Effective date: 17 March 2026 · Last updated: 17 March 2026

Privacy Policy

venzio is a presence intelligence platform. This policy explains what data we collect, why we collect it, who can see it, and your rights over it. We have written it in plain language - not legal boilerplate.

1. What data we collect

We only collect data that is necessary for venzio to function. The table below lists every field we store, and why.

Data field	Why we collect it
Email address	Account creation, OTP verification, consent invitations.
Full name	Displayed to workspace admins you consent to share with.
Password (bcrypt hash)	Authentication. The plaintext password is never stored.
Check-in timestamp (UTC)	Core presence record. When you tapped "I'm here".
Check-out timestamp (UTC)	When you tapped "I'm leaving". Null if not checked out.
GPS coordinates (lat, lng, accuracy)	Captured only when you grant browser GPS permission at check-in.
IP address	Captured server-side at check-in. Used for IP-geofence signal matching.
Timezone	Detected from your browser and stored so timestamps display correctly in your local time.
Location label	Human-readable name derived from GPS coordinates (e.g. "Thapar University, Patiala"). Generated once at check-in, never updated.

We do not collect location data in the background. We do not read your contacts, calendar, messages, or any other app data. We do not use advertising trackers or sell your data to third parties.

2. Who can see your data

You - always. Your full presence history is visible only to you at /me/timeline.

Workspace admins — only for workspaces you have explicitly consented to share with. You can see every workspace that has access to your data at /me/orgs. You can revoke any organisation's access instantly from that page.

venzio staff - we do not access individual user data unless you explicitly ask us for support, and only for the purpose of resolving your issue.

No one else - we do not share, sell, or rent your data to any third party. We do not use it for advertising.

3. How long we keep your data

Presence events (check-ins) are retained for 7 years from the date they were created. This is consistent with many countries' employment record-keeping requirements. After 7 years, records are permanently and automatically deleted.

You can request earlier deletion of your data from your account settings at /me/settings. Deletion is permanent and cannot be undone.

When you deactivate your account, your data enters a 30-day grace period. You can reactivate within 30 days and recover your full history. After 30 days, your account and all associated data are permanently deleted.

4. Consent and workspace membership

If an organisation invites you to their workspace, you will receive a consent link by email. You must explicitly accept before your presence data becomes visible to that organisation's admin.

If your organisation has verified their email domain (e.g. acmecorp.com) and you register with a matching email address, you will be automatically enrolled as a member. Your check-in data becomes visible to that organisation's admin. You can revoke this at any time from /me/orgs.

5. Your rights

Access: download your full history as CSV from /me/timeline at any time.
Correction: edit your name, email, or timezone from /me/settings.
Deletion: request account deletion from /me/settings → "Delete account".
Portability: your exported CSV is in standard format, importable anywhere.
Revocation: remove any organisation's access instantly from /me/orgs.
Objection: if you believe your data has been accessed inappropriately, contact us.

6. Security

Passwords are hashed with bcrypt (cost factor 12). Session tokens are JWTs signed with HS256, stored in HttpOnly, Secure, SameSite=Strict cookies. Sessions are invalidated on logout. All data is transmitted over HTTPS. API access requires a valid session or API token.

7. Contact

For data requests, corrections, or privacy concerns, email us at privacy@venzio.app. We respond to all privacy requests within 48 hours.