tapwrkBack to homepage

Privacy Policy

Last updated: March 12, 2026

This Privacy Policy explains how tapwrk collects, uses and protects personal data when you use our products, services and websites (together, the Service).

By using the Service you agree to the collection and use of information in accordance with this Privacy Policy.

1. Who we are

tapwrk is a workplace attendance and shift tracking platform that allows employees to check in via NFC and QR, and gives managers real‑time visibility into attendance and working time.

2. What data we collect

Depending on how you use tapwrk, we may process the following categories of personal data:

  • Account and contact details – name, work email address, role, company name, team size and similar information provided when you request a demo, start a trial or contact us.
  • Attendance data – check‑in and check‑out events (date, time, location or device identifier), schedule information, assigned locations and teams.
  • Usage data – technical information such as IP address, browser type, device type, operating system, language and pages viewed, collected via standard web logs and analytics tools.
  • Support information – content of messages you send us, feedback and information provided to our support team.

We do not collect or store biometric data (fingerprint, Face ID etc.). When such methods are used on a device, verification happens entirely on the employee’s own device and the biometric data never leaves it.

3. How we use the data

We process personal data for the following purposes:

  • To provide and operate the Service – create and manage accounts, register check‑ins and check‑outs, show attendance dashboards, create reports and schedules.
  • To improve and secure the Service – monitor performance, prevent abuse, keep logs for security, develop new features and improve user experience.
  • To communicate with you – respond to enquiries, send onboarding information, product updates that are relevant for your use of the Service and administrative notifications.
  • To comply with legal obligations – for example keeping certain records for accounting, tax or employment law purposes, when applicable to our relationship with your organisation.

The lawful bases we rely on are performance of a contract, legitimate interest in operating and improving the Service and, where required, your consent (for example for certain marketing communications or optional cookies).

4. How long we keep data

We keep personal data only for as long as it is needed for the purposes described above:

  • Attendance and shift records are kept for the period agreed with the customer organisation or as required by applicable law.
  • Account and contact details are stored while your organisation uses tapwrk and for a reasonable period afterwards for record‑keeping and to resolve potential disputes.
  • Log and analytics data is usually kept for a shorter technical period that allows us to analyse performance and security trends.

When data is no longer needed, we delete it or irreversibly anonymise it.

5. How we share data

We may share personal data with:

  • Service providers that help us host, operate and support tapwrk (for example cloud hosting providers, email delivery services, analytics tools). These providers process data only on our instructions and under data‑processing agreements.
  • Customer organisations (employers) – attendance data and related information is available in the admin panel of the organisation that invited you to use tapwrk.
  • Authorities and third parties when required by law, court order or to protect our legal rights, users or the public.

We do not sell personal data.

6. International data transfers

We may store and process data in the European Union and in other countries. When we transfer personal data outside the EU/EEA we apply appropriate safeguards, such as Standard Contractual Clauses or equivalent mechanisms, to ensure an adequate level of protection.

7. Your rights

Depending on applicable data protection law (for example GDPR), you may have the right to:

  • access a copy of your personal data;
  • request correction of inaccurate or incomplete data;
  • request deletion of your data, where legally possible;
  • object to or request restriction of certain processing;
  • receive your data in a portable format;
  • withdraw consent at any time, where processing is based on consent.

To exercise these rights, please contact us using the details in the Contact section below. We may need to verify your identity before responding.

8. Cookies and similar technologies

We use cookies and similar technologies to:

  • keep you signed in and provide core functionality;
  • remember your language and interface preferences;
  • analyse how the website is used so we can improve it;
  • measure the effectiveness of our marketing campaigns.

Where required by law, we ask for your consent before setting non‑essential cookies. You can change your browser settings to block or delete cookies, but this may affect how the Service works.

9. Data security

We apply technical and organisational measures designed to protect personal data, including encryption in transit and at rest, access controls, logging and regular backups. No system can be completely secure, but we work continuously to reduce risks and respond quickly to incidents.

10. Data controller

For most processing activities described in this Privacy Policy, tapwrk acts as data controller. In the context of attendance tracking for an employer, we generally act as data processor on behalf of the customer organisation, which remains responsible for providing the appropriate lawful basis towards its employees.

11. Changes to this Policy

We may update this Privacy Policy from time to time. The latest version will always be available on this page and will include the date of the last update. Material changes may be communicated through the Service or by email.

12. Contact

If you have questions about this Privacy Policy or how we process personal data, please contact us at:

legal@tapwrk.com