Legal

Privacy Policy

How Clocko collects, uses, and protects your personal data.

Last updated: January 2025  ·  Clocko is operated by Webbed Digital, United Kingdom.

1. Who we are

Clocko ("we", "us", "our") is a workforce management SaaS application operated by Webbed Digital. When we refer to "you" or "your", we mean you as a user of our service — either as a company administrator or as an employee using Clocko at work.

Our contact email for privacy matters is hello@clocko.app.

2. What data we collect

Company administrators

  • Name and email address (provided at sign-up)
  • Company name and chosen workspace subdomain
  • Billing information (processed by Stripe — we do not store card details)

Employees using Clocko

  • Name and email address (added by your employer)
  • Clock-in and clock-out timestamps
  • GPS location at clock-in (only if your employer has enabled this feature)
  • Site induction responses
  • Annual leave requests and approvals

Technical data

  • Session tokens (stored in browser cookies, no tracking cookies used)
  • Server access logs (IP address, timestamp, HTTP method) — retained for 30 days

3. How we use your data

We use personal data solely to provide the Clocko service. Specifically:

  • To authenticate users and manage workspace access
  • To record and display attendance, timesheets, and induction status
  • To process subscription payments via Stripe
  • To send transactional emails (account setup, trial reminders, receipts)
  • To investigate security incidents and prevent abuse

We do not sell, rent, or share your personal data with third parties for marketing purposes.

4. Data storage and security

All data is stored on servers located in the European Union. Data at rest is stored in a MySQL database. Access to production systems is restricted to authorised personnel only.

Passwords are hashed using bcrypt. Session tokens are randomly generated and stored as secure HTTP-only cookies. All data in transit is protected by TLS (HTTPS).

5. GPS location data

GPS location capture at clock-in is an optional feature that company administrators can enable. If enabled, employees' approximate GPS coordinates are recorded each time they clock in. This data is visible only to administrators of that workspace. It is used solely to verify on-site attendance and is not shared with any third party.

6. Data retention

We retain your data for as long as your Clocko account is active. If you cancel your subscription, your data is retained for 60 days before permanent deletion, to allow for reactivation or data export. You may request earlier deletion by emailing hello@clocko.app.

7. Your rights (UK GDPR)

Under UK data protection law, you have the right to:

  • Access a copy of the personal data we hold about you
  • Rectify inaccurate personal data
  • Erase your personal data (subject to legal obligations)
  • Restrict processing of your personal data
  • Data portability — receive your data in a machine-readable format
  • Object to certain types of processing

To exercise any of these rights, contact us at hello@clocko.app. We will respond within 30 days.

8. Third-party services

We use the following third-party services:

  • Stripe — payment processing. Stripe's privacy policy applies to payment data.
  • Google Fonts — font delivery. No personal data is sent; only the font files are fetched.

9. Cookies

Clocko uses one session cookie to maintain your login. This cookie is strictly necessary for the service to function. We do not use advertising or analytics tracking cookies.

10. Changes to this policy

We may update this policy from time to time. We will notify active customers of material changes by email. Continued use of the service after the effective date constitutes acceptance of the updated policy.

11. Contact

If you have any questions about this Privacy Policy or how we handle your data, please contact us at hello@clocko.app.