Privacy Policy

1. Scope and Controller Information

This Privacy Policy explains how Work Register processes personal data when you use our mobile app, website, and support channels. Work Register is a team task and approvals app: it lets you sign in with Google, create or join one or more Companies, organise work as Projects, Jobs, and Tasks, move items through To Do, Doing, Done, Checked, and Authorised statuses, run a Checker/Authoriser approval flow, chat 1:1 and in groups with end-to-end encryption, place voice and video calls, view your Google Calendar, read and send email from your own connected Gmail mailbox, log attendance, request leaves, and manage roles. Work Register is operated by PPLST Tech Private Limited, Office No. 933, B-3, Spaze I.T Park, Sector 49, Gurgaon, Haryana - 122018, India ("we", "us").

2. Controller, Processor, and Company Admins

Work Register operates as the processor for data inside a Company; the Company itself (acting through its Super Admin and Tech Admin) is the controller of that data. We act as the controller for account-level data tied to your individual sign-in (such as your Google profile and your list of company memberships) and for diagnostics, abuse reports, and similar service-operation data.

3. Data Categories We May Process

• Account and profile data: Google account identifier, display name, email address, profile picture URL, sign-in metadata.
• Company membership data: Companies you create or join, your role(s), your designation and responsibility level, your department, the date you joined, your membership status (active, invited, left), and pending invites and join requests.
• Work data: Projects, Jobs, and Tasks you create or are assigned to; their content, status transitions (To Do > Doing > Done > Checked > Authorised), assigned dates and due times, recurrence schedules, attached files, and the audit history of who changed what and when.
• Approval data: Approval requests for completions, edits, and deletions, including who requested, who approved or rejected, and any comments.
• Communication data: Chat-conversation metadata (participants, timestamps, delivery state), call signaling metadata, voice-note and media metadata, and read receipts. Message content in 1:1 and group conversations is end-to-end encrypted between participants.
• Attendance and leave data: Daily attendance entries, leave requests, leave types, leave-approval records, and Time Manager actions.
• Google Calendar data: If you choose to connect Google Calendar, the events from your own calendar that the app reads in order to display them to you. See Google Calendar data below.
• Gmail / email data: If you choose to connect Gmail, the email messages, subjects, senders, recipients, labels, and drafts in your own mailbox that the app reads, composes, sends, and organises on your behalf. See Gmail / Email data below.
• KPIs, skills, and feedback: Skills, competencies, KPIs, and feedback you or your admins enter against your profile inside a Company.
• Content you provide: Profile media, voice notes, photos, videos, documents you upload, chat attachments, abuse-report submissions, and support submissions.
• Location data: Only when you choose to attach your current location to a chat message. Work Register does not continuously track location.
• Device and diagnostics data: Device model, OS version, app version, language, crash logs, performance and connectivity diagnostics.
• Notification data: Push tokens and notification metadata used to deliver task assignments, approval requests, chat messages, attendance reminders, and similar in-app events.
• Legal and compliance records: Rights requests, abuse reports, and lawful-request handling records.

4. End-to-End Encryption

Messages between Work Register users are end-to-end encrypted - only the people in the conversation can read the message content. Work Register does not have access to the plaintext content of end-to-end encrypted messages. Message metadata (sender, recipients, timestamps, delivery state) is processed by us so we can deliver messages reliably.

5. Permissions and Optional Access

Depending on the features you use, Work Register may request permissions such as notifications, microphone, camera, photo-library access, contacts (for adding teammates), location (only when attaching it to a chat message), read-only Google Calendar access (only when you connect your calendar), and Gmail access (only when you connect your mailbox). You can manage device permissions through your device settings at any time, and you can revoke Google Calendar or Gmail access from your Google Account permissions. Revoking a permission disables only the related feature.

6. Google Calendar Data

When you choose to connect Google Calendar, Work Register requests read-only access to your Google Calendar using the calendar.readonly scope. A future version of the app may request the calendar.events scope so you can create or edit events from inside Work Register; we will request that additional access only when, and if, that feature is introduced.

We use this access only to read your own Google Calendar events and display them to you inside the app's Calendar tab. Calendar events are cached locally on your device so the Calendar loads quickly and works offline. We do not transmit your Google Calendar data to our servers, we do not share or sell it, and we do not use it for advertising or to train machine-learning models.

Work Register's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

You can revoke Work Register's access to your Google Calendar at any time from your Google Account permissions. When you disconnect Google Calendar or sign out, the locally cached calendar data is removed from the device.

7. Gmail / Email Data

When you choose to connect Gmail, Work Register requests access to your Gmail mailbox using a single restricted scope, gmail.modify. This scope lets the app read your messages, send mail on your behalf, and modify your mailbox - mark messages read or unread, archive them, apply or remove labels, and create or edit drafts. The gmail.modify scope does not permit permanent deletion of your email, and Work Register never permanently deletes your messages.

