PRIVACY POLICY
Last Updated: February 27, 2026
1. Introduction
This Privacy Policy explains how Clock Commander (“we”, “us”, “our”, or the “Service”) collects, uses, stores, and protects personal data when you access or use our SaaS platform.
Clock Commander is a team time-tracking and leave management platform designed for companies, administrators, and employees. We are committed to protecting your privacy and handling your personal data in a transparent and secure manner.
By accessing or using our Service, you acknowledge that you have read and understood this Privacy Policy.
If you do not agree with this Privacy Policy, you should not use the Service.
2. Who We Are (Data Controller Information)
Clock Commander operates as the Data Controller for personal data processed in connection with user accounts and platform usage.
At the time of publication, the Service is operated by an individual service provider (sole trader) to be formally registered in Romania. Upon official registration, the legal entity details (name, registration number, VAT ID, address) will be updated here.
For any privacy-related inquiries, you may contact us at:
Email: contact@clock-commander.com
Website: https://clock-commander.com.
In certain cases (e.g., when an employer creates accounts for employees), the employer may act as a separate Data Controller for employee-related data entered into the platform.
3. Scope of This Policy
This Privacy Policy applies to:
Visitors of our website
Registered users (employees, administrators, company owners)
Trial and free plan users
Paid subscription users
Business clients using the platform for team management
This Policy applies to personal data collected:
Through our website
Through the web application
Through customer support communications
Through analytics and tracking technologies
This Policy does not apply to:
Third-party services integrated with our platform
External websites linked from our website
Offline data processing unrelated to the Service
4. Information We Collect
We collect different types of information depending on how you interact with our Service.
4.1 Information You Provide Directly
When you create an account or use the platform, we may collect:
Full name
Email address
Company name
Role within the company (employee, admin, owner)
Login credentials
Messages submitted through support forms
Billing-related information (for paid subscriptions)
We do not collect or store salary information.
4.2 Account & Team Data
As part of the platform functionality, we process:
Work time entries
Leave requests and approval records
Department assignments
Calendar data (individual and team calendars)
Reports generated by users (PDF / CSV exports)
This data is stored to provide the core functionality of the Service.
4.3 Usage Data
We may automatically collect information about how users interact with the platform, such as:
Pages visited
Features used
Date and time of access
Session duration
Interaction with interface elements
This helps us improve the platform’s performance and user experience.
4.4 Device & Technical Data
We may collect technical information including:
IP address
Browser type and version
Operating system
Device type
Referring URLs
Time zone settings
This data may be collected via server logs or analytics tools.
4.5 Cookies & Tracking Technologies
We use cookies and similar technologies to:
Maintain secure sessions
Remember user preferences
Analyze traffic and usage patterns
Serve advertisements (where applicable, e.g., Google AdSense)
You can manage cookie preferences through our Cookie Consent banner and your browser settings. More information is available in our Cookie Policy.
5. How We Use Your Information
We use personal data only where necessary and proportionate for legitimate business purposes. Specifically, we use data to:
5.1 Provide and Operate the Service
Create and manage user accounts
Enable time tracking and leave management functionality
Generate reports (PDF / CSV exports)
Maintain team and department calendars
Authenticate users and maintain secure sessions
5.2 Manage Subscriptions & Billing
Process subscription payments
Manage plan limits (number of users)
Issue invoices where applicable
Prevent fraud and abuse of subscription tiers
5.3 Improve and Develop the Platform
Analyze feature usage and performance
Identify bugs and technical issues
Optimize user experience
Develop new features
5.4 Provide Customer Support
Respond to support requests
Troubleshoot technical problems
Communicate important service updates
5.5 Ensure Security & Prevent Abuse
Detect unauthorized access
Prevent fraud or misuse
Monitor suspicious activities
Enforce our Terms and Conditions
5.6 Marketing Communications (If Applicable)
Send service updates
Send product announcements
Send promotional offers (only where legally permitted)
Users may opt out of marketing communications at any time.
6. Legal Basis for Processing (GDPR Compliance)
Where the General Data Protection Regulation (GDPR) applies, we rely on the following legal bases:
6.1 Contractual Necessity
We process personal data to perform our contractual obligations when users create an account or subscribe to our Service.
6.2 Legitimate Interests
We process data where necessary for legitimate business interests, such as:
Platform security
Fraud prevention
Service improvement
Internal analytics
We ensure these interests do not override user rights.
6.3 Legal Obligation
We may process data to comply with legal obligations, such as:
Accounting requirements
Tax regulations
Law enforcement requests
6.4 Consent
We rely on consent for:
Non-essential cookies
Marketing communications (where required by law)
Users may withdraw consent at any time.
7. How We Share Information
We do not sell personal data.
