Legal

Privacy Policy

Effective: April 24, 2026·Last updated: April 24, 2026
Plain English summary: We collect only what we need to run your scheduling business. We never sell your data. We store it securely. You control it. Full details below.

1. Who We Are

PeopleBridge ("PeopleBridge," "we," "us," or "our") is a software-as-a-service platform that provides employee scheduling, time tracking, and workforce management tools for small businesses. We are operated by Jayesh Thakker, based in Frisco, Texas, United States.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform at PeopleBridge.app and any related mobile or desktop applications (collectively, the "Service"). Please read it carefully.

By using PeopleBridge, you agree to the collection and use of information as described in this policy. If you do not agree, do not use the Service.

2. Information We Collect

2.1 Information You Provide Directly

  • Account information: name, email address, password (hashed), phone number, business name
  • Profile information: job title, hire date, employment type, hourly pay rate, availability, birthday (optional)
  • Business information: organization name, location addresses, GPS coordinates of work locations
  • Communications: messages sent within the platform, support tickets, announcements
  • Documents: files you upload to employee profiles (PDFs, images — up to 10MB per file)
  • Signature data: typed names used as electronic signatures on consent forms
  • Payment information: processed through Stripe; we do not store full card numbers on our servers

2.2 Information Collected Automatically

  • Clock-in/clock-out timestamps and GPS coordinates at the moment of clock-in (with your explicit consent via the GPS Tracking Consent form)
  • Log data: IP address, browser type, pages visited, timestamps, error logs
  • Device information: device type, operating system, screen resolution
  • Usage data: features used, actions taken, session duration
  • Cookies and similar technologies: session management, authentication state, preferences

2.3 Information From Third Parties

  • Google OAuth: if you sign in with Google, we receive your name and email address from Google
  • Imported employee data: if an account owner imports a CSV of employees, that data is subject to this policy upon import

3. How We Use Your Information

We use the information we collect to:

  • Provide and operate the Service, including schedule building, shift management, and timesheets
  • Authenticate your identity and maintain your account security
  • Process and verify GPS clock-in/clock-out events
  • Generate timesheets, payroll reports, and labor cost analytics
  • Send notifications you have opted into: shift reminders, schedule publications, time-off approvals, shift trade updates
  • Enable in-app messaging between team members
  • Store and display employee documents and signed consent forms
  • Process payments and manage subscriptions through Stripe
  • Provide customer support and respond to your inquiries
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with legal obligations
  • Improve and develop our Service (using aggregated, anonymized data)
We do not use your data to train AI models. We do not sell your data to any third party. We do not display advertising.

4. GPS and Location Data

PeopleBridge collects GPS location data only at the moment an employee clocks in or out. We do not continuously track location. We do not store movement history.

GPS data is used solely to verify that an employee is within the configured geofence radius of a work location. This is disclosed to employees prior to collection through our GPS Tracking Consent form, which employees must sign before using the clock-in feature.

  • GPS coordinates are stored alongside the clock-in event timestamp
  • This data is visible to the employing organization's owners and managers
  • GPS data is retained for the duration of the employment relationship plus 2 years, then deleted
  • Employees may request deletion of their GPS data after termination of employment

5. How We Share Your Information

We do not sell, trade, or rent your personal information to third parties. We share information only in the following circumstances:

5.1 Within Your Organization

Information is shared within your organization based on roles: Owners can see all employee data. Managers can see employee data for their assigned locations. Employees can see their own data, shift schedules, and team announcements. Pay rates are hidden from employees by default (configurable by owners).

5.2 Service Providers

We share data with carefully selected third-party service providers who help us operate the Service, under strict data processing agreements:

  • Supabase (database and authentication) — United States
  • Vercel (hosting and CDN) — United States
  • Stripe (payment processing) — United States
  • Zoho / SendGrid (email delivery) — United States
  • Twilio (SMS notifications, if enabled) — United States
  • Make.com / Integromat (workflow automation) — European Union
  • Airtable (operational data management) — United States

5.3 Legal Requirements

We may disclose information if required to do so by law, court order, or government authority, or if we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a lawful request.

