At Buddy Punch Inc. (“Buddy Punch,” “we,” “us,” or “our”), protecting the privacy of our users is a top priority. This Privacy Policy outlines how we collect, use, and disclose personal data in connection with our website and mobile applications (collectively referred to as the “Services” or “Applications”). It applies to data gathered through digital interactions, paper-based communication, or verbal correspondence.
Scope of this Privacy Policy
This Privacy Policy does not cover personal data collected by Buddy Punch clients who use our Services to manage employee time tracking and scheduling. In such cases, our clients act as data controllers, and users should refer to the respective client’s privacy policy for specific details. Furthermore, this policy does not apply to any offline data collection, third-party platforms, or websites not operated by Buddy Punch.
Jurisdiction and Consent
As a company operating from the United States, any information we collect is governed by U.S. laws. By accessing or using our Services, you acknowledge and agree to the transfer and processing of your personal data in accordance with U.S. legal standards. We reserve the right to modify this Privacy Policy periodically and will notify users through updated revision dates and, when appropriate, via additional notices. We recommend reviewing this policy regularly to stay informed.
Definition of Personal Data
For the purpose of this Privacy Policy, “personal data” refers to any data that identifies or can be used to identify an individual. This excludes anonymized or aggregated information that cannot be linked to a specific person.
Acceptance of Terms
By using our Services across various devices—whether desktop computers, laptops, mobile phones, tablets, or any internet-connected device—you agree to the collection, use, and disclosure of your information as outlined in this Privacy Policy. If you disagree with any aspect of this policy, we advise against using our Services.
Applicability
This Privacy Policy applies under the following circumstances:
When users access the Applications through a business account linked to an organization.
When former users no longer have active business accounts associated with the Applications.
When individuals visit the Buddy Punch website or subdomains while browsing online.
Children’s Privacy
Buddy Punch does not knowingly collect personal data from children under the age of 16. If you are under 16, you are not permitted to use our Services or submit any personal information. Should we discover that a child under 16 has submitted personal data, we will take prompt action to delete such information. If you suspect this may have occurred, please contact our support team.
Section 2: Personal Data We Collect
a) For Application Users To deliver our Services, we may collect various personal data elements, including but not limited to:
Full name
Email address
Contact numbers
Date of birth
Billing and credit card details
Home and work addresses
Profile photos (including for facial recognition)
Social media account details (if authorized)
Uploaded files and any embedded personal information
Device-specific log data such as IP address, browser settings, software data, geolocation, metadata, and timestamps
GPS-based location information, including precise coordinates, timestamps, and physical locations
b) For Former Application Users We retain certain data even after account deactivation, such as:
Personal identifiers (name, contact details, address)
Billing information (if applicable)
Historical device and log data
Profile images and uploaded files
Data retention serves various functions including regulatory compliance, financial audits, legal accountability, and system integrity. Generally, data is retained no longer than 30 days post account termination unless legally required otherwise.
c) For Website Users For those browsing the Buddy Punch website, we collect:
Device IP address
Browser details
Referring URLs
Search queries
Locale preferences
Device identification
Chat or contact form submissions
Section 3: How Personal Data is Collected
a) Application Users We collect personal data through:
Direct submission by the user
Data shared by the organization or coworkers
Automated tracking via applications and devices
b) Directly Provided Data This includes:
Information submitted during app usage
Communications through the app
Files created, uploaded, or downloaded
Consent-based GPS tracking (for workforce and location history)
c) Data from Organizations or Other Users We may receive:
Personal information from your employer
Details shared through invitation by other users
d) Automatically Collected Data Collected through:
Application activity logs
Cookies and browser-based technologies
e) Former Application Users Information is retained from the period of active usage.
f) Website Users Data is collected via web logs and cookies regardless of application access status.
External Links While using our Applications, users may encounter third-party links. Buddy Punch is not responsible for the privacy practices or content of these external sites.
Section 4: How We Use Personal Data
a) Application Users We primarily use personal data to facilitate service delivery to your organization, including:
Access management and user experience personalization
Technical support and updates
Location-based tracking for time logging and workforce dispatch
Legal and regulatory compliance
System improvement via data analytics
b) Former Application Users Data may be used post-employment for:
Service notifications
Legal compliance and dispute resolution
Optional service offerings
c) Website Users We use collected data to improve your browsing experience and site functionality.
Section 5: Marketing
If you are a current or former user, we may contact you with product updates or promotional offers. Depending on applicable laws, we may:
Use a soft opt-in (automatic enrollment for existing customers with opt-out rights)
Require explicit opt-in consent in other cases
Corporate email addresses may not require consent for marketing purposes. You may unsubscribe from marketing communications at any time (details provided in Section 9).
Section 6: Sharing and Disclosure of Information
We do not sell personal information. However, your data may be shared under the following circumstances:
Internal Use: Within your organizational account or user profile.
Service Providers: With trusted third parties who support our operations (e.g., data storage, analytics, billing).
Third-Party Applications: With your consent, we may integrate third-party apps.
Legal Compliance: When required to respond to legal obligations or protect our rights.
Business Transitions: In the event of mergers or acquisitions.
Non-Personal Data: We may share aggregate, anonymized data for analytics.
Section 7: Data Security Measures
We implement robust measures to protect your personal data, including:
Secure Socket Layer (SSL) encryption for payment data
Regular risk assessments and technical safeguards
Restricted employee access
However, no method of transmission is fully secure. Users must maintain strong, confidential passwords and use discretion when sharing information in public areas of our Services.
Section 8: Data Retention
We retain personal data for as long as necessary to fulfill our service obligations or as required by law. Upon expiration of retention periods, data is deleted or rendered inaccessible. In certain cases, data may persist temporarily in backup systems but will be excluded from active use.