Privacy Policy

CloudMex Technologies operates HRMex—HR, payroll, attendance (including biometric integrations where enabled by your organization), reporting, and visitor management (VMS) solutions for businesses.

Many HRMex users access the Services through their employer or organization. In those cases, your organization is typically the data controller for employee and workforce data it enters or authorizes in HRMex (for example, profiles, attendance, payroll inputs, visitor logs). CloudMex generally acts as a data processor, handling personal data on the organization’s instructions and under contract.

If you are an employee or contractor, contact your HR or IT department for questions about what data is collected, why, and your rights—they are often best placed to respond. You may also contact us using the details above, and we will work with your organization where appropriate.

Depending on how you use HRMex, we or your organization may process categories such as:

• Account and profile data: name, work email, phone, employee ID, role, department, and credentials.
• Workforce and HR data: attendance and time records, leave, shifts, payroll-related fields your organization configures, documents, and approvals.
• Biometric or device identifiers (where used): templates or identifiers from biometric devices (e.g., face or fingerprint) only where your organization has lawfully enabled such features and in line with applicable law and internal policy.
• Visitor management (VMS): visitor names, contact details, host, visit time, and related security logs as configured by the customer.
• Technical and usage data: IP address, device type, app version, diagnostic logs, and approximate location derived from network information when needed for security or support.
• Communications: messages you send to us (support, sales, feedback).

We use personal data to:

• Provide, operate, and improve the Services (hosting, authentication, backups, analytics on usage patterns in aggregate where applicable).
• Support customers and end users, including troubleshooting and security monitoring.
• Meet legal, regulatory, and contractual obligations.
• Send service-related notices and, where permitted, product updates (you can opt out of marketing where the law requires).

We align our practices with applicable privacy and employment-related laws. In India, this includes awareness of the Digital Personal Data Protection Act, 2023 (DPDP Act) and related rules as they apply to our role and processing activities. Where we process personal data of individuals in the European Economic Area (EEA) or UK, we rely on appropriate bases such as contract, legitimate interests (balanced against your rights), or consent where required.

Specific retention, consent, and rights for employees are often governed by your employer’s policies and local labor law; we assist our customers in meeting their obligations through configurable controls and documentation.

If your organization or our Services integrate with Google offerings (for example, Google Play for app distribution, Google Sign-In, Google Maps or location APIs, Firebase / cloud tooling, or Google Workspace integrations), Google may process certain technical or account-related data under its own policies.

We design and review integrations to respect Google API Services User Data Policy (including Limited Use requirements where applicable), Google Play data safety and disclosure expectations for published apps, and applicable Google developer terms. We do not use Google user data obtained through restricted scopes for advertising unrelated to providing the integrated feature, and we do not sell that data.

Official Google references:

We may share personal data with:

• Your organization—as the controller of workforce data.
• Service providers—hosting, email delivery, SMS/push, analytics, support tools, and security vendors, under strict confidentiality and data-processing terms.
• Authorities—when required by law or to protect rights, safety, and integrity of users and the Services.

We do not sell personal data as traditionally defined under consumer privacy laws.

We implement administrative, technical, and organizational measures appropriate to the sensitivity of HR and payroll data, including:

• Encryption in transit (TLS) and encryption for data at rest where supported by our infrastructure.
• Role-based access controls, authentication, logging, and monitoring.
• Secure development practices, vulnerability management, and staff training on confidentiality.
• Incident response procedures to detect, contain, and notify as required by law or contract.

No method of transmission or storage is 100% secure; we continuously work to improve safeguards.

We retain personal data only as long as needed to provide the Services, comply with law (including employment and tax record-keeping), resolve disputes, and enforce agreements. Retention schedules may be set by your organization’s configuration and statutory requirements. When data is no longer needed, we delete or anonymize it in line with our procedures.

Depending on your location and whether your employer is the controller, you may have rights to access, correct, delete, restrict, or object to certain processing, and to withdraw consent where processing is consent-based. You may also have the right to lodge a complaint with a supervisory authority (for example, in the EEA/UK).

To exercise rights against CloudMex for data we control directly, email info@hrmex.in. For workforce data held on behalf of your employer, we may forward your request to them or guide you to the right contact.

We may process and store data in India and, where we use global cloud providers, in other countries. When we transfer personal data across borders, we use appropriate safeguards such as standard contractual clauses or other mechanisms required by applicable law.

HRMex is intended for business and workforce use. It is not directed at children under 16 (or the minimum age required in your jurisdiction). We do not knowingly collect personal data from children for consumer purposes. If you believe we have collected such data in error, contact us and we will take appropriate steps to delete it.

Our websites and apps may use cookies, local storage, and similar technologies for session management, preferences, security, and aggregated analytics. You can control cookies through your browser settings; some features may not work if you disable essential cookies.

We may update this Privacy Policy from time to time. We will post the revised version on this page and update the “Last updated” date. For material changes, we will provide additional notice as required by law (for example, via email or in-app notice).