Privacy Policy

1. Introduction

Deckp ("Company," "we," "us," or "our") provides a cloud-based time tracking and workforce management platform (the "Service").

This Privacy Policy describes how we collect, use, disclose, and safeguard personal data in accordance with:

• The EU General Data Protection Regulation (GDPR)
• The California Consumer Privacy Act (CCPA), as amended by CPRA
• Other applicable data protection laws

By using our website or Service, you agree to this Privacy Policy.

2. Scope & Roles (Important for Enterprise Customers)

Deckp acts as:

• Data Controller for account, billing, marketing, and website data
• Data Processor for customer-uploaded time tracking and workforce data

Customers remain the Data Controller of their employee or contractor data entered into the platform.

3. Categories of Personal Data Collected

A. Account & Identity Data

• Name
• Email address
• Company name
• Job title
• Login credentials

B. Business & Usage Data

• Time entries
• Activity logs
• IP address
• Browser/device information
• Audit logs
• Platform usage analytics

C. Billing Data

• Billing address
• Payment information (processed by third-party payment providers)

D. Support Communications

• Messages sent to support@deckp.com
• Feedback and product inquiries

4. Legal Bases for Processing (GDPR)

We process personal data under the following legal bases:

• Contractual necessity (to provide the Service)
• Legitimate interest (security, analytics, service improvement)
• Legal obligation
• Consent (where required, such as marketing communications)

5. How We Use Personal Data

We use personal data to:

• Provide and maintain the Service
• Manage accounts and subscriptions
• Process payments
• Improve platform performance
• Monitor system security
• Comply with legal obligations
• Communicate service updates

We do not sell personal information.

6. CCPA / CPRA Rights (California Residents)

California residents have the right to:

• Know what personal information we collect
• Access specific pieces of personal information
• Request deletion of personal information
• Correct inaccurate personal information
• Opt out of sale or sharing (Deckp does not sell data)
• Limit use of sensitive personal information (if applicable)

Requests may be submitted to: support@deckp.com

We will respond within statutory timeframes.

7. Data Retention

We retain data:

• For the duration of the customer relationship
• As required by law
• As necessary for legitimate business purposes

Upon account termination, data may be deleted or anonymized in accordance with contractual terms.

8. Data Security

Deckp implements industry-standard safeguards including:

• Encrypted data transmission (HTTPS/TLS)
• Encrypted data at rest (where supported)
• Access controls
• Role-based permissions
• Logging and monitoring
• Regular system updates

No system can guarantee absolute security.

9. International Data Transfers

If personal data is transferred outside the European Economic Area (EEA), we implement appropriate safeguards such as:

• Standard Contractual Clauses (SCCs)
• Adequacy decisions
• Contractual data protection agreements

10. Subprocessors

We may use third-party service providers for:

• Cloud hosting
• Analytics
• Payment processing
• Customer support infrastructure

A list of subprocessors may be provided upon request.

11. Children's Data

The Service is not intended for individuals under 16. We do not knowingly collect data from children.

12. Data Subject Requests (GDPR)

EU/EEA residents may request:

• Access
• Rectification
• Erasure
• Restriction of processing
• Data portability
• Objection to processing

Requests should be sent to support@deckp.com.

13. Changes to This Policy

We may update this policy periodically. Updates will be posted with a revised effective date.