Privacy Policy
OperationSavvy
Company / App name: OperationSavvy (“we”, “us”, “our”)
App: OperationSavvy (the “App”)
This Privacy Policy explains how we collect, use, disclose, and protect personal information when you use our App, website, and related services (collectively, the “Services”).
If you use the App through an organisation (such as your employer or a client of your employer), that organisation may be the “Customer” of our Services and may control certain settings (including features, retention periods, and access). Where appropriate, we process information on behalf of the Customer under their instructions.
1) Scope and roles (Customer / Employer-administered accounts)
The App is typically provided to workers by their employer or another organisation. In these cases:
- The Customer (e.g., your employer) may be the primary controller/administrator of work-related information in the App.
- We act as a service provider/processor to provide the Services to the Customer and users, including hosting and support.
- The Customer may set or influence data retention and access rules, subject to applicable law.
- If you have questions about how your employer uses your information, you should also refer to their privacy policies and internal procedures.
2) Information we collect
We collect information you provide, information generated through your use of the Services, and information collected automatically.
A. Information you provide
- Account and profile details: name, email, phone number, role, employee identifier, and other details your employer provides or you enter.
- Work records and content: timesheets, incident reports, notes, forms, attachments, and other operational data you submit.
B. Facial recognition clock in/out (biometric-related information)
If enabled by your employer and available in your workplace, the App may collect:
- Captured images taken at the time of clock in/out (or similar attendance actions).
- Face-matching data used to verify that the person clocking in/out is the authorised user.
This feature is enabled at the employer’s discretion and is intended for workplace attendance verification.
C. Location information during shift
If enabled and permitted, the App may collect:
- Location data (e.g., GPS coordinates and related metadata such as timestamps) during your shift to support operational requirements (e.g., attendance verification, safety, job allocation, compliance, and records).
- Location collection may occur in the background during an active shift, depending on device settings and permissions.
D. Device and usage information
- Device identifiers and technical data: device model, operating system, app version, language, time zone, and unique device identifiers where available.
- Log and usage data: access times, features used, diagnostic logs, performance data, crash reports, and error events.
E. Cookies and similar technologies (website)
Our website may use cookies and similar technologies for basic functionality, analytics, and security. You can control cookies through your browser settings.
3) How we use information
We use personal information to:
- Provide, operate, and maintain the Services (e.g., scheduling, reporting, payroll support, compliance workflows).
- Authenticate users and secure accounts.
- Support clock in/out verification, including facial recognition where enabled.
- Support shift operations, including location-based features where enabled.
- Provide customer support and respond to inquiries.
- Monitor, prevent, and detect fraud, misuse, and security incidents.
- Improve and develop the Services, including debugging and performance optimisation.
- Comply with legal obligations and enforce our agreements.
4) Legal bases for processing (where applicable)
Depending on your jurisdiction, we process personal information based on one or more of the following:
- Consent (e.g., device permission prompts, biometric/facial recognition where required).
- Performance of a contract (providing the Services to the Customer and you).
- Legitimate interests (e.g., securing and improving the Services), balanced against your rights.
- Compliance with legal obligations.
5) Biometric / facial recognition information (important notice)
If your employer enables facial recognition clock in/out:
- Opt-in / employer-enabled: The feature is enabled by your employer and may require user consent where required by law and/or device permissions.
- Purpose limitation: Captured images and any face-matching data are used only for attendance/identity verification and related operational needs.
- No sale / no unauthorised use: We do not sell captured images or face-matching data and do not use them for advertising or unrelated profiling.
- Retention: Captured images and related records are stored for as long as operationally required and in line with the employer’s retention policies, unless a longer period is required or permitted by law (e.g., for disputes, compliance, or security).
- Access controls: Access is restricted to authorised personnel and employer administrators as required to operate the Service.
- Security: We use reasonable technical and organisational measures to protect biometric-related information (see “Security” below).
6) Location information (important notice)
If your employer enables location tracking during shifts:
- During-shift collection: Location data may be collected during an active shift to support operational requirements.
- No sale / no advertising: We do not sell location data and do not use precise location for third-party advertising.
- Retention: Location records are kept for as long as operationally required and in line with the employer’s retention requirements, unless a longer period is required or permitted by law.
- Your controls: You can typically control location permissions through your device settings. If location is required for certain employer-enabled features, turning off permissions may limit App functionality.
7) How we share information
We may share personal information in the following situations:
- With your employer / Customer administrators: Work-related information (including attendance, facial recognition clock in/out records if enabled, and location during shift if enabled) may be accessible to authorised administrators for operational purposes.
- With service providers: We use trusted third parties to host data, provide analytics, monitoring, customer support tools, and other infrastructure (“Processors”). They may only process information under our instructions and for the purposes described in this policy.
- For legal reasons: We may disclose information if required by law, regulation, legal process, or governmental request, or to protect rights, safety, and security.
- Business transfers: If we are involved in a merger, acquisition, financing, reorganisation, or sale of assets, information may be transferred as part of that transaction, subject to appropriate safeguards.
We do not share your personal information with third parties for their direct marketing purposes unless you have provided consent where required.
8) Data retention
We retain personal information only as long as necessary for the purposes described in this policy, including to:
- Provide and improve the Services
- Maintain business records
- Comply with legal obligations
- Resolve disputes and enforce agreements
Where the Services are provided via an employer/Customer, retention may be set by that employer/Customer’s operational and retention policies, including for:
- Facial recognition clock in/out records and captured images (if enabled)
- During-shift location records (if enabled)
We may also retain certain information for longer where required or permitted by law (e.g., compliance, security logging, dispute resolution).
9) Security
We implement reasonable administrative, technical, and physical safeguards designed to protect personal information from unauthorised access, use, alteration, and disclosure. No method of transmission or storage is 100% secure; however, we work to protect information consistent with industry practices.
10) Your choices and rights
Depending on where you live, you may have rights to:
- Access the personal information we hold about you
- Request correction of inaccurate information
- Request deletion or restriction of processing
- Object to certain processing
- Request portability of your information
- Withdraw consent (where processing is based on consent)
Employer-managed accounts: If your account is administered by your employer/Customer, some requests may need to be handled through them. We may redirect your request to the employer/Customer where appropriate, or we may assist them in responding.
11) International data transfers
We may process and store information in countries other than your own. Where required, we use appropriate safeguards for international transfers (such as contractual protections) in accordance with applicable law.
12) Children’s privacy
The Services are not directed to children, and we do not knowingly collect personal information from children under the age required by applicable law. If you believe a child has provided personal information, contact us and we will take appropriate steps.
13) Third-party links and services
The Services may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. Please review their privacy policies.
14) Changes to this Privacy Policy
We may update this policy from time to time. We will post the updated version on our website and update the “Effective date.” If changes are material, we may provide additional notice as required.
15) Contact us
If you have questions, requests, or complaints regarding privacy, contact:
Foundry One PTY LTD
Email: privacy@foundryonehq.com