OnSite Timekeeper — Privacy Policy

Last updated: February 19, 2026

OnSite Club ("we," "our," or "us") operates the OnSite Timekeeper mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App.

1. Information We Collect

1.1 Personal Information

When you create an account, we collect:

Email address — Used for authentication and account recovery
Name and surname — Used to identify you within the App
User ID — A unique identifier assigned to your account

1.2 Location Data

Our App collects location data to provide its core functionality:

Precise GPS coordinates — Collected when you use the map feature or when geofencing is enabled
Background location — With your explicit permission, we collect location data even when the App is closed or not in use. This is essential for automatically detecting when you arrive at or leave your work location, recording accurate work entry and exit times, and providing geofence-based time tracking.

We use geofencing technology, NOT continuous GPS tracking. Location is only processed when you enter or exit a defined work zone.

1.3 Work Session Data

Entry and exit timestamps
Work location names
Session duration and break times
Notes attached to work sessions

1.4 Device and Usage Information

Device type and operating system version
App version
Timezone settings
Anonymous usage analytics (features used, session duration)
Crash reports and error logs (via Sentry — no PII included)

2. How We Use Your Information

We use the collected information for the following purposes:

Account Management — Email, name, user ID
Time Tracking — Location data, timestamps
Geofencing — Background location, work locations
Work Reports — Session data, timestamps
App Improvement — Anonymous usage data, crash reports
Customer Support — Email, session data

We do NOT use your data for advertising or marketing to third parties, selling to data brokers, tracking your movements outside of work-related geofences, or building advertising profiles.

3. Location Data — Detailed Disclosure

3.1 Why We Need Background Location

OnSite Timekeeper is a work time tracking application. The geofencing feature requires detecting when you physically arrive at or leave your designated work location. This functionality requires background location access because you may arrive at work with your phone in your pocket (App not open), you may leave work without manually opening the App, and automatic time tracking requires continuous geofence monitoring.

IMPORTANT: Background location is ONLY required for the premium geofencing feature. The free tier (manual time entry) does NOT require any location access.

3.2 How Background Location Works

We use geofencing technology (not continuous GPS tracking)
Location is only processed when you enter or exit a defined work zone
We do NOT track your location continuously throughout the day
Location data is processed locally on your device first
Only entry/exit events are recorded and optionally synced

3.3 Your Control Over Location

You can at any time:

Disable background location in your device settings
Remove work locations from the App
Switch to manual time entry mode (no location required)
Delete all stored location data
Revoke location permission entirely (manual entry still works)

4. Data Storage and Security

4.1 Local Storage (Offline-First)

Your data is stored locally on your device using SQLite database for offline functionality and secure storage for authentication tokens. Your data is NEVER lost, even without internet connection.

4.2 Cloud Storage (Optional Sync)

When you are online, data may sync to our cloud servers:

Provider: Supabase (hosted on AWS)
Location: United States / Canada
Encryption: TLS 1.3 in transit, AES-256 at rest
Access Control: Row Level Security (RLS) ensures you can only access your own data

4.3 Security Measures

All data transmission uses HTTPS/TLS encryption
Authentication tokens are stored in device secure storage
Database access requires authentication
Row-level security on all cloud tables
We implement industry-standard security practices

5. Data Sharing and Disclosure

5.1 We Do NOT Sell Your Data

We do not sell, trade, or rent your personal information to third parties.

5.2 Limited Sharing

We may share your data only in these circumstances:

Your Employer/Manager — Only if you explicitly grant access via the Team Sharing feature (work hours and session times only)
Service Providers — Infrastructure and hosting (encrypted data only)
Legal Authorities — If required by law or valid legal process

5.3 Team Sharing Feature

If you choose to share your timesheet with a manager or employer:

You explicitly grant access via a sharing code or QR code
You can revoke access at any time
Shared data includes: work hours, entry/exit times, location names
Shared data does NOT include: precise GPS coordinates, personal device info

6. Third-Party Services

Our App uses the following third-party services:

Supabase — Authentication, database, and cloud sync
Google Maps — Map display and geocoding
Expo — App framework and push notifications
Sentry — Error monitoring and crash reporting (no PII collected)

Each third-party provider has their own privacy policy. We require that all third-party partners provide equivalent or greater data protection.

7. Data Retention

Account information — Until you delete your account
Work session records — 2 years (for legal/tax compliance)
Location audit logs — 90 days
Error logs and crash reports — 30 days
Anonymous analytics — 12 months

After these periods, data is automatically deleted from our servers.

8. Account Deletion

You can delete your account at any time through:

In-App: Settings > Account > Delete Account
Email: privacy@onsiteclub.ca

Upon deletion, your account is permanently deactivated, all personal data is deleted from our servers within 30 days, local data on your device is cleared immediately, anonymized aggregated data may be retained for analytics, and shared access (Team Sharing) is automatically revoked.

9. Your Rights

9.1 Under GDPR (European Users)

Legal basis for processing: Consent (location data), Legitimate Interest (service provision), Contract (account management). You have the right to:

Access — Request a copy of your data
Rectification — Correct inaccurate data
Erasure — Request deletion of your data ("right to be forgotten")
Portability — Export your data in a standard format (PDF, CSV)
Restriction — Limit how we process your data
Objection — Object to certain processing activities
Withdraw Consent — Revoke previously given consent at any time

9.2 Under CCPA (California Users)

You have the right to know what personal information we collect, request deletion of your personal information, opt-out of the sale of personal information (we don't sell data), and non-discrimination for exercising your rights.

9.3 Under LGPD (Brazilian Users)

You have equivalent rights to access, correct, delete, and port your data, as well as the right to information about data sharing and the identity of the data protection officer.

9.4 How to Exercise Your Rights

Email: privacy@onsiteclub.ca
In-App: Settings > Privacy > Request Data / Delete Account

We will respond to your request within 30 days.

10. Children's Privacy

OnSite Timekeeper is not intended for use by children under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately at privacy@onsiteclub.ca.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of changes by posting the new Privacy Policy in the App, updating the "Last Updated" date, and sending an email notification for significant changes.

Your continued use of the App after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

OnSite Club

Located in Ontario, Canada.

13. Consent

By using OnSite Timekeeper, you consent to the collection and use of your information as described in this Privacy Policy. For location data, we request explicit consent through your device's permission system before any collection begins. You may withdraw consent at any time by disabling permissions in your device settings.