Legal

Privacy Policy

Last updated: May 16, 2026

1. Scope and Roles

This Privacy Policy explains how OnSight collects, uses, stores, and shares information through our website, admin dashboard, mobile application, APIs, and related support channels.

When an organization uses OnSight to manage employees, worksites, attendance, geofencing, exceptions, device trust, audit logs, or AI-assisted workforce insights, that organization is generally the controller of employee workplace data. OnSight processes that data on behalf of the organization to provide the service.

2. Information We Collect

We collect the information needed to operate a workforce intelligence and compliance platform.

  • Account and company data: name, email address, phone number, company name, industry, company size, roles, permissions, department, position, employee ID, invitation status, and authentication records.
  • Attendance and worksite data: check-ins, check-outs, current check-in status, assigned worksites, geofences, teams, exception records, notes, reasons, timestamps, and admin actions.
  • Location data: latitude, longitude, accuracy, location source, recorded time, geofence entry/exit context, nearest worksite data, and live location status during configured company work time.
  • Identity verification data: selfie images when enabled by an organization, verification metadata, and check-in evidence used to reduce buddy punching and fraudulent attendance records.
  • Biometric approval data: confirmation that a mobile check-in was approved locally with Face ID, Touch ID, or device biometrics. OnSight does not receive or store biometric templates.
  • Device trust data: approved device status, device identifiers, operating system, app version, model, mock-location indicators, emulator indicators, rooted or jailbroken status, compromised-device signals, and other integrity signals submitted by the mobile app.
  • AI feature data: prompts, summaries, risk flags, generated insights, usage counts, token counts, model metadata, and supporting evidence used by AI-assisted features such as exception intelligence, workforce summaries, and compliance insights.
  • Payment and subscription data: plan, billing status, Paystack customer and subscription references, payment events, trial information, invoices, and subscription limits. We do not store raw card numbers.
  • Support, demo, and contact data: details submitted through demo forms, contact forms, support requests, emails, and related rate-limiting or anti-abuse metadata.
  • Technical data: IP address, user agent, device type, browser, operating system, logs, diagnostics, performance traces, error reports, and security events.

3. How We Use Information

We use information to provide, secure, improve, and support OnSight.

  • Provide geofenced attendance, auto check-in, manual check-in, exception handling, live workforce visibility, reporting, exports, and audit logs.
  • Validate whether users are allowed to check in at a worksite based on company settings, assigned geofences, teams, primary worksites, working hours, subscription tier, and policy controls.
  • Detect and reduce attendance fraud, buddy punching, GPS spoofing, device sharing, and compromised-device check-ins.
  • Send account, verification, password reset, admin invitation, security, support, and product emails.
  • Operate subscriptions, enforce plan limits, process payments, manage trials, and provide customer support.
  • Generate AI-assisted insights, summaries, recommendations, risk signals, and operational intelligence where enabled.
  • Monitor reliability, debug errors, improve performance, secure the platform, and prevent abuse.
  • Comply with legal obligations, enforce agreements, and protect OnSight, customers, employees, and the public.

4. Sharing and Service Providers

We do not sell personal information. We share information only as needed to provide the service, comply with law, protect rights, or operate our business.

Customer admins may view employee and operational data according to their role, permissions, subscription tier, and company configuration.

  • Cloud and infrastructure providers such as AWS, Vercel, Cloudflare, PostgreSQL hosting, Redis hosting, and object storage providers.
  • Email and communication providers such as Postmark or similar services for transactional emails.
  • Payment processors such as Paystack for subscription and billing workflows.
  • Map, geocoding, and location providers such as Mapbox and Google Maps where maps, address validation, or geocoding are used.
  • Security and anti-abuse providers such as hCaptcha and related rate-limiting services.
  • Observability and error monitoring providers such as Sentry and New Relic.
  • AI infrastructure providers where AI-assisted features are enabled and used to generate summaries, insights, and risk signals.
  • Professional advisers, authorities, or counterparties when required for legal, compliance, security, or business-transfer purposes.

5. Location, Selfie, Biometric, and Device Integrity Controls

OnSight is designed for workplace attendance and compliance. Organizations configure when and how location, selfie verification, biometric approval, and device trust controls are required.

Background location access is used only where enabled and required for workforce features such as auto check-in, live location during company work time, and policy enforcement. Employees should contact their employer for questions about their organization's monitoring policy.

Selfies and device integrity signals are used to confirm that check-ins are legitimate. Local biometric approval happens on the employee device; OnSight receives approval status, not biometric templates.

6. Data Retention

We retain information for as long as needed to provide the service, meet contractual commitments, comply with law, resolve disputes, enforce agreements, and support auditability.

Location history, raw tracking data, exports, AI logs, identity verification records, and audit logs may have different retention periods based on subscription tier, company configuration, legal requirements, and backup schedules.

7. Security

We use administrative, technical, and organizational safeguards designed to protect information, including access controls, hashed passwords, MFA for protected admin workflows, role-based permissions, audit logging, encryption in transit, object storage controls, and least-privilege operational access.

No system is perfectly secure. Customers are responsible for configuring their policies carefully, protecting admin accounts, reviewing access permissions, and promptly reporting suspected unauthorized access.

8. Your Choices and Rights

Depending on your location, you may have rights to access, correct, delete, export, object to, or restrict certain processing of your personal information.

Employees whose organization uses OnSight should usually contact their employer first, because the employer controls most workplace attendance and compliance records. You may also contact us and we will help route the request appropriately.

9. International Transfers

OnSight, our customers, and our service providers may process information in countries other than where you live or work. Where required, we use appropriate safeguards for international transfers.

10. Changes to This Policy

We may update this Privacy Policy as OnSight evolves. If we make material changes, we will update the date above and provide notice through the service, email, or other reasonable means.

11. Contact

For privacy questions or requests, contact us at hello@onsight.work.