Privacy policy

Last updated 2026-04-25

Horaflow is a workforce productivity platform operated by Zenkoders (Pakistan). This policy explains what data we collect, why, and what your rights are.

Who we collect data about

Two groups: (1) the customer admin who buys Horaflow for their company, and (2) the employees being tracked.

What we collect from admins

  • Name, email, company name (provided at signup)
  • Billing information processed by Stripe — we don't store card numbers
  • Server-side audit logs of admin actions inside the dashboard

What we collect from tracked employees

  • Email and full name (provided by the admin who invited them)
  • Active and idle activity timestamps (keyboard, mouse, active window) — not the keystrokes themselves
  • Periodic screenshots of the active monitor while clocked in
  • Clock-in / clock-out events, project and task assignments, attendance status
  • Heartbeats from the desktop agent including OS, app version, public IP, and hostname

What we do NOT collect

  • Keystroke content (we count input events, we never read what was typed)
  • Browser history outside what's visible during a screenshot
  • GPS or webcam data
  • Personal communications — Slack, email, WhatsApp messages
  • Activity outside clock-in periods (the agent stops collecting when the user clocks out)

Where data is stored

All data is stored on Supabase (Postgres + S3-compatible storage), hosted on AWS infrastructure. Screenshots and other files reside in encrypted-at-rest object storage. Database connections use TLS.

Retention

Activity events and heartbeats: 90 days rolling. Screenshots: 30 days rolling. Time entries, attendance, and project data: full history while the subscription is active. Upon cancellation, data is exportable for 30 days, then deleted.

Your rights

  • Request a full export of any user's data at any time
  • Request deletion of any user's data at any time
  • Object to specific data categories (e.g., screenshots) — this disables the corresponding feature for that user

Send requests to privacy@horaflow.com — we respond within 7 business days.

Sub-processors

  • Supabase (database + storage)
  • Vercel (web hosting)
  • Stripe (billing)
  • Resend or equivalent (transactional email)

Contact

privacy@horaflow.com for privacy questions, data requests, or sub-processor inquiries.