We use this access only to let you work with your own mailbox inside the app's email client: to display and search your email, compose, reply to, and send messages, and organise your mail (mark read or unread, archive, label, and save drafts). Email is cached locally on your device so your mailbox loads quickly and works offline. We do not transmit your Gmail data to our servers, we do not store it on our servers or in our databases (including Firestore), we do not share or sell it, and we do not use it for advertising or to train machine-learning models.

Work Register's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. In particular, the restricted-scope Gmail data the app obtains is not transferred or sold to anyone, is not used for advertising, and is not read by humans except where you give explicit consent, where it is necessary for security purposes (such as investigating abuse), where required to comply with applicable law, or where the data has been aggregated and anonymised - exactly as the Limited Use requirements permit.

Connecting Gmail is optional. You can revoke Work Register's access to your Gmail at any time from your Google Account permissions. When you disconnect Gmail or sign out, the locally cached email is removed from the device.

8. Why We Process Data

• Provide core app functionality and account services.
• Run the Workspace, Approvals, Chat, Attendance, Leaves, Calendar, Org Chart, Leaderboard, Users, and Settings tabs.
• Deliver task assignments, approval requests, chat messages, voice and video calls, and notifications.
• Generate recurring Projects, Jobs, and Tasks on schedule.
• Display your own Google Calendar events alongside your work when you connect your calendar.
• Display, search, compose, send, and organise email from your own Gmail mailbox when you connect Gmail.
• Enforce role-based access (Super Admin, Tech Admin, Authoriser, Checker, Auditor, Maker, Member), including biometric re-authentication on sensitive actions.
• Maintain security, integrity, abuse prevention, and policy enforcement.
• Investigate incidents, debug reliability issues, and improve product quality.
• Comply with legal obligations and respond to valid legal process.

9. Legal Bases (Where Applicable)

Depending on your location, we rely on legal bases such as contract necessity, legitimate interests, consent, and legal obligations. For Company data processed on behalf of your employer or organisation, the Company is the controller and you should also consult their privacy notice.

10. Sharing and Recipient Categories

We may share personal data with service-provider categories needed to operate Work Register - for example, identity and authentication providers, cloud hosting and database providers, file and media storage providers, real-time communication infrastructure (voice and video), push-notification delivery, error tracking and diagnostics, and analytics. Your Google Calendar and Gmail data are not included in this sharing - they stay on your device and are never transmitted to these providers.

Inside a Company, your work activity is visible to other members in line with your role and theirs. Authorisers see approval requests; Auditors may view all activity; Super Admin and Tech Admin manage the Company configuration; Time Managers see attendance and leave activity. Chats are visible only to the participants of that chat.

We may also disclose data to advisers, regulators, or authorities when legally required or to protect rights, safety, and platform integrity. See Law Enforcement Guidelines.

11. Retention

We retain data for as long as needed for service delivery, security, legal compliance, dispute handling, and abuse prevention. Company data is retained for as long as the Company exists; when a Company is deleted, its data is removed in line with our deletion procedures. Account data is retained while your account is active; on account deletion, it is removed as described in Account & Data Deletion. Google Calendar and Gmail data are held only in the on-device cache and are cleared when you disconnect the relevant Google service or sign out.

12. Account Deletion and Data Removal

You may request account deletion in-app (Settings > Account > Delete account) or by email. We delete associated data unless retention is legally required or unless the data belongs to a Company you are a member of (in which case the Company, as controller, decides retention). Any locally cached Google Calendar events and Gmail messages are removed from your device when you disconnect the relevant Google service, sign out, or delete the app. See Account Deletion & Data Removal.

13. International Transfers

Your data may be processed outside your country of residence, including in jurisdictions where our service providers operate. Where required, we use lawful transfer mechanisms and safeguards. See International Data Transfers.

14. Your Rights

Depending on your region, you may have rights to access, correct, delete, restrict, object, withdraw consent, and request portability.

• EEA/UK/Switzerland: GDPR/EEA/UK/CH Rights
• California: CCPA/CPRA Rights

15. Children

Work Register is intended for use in a professional or organisational context and is not directed to children below the applicable minimum age. See Children's Privacy Policy.

16. Security

We apply technical and organizational safeguards intended to protect personal data, including end-to-end encryption for message content and biometric re-authentication for sensitive actions on the device. No system is completely secure, and users should also help protect their accounts and devices.

17. Automated Decision-Making

We may use automated checks for fraud, abuse prevention, and service safety. Where required by law, you can request human review of significant decisions.

18. Service Disclaimer

Work Register helps teams plan, track, and review work. It does not guarantee delivery, approval, recall, retention, or availability of any task, message, file, attendance entry, or notification. It is not a system of record for any statutory, regulatory, payroll, or human-resources purpose. See Terms of Use for the full disclaimer and limitation of liability.

19. Policy Changes

We may update this policy as features, legal requirements, or operational practices evolve. Updates become effective when posted with the updated date.

20. Contact

For privacy requests or questions, contact admin@pplsttech.com, or write to PPLST Tech Private Limited, Office No. 933, B-3, Spaze I.T Park, Sector 49, Gurgaon, Haryana - 122018, India.