information, subject to legal or contractual retention obligations.
• Right to Object: Object to certain types of processing, such as direct marketing, where applicable.
• Right to Data Portability: Request a copy of your personal information in a structured, commonly used, machine-readable format, where feasible.

If an individual’s personal information changes (e.g., email, phone number, or postal address) or is no longer affiliated with a Customer organization, the Customer may request that their information be updated, corrected, deactivated, or deleted. Requests can be submitted to privacy@fareclock.com.

10. Communication Channels

Marketing Emails. When you create a Fareclock account, we may send a welcome email and occasional emails about product updates, new features, newsletters, promotions, and special offers. You can opt out of these marketing emails at any time by: (a) clicking the “unsubscribe” link in any marketing email, (b) adjusting your account communication preferences, or (c) contacting us at marketing@fareclock.com. Opting out of marketing emails does not affect service-related messages, such as account notifications, billing information, or other essential communications.

Service Announcements. Fareclock may send important service-related messages needed to provide and maintain the Services. These may include: (a) maintenance notifications, (b) service outages or disruptions, (c) security alerts, (d) changes to key service features, and (e) account-related notifications (e.g., password resets, verification emails). These messages are not promotional and cannot be opted out of while your account is active. To stop receiving them, you would need to deactivate or close your account.

Customer Support Communications. Fareclock may communicate with you to respond to inquiries and provide support. These communications may occur via: (a) email, (b) voice call, (c) in-platform messages or notifications, and (d) support tools (e.g., Zendesk). Support messages may relate to account management, troubleshooting, billing, technical issues, or requests you submit. These communications are essential for using the Services and cannot be opted out of while your account is active.

11. International Data Transfers

Fareclock operates on the Google Cloud Platform, which provides a secure-by-design infrastructure and adheres to recognized industry standards, including ISO/IEC, SOC, PCI DSS, FedRAMP, GDPR, and HIPAA. All Customer data is encrypted in transit and at rest, and access is limited to authorized personnel only. Data is continuously replicated across multiple data centers to ensure high availability, durability, and resilience. Google Cloud’s enterprise privacy commitments and transparency measures further help protect Customer data and support compliance with applicable data protection laws and regulations.

12. Age and Eligibility

The Fareclock Services are intended for use by businesses and their authorized personnel only. Accounts may be created only by individuals who are at least eighteen (18) years old and who have the authority to act on behalf of the organization they represent.

Fareclock is not directed to children, and we do not knowingly collect personal information from individuals under the age of 18.

If we become aware that we have inadvertently collected personal information from a child without appropriate authorization, we will take steps to delete that information as soon as reasonably possible. If you believe that a child has provided personal information to Fareclock, please contact us at privacy@fareclock.com .

13. Changes to This Policy

Fareclock may update this Privacy Policy to reflect changes in legal requirements, business practices, or our Services. Any updates will be posted on this page, and we may notify you of material changes via the Service platform or other communication channels.

14. SMS Messaging Privacy and Opt-Out

No Sharing of Mobile Data: Mobile information will not be shared with third parties/affiliates for marketing or promotional purposes. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

Opt-In Consent: By providing your mobile number and opting in, you agree to receive text messages from Fareclock. Consent is not a condition of purchase.

How to Opt-Out: You can cancel the SMS service at any time. Just text “STOP” to the number you received the message from. After you send the SMS message “STOP” to us, we will send you an SMS message to confirm that you have been unsubscribed.

15. Contact Information

If you have any questions or concerns regarding Fareclock’s Privacy Policy, or the handling of your data, please contact us:

Fareclock
Email: privacy@fareclock.com

Thank you for using Fareclock. Your continued use of the Fareclock Services constitutes your acceptance of this Privacy Policy.