Privacy Policy

AwayOps Ltd ("we", "our", "us") is committed to protecting the privacy of individuals whose personal data we process. This Privacy Policy explains what data we collect, why we collect it, how we use it, and your rights regarding that data.

1. Who We Are

AwayOps Ltd is the controller of personal data collected directly from visitors and account holders. For personal data that Customers upload about their employees, AwayOps acts as a data processor on behalf of the Customer (the controller).

For questions, contact our data team at awayops.solution@@gmail.com.

2. Data We Collect

2.1 Account & Company Data

• Company name, workspace slug, and billing email — collected at registration.
• Owner first name, last name, and email address.
• Subscription and billing information (processed via our payment provider; we do not store full card numbers).
• IP address and browser/device metadata for security and fraud prevention.

2.2 Employee Data (processed on behalf of Customers)

• Employee name, email, job title, department, and start date.
• Leave requests, approval decisions, balances, and accrual history.
• Any documents attached to leave requests (e.g. medical certificates).
• Notification preferences and device tokens for push notifications.

2.3 Usage Data

• Pages visited, features used, and time spent — used to improve the product.
• Error logs and performance metrics — used for reliability and debugging.

3. How We Use Your Data

• Service delivery — to operate, maintain, and improve the AwayOps platform.
• Billing — to process subscription payments and send invoices.
• Communication — to send transactional emails (welcome, password reset, trial expiry) and product updates. You can opt out of marketing emails at any time.
• Security — to detect and prevent fraud, abuse, and unauthorised access.
• Legal obligations — to comply with applicable laws and respond to lawful requests from authorities.

4. Legal Basis for Processing (GDPR)

• Contract — processing necessary to fulfil our agreement with you (e.g. operating your workspace).
• Legitimate interests — fraud prevention, security, and product improvement.
• Consent — marketing communications (you can withdraw at any time).
• Legal obligation — compliance with applicable law.

5. Data Sharing

We do not sell your personal data. We share data only with:

• Sub-processors — infrastructure (cloud hosting), email delivery, payment processing, and analytics providers. All sub-processors are bound by data processing agreements.
• Legal authorities — where required by law or valid legal process.
• Business transfers — in the event of a merger or acquisition, with appropriate notice and data protections.

6. Data Retention

• Active workspace data is retained for as long as the subscription is active.
• Upon cancellation or suspension, data is retained for 30 days to allow export, then permanently deleted.
• Billing records are retained for 7 years to comply with financial regulations.
• Security logs are retained for 12 months.

7. Data Security

We implement appropriate technical and organisational measures including:

• Encryption in transit (TLS 1.2+) and at rest (AES-256).
• Role-based access control and least-privilege principles.
• Regular security reviews and penetration testing.
• Automated backups with point-in-time recovery.

8. International Transfers

AwayOps operates globally. Data may be processed in the EU, UK, or other countries where our infrastructure providers operate. For transfers outside the EEA, we rely on Standard Contractual Clauses (SCCs) or equivalent mechanisms approved by relevant data protection authorities.

9. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access — request a copy of your personal data.
• Rectification — request correction of inaccurate data.
• Erasure — request deletion of your data ("right to be forgotten").
• Portability — receive your data in a machine-readable format.
• Restriction — request that we limit processing of your data.
• Objection — object to processing based on legitimate interests.

To exercise any right, email awayops.solution@@gmail.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

10. Mobile Application

The AwayOps Employee mobile app (available on Google Play) collects the following data on your device:

• Account information — your name, email address, and profile photo as entered by your employer.
• Push notification token — a device identifier provided by Firebase Cloud Messaging (FCM) so we can deliver leave approval alerts and company announcements to your device. This token is stored on our servers and deleted when you log out or uninstall the app.
• Uploaded documents — files you attach to leave requests (e.g. medical certificates). These are transmitted securely over HTTPS and stored on our servers on behalf of your employer.
• Device metadata — device model, OS version, and app version, used solely for debugging and compatibility purposes.

The mobile app does not collect your precise location, GPS coordinates, contacts, call logs, messages, browsing history, or any health data.

We use Firebase Cloud Messaging (Google LLC) to deliver push notifications. Firebase may collect device-level identifiers in accordance with Google's Privacy Policy.

To request deletion of your mobile app data, email awayops.solution@@gmail.com with the subject line "Data Deletion Request". We will process your request within 30 days.

11. Cookies

We use session cookies for authentication and minimal analytics cookies to understand feature usage. We do not use third-party advertising cookies. You can disable cookies in your browser, though some features may not function correctly.

13. Children's Privacy

AwayOps is a business-to-business platform and is not directed at individuals under the age of 16. We do not knowingly collect personal data from minors.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you by email and in-app notification before material changes take effect. The "Last updated" date at the top of this page reflects the most recent revision.

15. Contact

For privacy-related enquiries: awayops.solution@@gmail.com

For legal enquiries: awayops.solution@@gmail.com