PhoneClock.InBack to Home

Last updated: February 16, 2026

Privacy Policy

1. Introduction

PhoneClock.In ("we," "our," or "us") is committed to protecting the privacy of our users. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our cloud-based time tracking and Electronic Visit Verification (EVV) platform, including our website and mobile applications (collectively, the "Service").

2. Information We Collect

We collect the following categories of information to provide, maintain, and improve our Service:

  • Account information: Full name, email address, and credentials created during account setup by your organization administrator.
  • Location data: GPS coordinates (latitude, longitude, and accuracy) captured at the time of clock-in and clock-out events. This is required for EVV compliance.
  • Device information: User agent string, platform, browser language, and screen dimensions. Device data collection may be enabled under a feature flag (DEVICE_CAPTURE) by your organization.
  • Time entry data: Clock-in/out timestamps, shift durations, break periods, and associated metadata.
  • Digital signatures: Electronic signatures captured during clock-in/out for verification purposes.
  • Session data: IP address, device information, and user agent associated with login sessions.
  • Interaction logs: Keystroke and click event logs collected via our EventLogger component for application improvement and security monitoring (subject to your consent where required).
  • Session recordings: Full session replay recordings captured via our recording system (using rrweb) for security auditing and application improvement (subject to your consent where required).
  • Error logs: Application error data to help us diagnose and fix issues.

3. How We Use Your Information

We use the information we collect for:

  • Time tracking and EVV compliance: Providing accurate time records with location verification as required by homecare agencies and healthcare regulations.
  • Security monitoring: Detecting unauthorized access, preventing fraud, and maintaining audit trails.
  • Application improvement: Analyzing usage patterns to improve the user experience and fix bugs.
  • Audit trails: Maintaining records required for regulatory compliance and organizational accountability.
  • Communication: Sending transactional emails and SMS notifications related to your account and time entries.

4. Third-Party Services

We share data with the following third-party service providers to operate our platform:

  • Supabase: Database hosting, user authentication, and file storage.
  • Vercel: Application hosting and analytics.
  • OpenAI API: AI-powered queries and insights within the platform.
  • Grok / x.ai API: AI-powered insights and analysis features.
  • OpenStreetMap Nominatim: Reverse geocoding to display human-readable addresses from GPS coordinates.
  • Resend: Transactional email delivery.
  • Textbelt: SMS notification delivery.

5. Data Retention

Time entry and compliance data (including EVV records, digital signatures, and location data) is retained as required by applicable healthcare regulations and your organization's data retention policies. Session replays and event logs are retained for security auditing purposes and may be periodically purged in accordance with our internal retention schedules. Account data is retained for the duration of your account and deleted upon account termination as described in Section 6.

6. Your Rights

You have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request that we correct any inaccurate or incomplete personal data.
  • Deletion: Request deletion of your personal data. You may initiate account deletion through the self-service account deletion feature within the application, or by contacting us directly.

To exercise any of these rights, please contact us at privacy@phoneclock.in.

7. Cookies

We use essential cookies for authentication (Supabase auth session cookies) and to store user preferences such as sidebar state. We do not use third-party advertising or tracking cookies. Session recording and interaction logging may be enabled with your consent via our tracking consent banner.

8. Security Measures

We implement industry-standard security measures to protect your data, including:

  • HTTPS encryption for all data in transit.
  • Row Level Security (RLS) policies in our database to ensure data isolation between organizations.
  • Account lockout after 5 consecutive failed login attempts.
  • Automatic session timeout after 4 hours of inactivity.
  • Security headers including Content Security Policy (CSP), HTTP Strict Transport Security (HSTS), and X-Frame-Options.

9. Children's Privacy

Our Service is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected such information, we will take steps to delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after any changes constitutes your acceptance of the revised policy.

11. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

privacy@phoneclock.in

Effective date: February 16, 2026