Last updated: March 2025

Introduction

Xaur ("Xaur", "we", "our", or "us") operates the Xaur HRMS platform, accessible via our web application and mobile application (collectively, the "Service").

This Privacy Policy explains what information we collect, why we collect it, how we use it, and the choices you have in relation to your data. It applies to all users of the Xaur HRMS platform — including employees, HR managers, administrators, and company account holders.

By using Xaur HRMS, you agree to the collection and use of information as described in this policy. If you do not agree, please discontinue use of the Service and contact us to close your account.

Data We Collect

We collect information in two ways: data you provide directly, and data generated automatically when you use the Service.

Data you provide

• Account information — company name, administrator name, email address, phone number, and billing details when you register a Xaur HRMS account.
• User profiles — employee name, designation, department, reporting structure, employee ID, and contact details for each employee, manager, or admin added to your account.
• HR data — attendance records, leave requests, payroll information, shift schedules, onboarding documents, performance records, and employee documents uploaded or entered by your team.
• Employee activity data — attendance logs, login records, task updates, work reports, expense submissions, and approval records entered by employees or managers.
• Support communications — messages, attachments, and metadata from any support tickets or email correspondence with Xaur.

Data collected automatically

• Device information — device model, operating system version, app version, and unique device identifiers.
• Location data — GPS coordinates captured during attendance check-ins and active sessions for attendance verification and employee tracking when enabled by the organisation. Location is never collected in the background outside of an active session.
• Usage data — feature usage patterns, session duration, error logs, and performance data used to improve the platform.

Sensitive Data

We do not collect Aadhaar numbers, PAN numbers, banking passwords, or confidential financial account credentials.

How We Use Your Data

We use the data we collect for the following purposes:

• Delivering the Service — processing attendance records, leave management, payroll operations, employee onboarding, task management, and HR reporting dashboards.
• Account management — creating and managing user accounts, processing billing, and communicating with account administrators.
• Platform improvement — analysing usage patterns and error logs to fix bugs, improve performance, and develop new features.
• Customer support — responding to support requests and troubleshooting issues on your account.
• Security and compliance — detecting fraudulent activity, preventing unauthorised access, and meeting legal obligations.
• Communication — sending product updates, feature announcements, and policy changes to account administrators.

We do not use your employee data or company records for any purpose outside of delivering the Xaur HRMS Service to your organisation. We do not use your data to train AI models or sell to data brokers.

Data Sharing

We do not sell your personal data or your company's HR data to any third party.

We share data only in the following limited circumstances:

• Within your organisation — employee and HR data is visible to authorised managers and administrators according to the access levels configured by your company.
• Service providers — we use trusted third-party providers for cloud hosting, email delivery, and payment processing. These providers process data only on our behalf and under strict data processing agreements.
• Legal requirements — we may disclose data if required to do so by a valid court order, government authority, or to protect the rights, property, or safety of Xaur, our users, or the public.
• Business transfers — in the event of a merger, acquisition, or sale of assets, user data may be transferred. We will notify account administrators before any such transfer and before data becomes subject to a different privacy policy.

Third-party infrastructure: Xaur HRMS is hosted on cloud infrastructure providers with data centres located in the USA. We do not transfer your data outside the USA except where explicitly required for a specific feature and with your prior consent.

Data Storage & Security

All Xaur HRMS data is stored on encrypted servers hosted within the USA. We implement the following security measures:

• AES-256 encryption for data at rest
• TLS 1.2+ encryption for all data in transit
• Role-based access controls limiting data access to authorised personnel
• Regular security audits and vulnerability assessments
• Multi-factor authentication available for all account administrators
• Automated daily backups with point-in-time recovery

While we take industry-standard precautions to protect your data, no system is completely immune to security risks. If you suspect unauthorised access to your account, please contact us immediately at [email protected].

Location Data

The Xaur HRMS mobile application may collect location data from employee devices when attendance or field tracking features are enabled by the organisation.

What location data we collect

• Precise GPS coordinates — latitude and longitude during attendance check-ins or field activity logs.
• Timestamp — the date and time the location was recorded, paired with each GPS coordinate.
• Live location during active sessions — real-time device location shared with the HR dashboard while the employee has an active work session in the app.

How location data is collected

• Location is accessed through the device's GPS and network-based location services via the operating system's standard location permission (Android / iOS).
• The app requests foreground location permission — location is only read while the app is open and actively being used by the employee.
• Location is never collected in the background when the app is closed or not in active use.
• The app will prompt the user for location permission before any location data is collected. Users can revoke this permission at any time through device settings.

Why we collect location data

• Attendance verification — to confirm employees are present at approved work locations during check-in.
• Workforce tracking — to allow managers to monitor active field employees where applicable.
• Operational efficiency — to support route planning and employee scheduling where field work is involved.
• Fraud prevention — to detect false attendance or location spoofing attempts.

Who can access location data

• Employees — can view their own attendance and location history within the app.
• Managers and administrators — can view location information for authorised employees according to company permissions.
• Xaur support staff — access only when required to investigate a reported issue, under strict internal access controls.
• Location data is never shared with third parties for advertising, analytics resale, or any purpose outside of delivering the Xaur HRMS platform.

User control: Employees can revoke location permission at any time in their device settings. Revoking permission may disable location-based attendance and tracking features but will not prevent use of other app functions.

Data Retention

We retain your data for as long as your account is active and for a period after account closure as follows:

• Active accounts — all data is retained for the full duration of your subscription and made available for export at any time.
• After account closure — your data is retained for 90 days following account closure, during which it remains exportable. After 90 days, all data is permanently deleted from our systems.
• Billing records — invoices and payment records are retained for 7 years as required by Indian tax regulations.
• Support communications — retained for 24 months for quality and compliance purposes.

You may request early deletion of your data at any time by contacting us. Deletion requests are processed within 30 days, subject to any legal obligations to retain specific records.

Your Rights

As a Xaur HRMS user or account holder, you have the following rights in relation to your data:

• Access — you may request a copy of the personal data we hold about you at any time.
• Correction — you may request that we correct any inaccurate personal data we hold.
• Deletion — you may request deletion of your personal data, subject to legal retention obligations.
• Data portability — your company's HR and employee data is available for full export in standard formats (CSV, Excel) at any time from your account dashboard.
• Objection — you may object to specific uses of your data, including marketing communications.
• Withdrawal of consent — where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.

To exercise any of these rights, contact us at [email protected]. We will respond to verified requests within 30 days.

Cookies & Tracking

The Xaur HRMS web application uses cookies and similar tracking technologies for the following purposes:

• Essential cookies — required to maintain your login session and keep the application functional. These cannot be disabled.
• Analytics cookies — used to understand how users navigate the web application so we can improve usability. You may opt out via your browser settings.
• Preference cookies — used to remember your settings, such as theme or dashboard configurations.

We do not use cookies for advertising or cross-site tracking. We do not share cookie data with advertising networks.

The Xaur HRMS mobile application does not use browser cookies. It uses device storage (local and secure storage) to maintain sessions and cache HR data for offline use.

Children's Privacy

Xaur HRMS is a professional B2B platform intended for use by adults employed by organisations and companies. We do not knowingly collect personal data from individuals under 18 years of age. If you believe a minor has provided us with personal data, please contact us immediately and we will take steps to delete that information.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the platform, or applicable law. When we make material changes, we will:

• Update the "Last updated" date at the top of this page
• Send an email notification to all account administrators at least 14 days before the changes take effect
• Display an in-app notice for all active users

Your continued use of Xaur HRMS after the effective date of any changes constitutes acceptance of the updated policy. If you do not agree to material changes, you may close your account before the changes take effect.