StaffGenie ("StaffGenie", "we", "us", or "our") operates the workforce management platform available at https://www.staffgenieapp.com and related mobile applications (collectively, the "Service").

This Privacy Policy describes how we collect, use, disclose, retain, and protect personal information when you visit our websites, create an account, or use the Service as a business owner, manager, or employee.

This Policy does not apply to third-party websites or services that we do not control, even if linked from the Service.

When a business ("Customer") uses the Service to manage its workforce, the Customer is generally the organization responsible for deciding why and how employee and workplace personal information is processed (the "data controller" under GDPR, or "organization" under PIPEDA).

StaffGenie processes personal information contained in Customer workspaces on the Customer's instructions to provide the Service, and in that context acts as a service provider, processor, or comparable role under applicable law.

StaffGenie acts as an independent controller for certain processing necessary to operate accounts platform-wide, including authentication, billing, fraud prevention, security monitoring, and aggregated product analytics that do not identify individuals.

Employees and managers with questions about how their employer uses workplace data should contact their employer first. We will assist Customers with data subject requests as described below.

Account and identity data: full name, email address, authentication identifiers, role (owner, manager, or employee), business association, and account preferences.

Roster and employment data (provided by Customers): contact details, job information, pay rates, employment status, invited role, and internal identifiers.

Scheduling and attendance data: shift assignments, clock-in and clock-out times, break records, kiosk identifiers, time-edit and time-off requests, and related audit metadata.

Payroll-related data: pay period configuration, timesheet totals, overtime settings, and calculated amounts derived from attendance and rates. We do not collect or store full bank account numbers for payroll disbursement through the Service unless explicitly enabled in a future feature with separate notice.

Kiosk and security data: kiosk codes and employee PINs are stored using one-way hashing or encryption; we do not display full PINs except through controlled owner/manager reveal flows authorized by the Customer.

Communications: support correspondence, invite emails, and in-product notifications you receive because your employer enabled them.

Technical and usage data: IP address, browser and device type, operating system, log timestamps, session identifiers, and diagnostic information needed to secure and operate the Service.

Cookies and similar technologies: we use essential cookies and local storage for authentication and session management. We do not use third-party advertising cookies on the core application.

We collect information directly from you when you register, sign in, or contact support.

Customers and their authorized managers supply roster and workplace data about employees.

The Service automatically generates attendance, timesheet, and audit records from use of scheduling and kiosk features.

We may receive information from service providers that help us host, authenticate, email, or secure the Service.

Provide, operate, and maintain the Service, including multi-tenant isolation, role-based access control, and plan entitlements.

Authenticate users, prevent fraud and abuse, and protect the security and integrity of Customer workspaces.

Generate schedules, attendance records, timesheets, and payroll-related calculations requested by Customers.

Send transactional messages such as account verification, password reset, employee invites, and shift or approval notifications enabled by the Customer.

Provide customer support, troubleshoot issues, and communicate about the Service.

Comply with legal obligations, enforce our Terms of Service, and defend legal claims.

Analyze aggregated or de-identified usage trends to improve reliability and features, without using them for cross-context behavioral advertising.

Where GDPR or comparable laws apply, we rely on: (a) performance of a contract (providing the Service); (b) legitimate interests (security, product improvement, B2B administration) balanced against your rights; (c) legal obligation; and (d) consent where we request it explicitly, such as optional marketing communications if offered.

Customers are responsible for establishing a lawful basis for processing employee data they upload, including workplace notices and consents required in their jurisdiction.

Within a Customer workspace, data is shared among Authorized Users according to permissions set by the Customer (for example, managers viewing team attendance).

We share information with service providers that process data on our behalf under written terms requiring confidentiality and appropriate security. Key categories include cloud hosting and database services (including Supabase), email delivery, and infrastructure monitoring.

We may disclose information if required by law, regulation, legal process, or governmental request, or when we believe disclosure is necessary to protect rights, safety, or property.

If we are involved in a merger, acquisition, financing, or sale of assets, personal information may be transferred subject to standard confidentiality obligations and notice where required by law.

We do not sell personal information. We do not share personal information with third parties for their independent direct marketing without your consent.

Our primary infrastructure provider is Supabase, which hosts authentication, databases, and related services. Data may be processed in the United States and other regions where Supabase operates, subject to contractual safeguards.

We maintain a list of material subprocessors on request at privacy@staffgenieapp.com. We will provide notice of material subprocessor changes to Customers where required by contract or law.

StaffGenie is based in Canada. Personal information may be transferred to, stored in, and processed in Canada, the United States, and other countries where we or our service providers operate.

Where required, we implement appropriate safeguards for cross-border transfers, such as standard contractual clauses, adequacy decisions, or comparable mechanisms recognized under applicable law.

We retain personal information for as long as necessary to provide the Service, fulfill the purposes described in this Policy, comply with legal obligations, resolve disputes, and enforce agreements.

When a Customer closes a workspace or an account is deactivated, we delete or anonymize personal information within a reasonable period, subject to backup cycles and legal retention requirements (for example, financial or employment records the Customer must retain).

Customers may export workspace data before closure where the Service provides export functionality.

We implement technical and organizational measures designed to protect personal information, including TLS encryption in transit, access controls, multi-tenant row-level security, hashed or encrypted kiosk PIN storage, and restricted access to production systems.

No security program is perfect. You are responsible for safeguarding your password and reporting suspected incidents to security@staffgenieapp.com promptly.

In the event of a personal data breach affecting Customer Data, we will notify affected Customers without undue delay where required by law and assist with regulatory notifications the Customer may be required to make.

Depending on your location, you may have rights to access, correct, delete, restrict, or port personal information, and to object to certain processing or withdraw consent where processing is consent-based.

Canadian residents may have rights under PIPEDA and applicable provincial privacy laws, including the right to access personal information and challenge accuracy.

California residents may have rights under the CCPA/CPRA, including the right to know, delete, and correct personal information, and to opt out of "sale" or "sharing" as those terms are defined by law. We do not sell personal information as defined by the CCPA/CPRA.

To submit a request, contact privacy@staffgenieapp.com. We may verify your identity before responding. Authorized Users who are employees should direct workplace-data requests to their employer; we will support the Customer as processor where applicable.

You may lodge a complaint with a supervisory authority in your jurisdiction. In Canada, you may contact the Office of the Privacy Commissioner of Canada.

The Service performs automated calculations (for example, hours worked, overtime allocation, and timesheet totals) based on rules configured by the Customer. These are operational calculations, not profiling that produces legal or similarly significant effects about individuals without human review.

Customers remain responsible for reviewing outputs before making employment or pay decisions.

The Service is not directed to individuals under 16 years of age. We do not knowingly collect personal information from children. If you believe a child has provided personal information, contact privacy@staffgenieapp.com and we will take appropriate steps to delete it.

We may send service-related messages that are necessary for your account. Optional marketing emails, if any, will include an unsubscribe mechanism where required by law.

We may update this Privacy Policy to reflect changes in law, technology, or our practices. We will post the revised Policy with an updated "Last updated" date and provide additional notice or obtain consent where required.

Material changes affecting how we process personal information on behalf of Customers will be communicated to account holders where practicable.

Privacy Officer / data protection inquiries: privacy@staffgenieapp.com

Security incidents: security@staffgenieapp.com

General support: support@staffgenieapp.com

Legal notices: legal@staffgenieapp.com

Mailing address: Toronto, Ontario, Canada

Website: https://www.staffgenieapp.com