Privacy Policy

Last updated: 2026-06-01

This Privacy Policy explains what information WorkForceFSM collects when you use our service, how we use it, who we share it with, and what choices you have. It applies to users in all jurisdictions, with additional rights for California residents described in Section 9.

1. Who this applies to

This Policy applies to people who create an account with WorkForceFSM LLC ("WorkForceFSM", "we", "us", or "our"), a Delaware limited liability company ("Account Users"), and to end customers of those Account Users whose contact details are entered into the platform ("End Customers"). WorkForceFSM acts as a data processor for End Customer data on behalf of Account Users, who are the data controllers for that information.

2. Information we collect

From Account Users when you register: company name, your name, email address, password (stored as a one-way bcrypt hash), and role within your company.

From Account Users as you use the platform: data you choose to enter — including customer records, employee records, jobs, leads, quotes, bills, expenses, tools, and any notes or messages associated with them.

About End Customers (entered by Account Users): name, email address, phone number, postal address, job history, and billing information related to services provided to them.

Automatically when you use the service: IP address, browser type, device information, server logs of API requests, and approximate timestamps. We do not use third-party analytics trackers or advertising cookies.

For payment processing: We do not store full payment card numbers. Card data is collected and stored directly by Stripe, Inc. under their PCI-compliant systems. We receive only a Stripe customer ID and subscription metadata.

3. Categories of personal information (CCPA reference)

CategoryExamplesCollected?
IdentifiersName, email, IP address, account IDYes
Commercial informationSubscription plan, billing historyYes
Internet / network activityServer access logs, browser typeYes
Professional / employment infoJob titles, employee records you enterYes (Account User-entered)
Financial informationPayment card detailsNo — handled directly by Stripe
Sensitive personal informationSSN, precise geolocation, biometricsNo
Inferences / profilesPreferences, behavior profilesNo

4. How we use the information

We do not use personal information for cross-context behavioral advertising. We do not sell or share personal information with third parties for their own marketing purposes.

5. Who we share it with

RecipientPurposeData shared
Stripe, Inc.Subscription billing and payment processingEmail, billing amount, subscription metadata
ResendTransactional email delivery (invoices, quotes, password resets)Recipient email address and email content
TwilioSMS notifications you trigger (when enabled)Recipient phone number and message content
RailwayCloud hosting for our application and databaseAll data stored in the service

We do not sell personal information. We may disclose information when required by law, court order, or government request; when necessary to enforce our Terms of Service; or to protect the safety, rights, or property of our users or others.

6. Do not sell or share my personal information

WorkForceFSM does not sell your personal information to third parties and does not share it for cross-context behavioral advertising. You do not need to opt out — this is our standard practice.

7. Lawful basis (EU / UK users)

We process personal data under one or more of the following legal bases: performance of a contract with you; our legitimate interest in operating and improving the service; your consent (where applicable); and compliance with legal obligations. You may withdraw consent at any time where processing is consent-based, without affecting the lawfulness of prior processing.

8. International data transfers

Our service is hosted in the United States. If you access the service from outside the U.S., your information will be transferred to and processed in the U.S. For transfers from the EU/UK, we rely on Standard Contractual Clauses or equivalent approved safeguards.

9. California residents — your CCPA / CPRA rights

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

How to submit a request: Email privacy@workforcefsm.com with the subject line "California Privacy Request" and describe what you are requesting. We will verify your identity before processing your request and respond within 45 days. We may extend the response period by an additional 45 days when reasonably necessary.

Authorized agents: A California resident may designate an authorized agent to make a request on their behalf. We will require written proof of authorization and may verify the consumer's identity directly.

Shine the Light (California Civil Code § 1798.83): California residents may request information once per calendar year about categories of personal information shared with third parties for their direct marketing purposes. We do not share personal information for third-party direct marketing.

10. How long we keep it

We keep account and usage data for as long as your account is active. After cancellation, we retain Your Data for 30 days during which you may request an export, then remove it from active systems. Backup copies may persist for an additional period before automatic purge. Some records (e.g. financial records required by tax or accounting law) may be retained longer where legally required.

11. Your rights (all users)

Regardless of where you live, you may:

For End Customers whose data was entered by an Account User: please contact the company that holds your information first — they are the data controller for that data. We will assist them in honoring your request.

12. Security

We use industry-standard technical and organizational measures to protect personal information, including encryption in transit (TLS), bcrypt password hashing, tenant-isolated data access, parameterized database queries to prevent SQL injection, and role-based access controls. No system is perfectly secure. If we become aware of a security breach that affects your personal information, we will notify you in accordance with applicable law without undue delay.

13. Cookies & tracking

We use a small number of strictly necessary cookies and browser local-storage items for authentication (JWT tokens) and language preference. We do not use third-party advertising cookies or cross-site tracking technologies. We do not display a cookie consent banner because we do not set non-essential cookies.

14. Children

The service is intended for use by businesses and professionals aged 18 and over. We do not knowingly collect personal information from children under 16. If you believe a child has provided personal information through our service, please contact us immediately at privacy@workforcefsm.com and we will promptly delete it.

15. Changes to this policy

We may update this Policy from time to time. The "Last updated" date at the top reflects the most recent revision. For material changes that affect your rights, we will provide at least 30 days' advance notice via email or in-app notification. Your continued use of the service after the effective date constitutes acceptance of the updated Policy.

16. Contact

Privacy questions or rights requests: privacy@workforcefsm.com
General support: support@workforcefsm.com