We may share information only in the following circumstances:
7.1 Service Providers (Processors)
We may share data with trusted third-party providers who assist in operating the platform, such as:
Hosting providers
Cloud infrastructure services
Email delivery providers
Payment processors
Analytics providers
Advertising networks (e.g., Google AdSense, where enabled)
These providers process data under contractual safeguards and only on our instructions.
7.2 Within Company Teams
When an organization uses the platform:
Administrators may access employee time entries and leave records
Owners may access aggregated reports
Employees may view only their own data (subject to role permissions)
The employer may act as a separate Data Controller for employee data.
7.3 Legal Requirements
We may disclose information:
If required by law
In response to lawful requests by public authorities
To protect rights, safety, or property
In connection with legal claims
7.4 Business Transfers
In the event of a merger, acquisition, restructuring, or asset sale, personal data may be transferred to the acquiring entity, subject to confidentiality safeguards.
8. International Data Transfers
We may process or store data outside the user’s country of residence.
If personal data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as:
Standard Contractual Clauses (SCCs)
Transfers to countries with adequacy decisions
Binding contractual agreements with service providers
Users located outside the EEA acknowledge that their data may be transferred to and processed in jurisdictions where data protection laws may differ.
We take reasonable steps to ensure that all international transfers comply with applicable data protection laws.
9. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, including to comply with legal, accounting, or reporting obligations.
9.1 Account Data
We retain account-related data for as long as the account remains active.
If an account is terminated:
Data may be retained for a limited period for backup, legal, or security purposes.
Data may be permanently deleted after a reasonable retention period unless legal obligations require longer storage.
9.2 Organizational Data
Time tracking records and leave management data are retained while the organization’s subscription remains active.
Upon termination:
The organization may request data export before deletion.
Data may be deleted after a defined retention period.
9.3 Billing & Financial Records
Billing and transaction data may be retained as required by tax and accounting laws.
9.4 Log & Security Data
System logs may be retained temporarily for:
Security monitoring
Fraud detection
Troubleshooting
Retention periods may vary depending on operational and legal requirements.
10. Data Security
We implement appropriate technical and organizational measures to protect personal data against unauthorized access, disclosure, alteration, or destruction.
Security measures may include:
Secure HTTPS encryption
Access control mechanisms
Role-based permissions
Secure authentication processes
Regular system monitoring
Server-level protections provided by hosting providers
Despite these safeguards, no system can be completely secure. Users are responsible for maintaining the confidentiality of their login credentials.
If we become aware of a data breach affecting personal data, we will act in accordance with applicable legal requirements.
11. Your Rights
Depending on your location, you may have certain rights under applicable data protection laws.
For users in the European Economic Area (EEA), United Kingdom, or similar jurisdictions, rights may include:
Right of access
Right to rectification
Right to erasure (“right to be forgotten”)
Right to restrict processing
Right to data portability
Right to object to processing
Right to withdraw consent
Right to lodge a complaint with a supervisory authority
To exercise your rights, you may contact us at:
contact@clock-commander.com
We may require identity verification before responding to certain requests.
12. Cookies and Tracking Technologies
We use cookies and similar technologies to:
Ensure proper functionality of the platform
Maintain user sessions
Improve performance and usability
Analyze traffic
Display advertisements (where applicable)
Cookies may include:
12.1 Essential Cookies
Necessary for authentication, session management, and core functionality.
12.2 Analytics Cookies
Used to analyze usage patterns (e.g., Google Analytics).
12.3 Advertising Cookies
Used for personalized or contextual ads (e.g., Google AdSense).
Users may manage cookie preferences via:
Our cookie consent banner
Browser settings
For detailed information, please refer to our Cookie Policy.
13. Children’s Privacy
The Service is not directed to individuals under the age of 18.
We do not knowingly collect personal data from children. If we become aware that personal data has been collected from a minor without appropriate legal basis or parental consent, we will take reasonable steps to delete such information.
If you believe that a child has provided personal data to us, please contact us at:
contact@clock-commander.com
14. Third-Party Links
Our Service may contain links to third-party websites, services, or applications.
We are not responsible for the privacy practices, content, or policies of third-party websites. Users are encouraged to review the privacy policies of any third-party services they access.
This includes, but is not limited to:
Payment processors
Analytics providers
Advertising platforms
Cloud hosting services
15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect:
Changes in legal requirements
Changes in our services
Improvements in privacy practices
When we make material changes:
We will update the “Last Updated” date at the top of this Policy.
In case of significant changes, we may notify users via email or through the platform.
Continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.
16. Contact Information
If you have any questions about this Privacy Policy or how your data is handled, you may contact us at:
contact@clock-commander.com