5.4 Business Transfers

If PeopleBridge is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify affected users via email or prominent notice on our website.

6. Data Retention

We retain your data as long as your account is active or as needed to provide the Service. Specifically:

  • Active account data: retained indefinitely while your account is active
  • Deleted account data: purged within 90 days of account deletion request
  • Clock-in/GPS records: retained for 3 years after employment ends for legal compliance
  • Payroll and timesheet records: retained for 7 years to comply with labor law record-keeping requirements (FLSA)
  • Signed consent forms: retained for the duration of employment plus 4 years
  • Backups: encrypted backups are retained for up to 30 days after deletion

7. Data Security

We take the security of your data seriously and implement industry-standard safeguards:

  • All data is encrypted in transit using TLS 1.2 or higher
  • Data at rest is encrypted using AES-256 encryption
  • Passwords are hashed using bcrypt — we never store plaintext passwords
  • Row-level security (RLS) policies ensure tenants cannot access each other's data
  • Access to production systems is restricted to authorized personnel only
  • We perform regular security reviews and vulnerability assessments
  • Payment data is handled entirely by Stripe (PCI DSS Level 1 compliant)

Despite these measures, no method of transmission or storage is 100% secure. We cannot guarantee absolute security. In the event of a data breach, we will notify affected users as required by applicable law within 72 hours of becoming aware.

8. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal data:

  • Access: request a copy of the personal data we hold about you
  • Correction: request correction of inaccurate or incomplete data
  • Deletion: request deletion of your account and personal data (subject to legal retention requirements)
  • Portability: receive your data in a structured, machine-readable format
  • Objection: object to certain processing activities
  • Withdraw consent: withdraw consent for GPS tracking or other consent-based processing at any time

To exercise any of these rights, email us at privacy@PeopleBridge.app. We will respond within 30 days. For deletion requests, we may need to verify your identity before processing.

California Residents (CCPA/CPRA): You have the right to know what personal information we collect, to delete it, to opt out of sale (we do not sell data), and to non-discrimination for exercising your rights. To submit a verifiable consumer request, contact privacy@PeopleBridge.app.

EU/UK Residents (GDPR): Our legal basis for processing is: (a) contract performance for providing the Service, (b) legitimate interests for security and fraud prevention, (c) consent for GPS tracking and optional features, and (d) legal obligation for record retention. You may lodge a complaint with your local supervisory authority.

9. Cookies and Tracking Technologies

We use the following cookies and similar technologies:

  • Session cookies: required for authentication and keeping you logged in (cannot be disabled)
  • Preference cookies: remember your settings (e.g., billing toggle preference)
  • Analytics cookies: Google Analytics to understand aggregate usage (can be disabled)

We do not use third-party advertising cookies. You can control cookie settings in your browser. Disabling session cookies will prevent you from logging into the Service.

10. Children's Privacy

PeopleBridge is designed for use by businesses and their employees. We do not knowingly collect personal information from children under 13 years of age. If an employee is under 18, their employer is responsible for obtaining any required parental or guardian consent under applicable law. Our onboarding process includes a Parental Consent form for employees under 18.

If we become aware that we have collected personal data from a child under 13 without parental consent, we will take steps to delete such information promptly. Contact us at privacy@PeopleBridge.app if you believe we have inadvertently collected such data.

11. Third-Party Links and Integrations

The Service may contain links to third-party websites or integrate with third-party services (e.g., Google for authentication). This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party services you use in connection with PeopleBridge.

12. International Data Transfers

PeopleBridge is operated from the United States. If you are located outside the United States, your information will be transferred to and processed in the United States, where data protection laws may differ from your jurisdiction. By using the Service, you consent to this transfer. Where required, we implement appropriate safeguards such as Standard Contractual Clauses for EU data transfers.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by:

  • Sending an email to the address associated with your account
  • Displaying a prominent notice within the Service
  • Updating the "Last updated" date at the top of this page

Your continued use of the Service after any changes constitutes your acceptance of the updated policy. We encourage you to review this policy periodically.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

PeopleBridge Privacy Team
Location: Frisco, Texas, United States