Privacy Policy

1. Scope and Controller Information

This Privacy Policy explains how Peopleist App processes personal data when you use our mobile app, website, and support channels. Peopleist App is a workforce productivity app for your team: it lets you sign in with Google, join your organisation's workspace, organise work as Projects, Jobs, and Tasks, run recurring Checklists, move items through To Do, Doing, Done, Checked, and Authorised statuses, run a Checker/Authoriser approval flow, chat 1:1 and in groups with end-to-end encryption, place voice and video calls, view your Google Calendar, log attendance, request leaves, and manage roles. Peopleist App is operated by Peopleist India Private Limited, Office No. 933, B-3, Spaze I.T Park, Sector 49, Gurgaon, Haryana - 122018, India ("we", "us").

2. Controller, Processor, and Organisation Admins

Peopleist App operates as the processor for data inside your organisation's workspace; your organisation or employer (acting through its Super Admin and Tech Admin) is the controller of that data. We act as the controller for account-level data tied to your individual sign-in (such as your Google profile and your organisation membership) and for diagnostics, abuse reports, and similar service-operation data.

3. Data Categories We May Process

• Account and profile data: Google account identifier, display name, email address, profile picture URL, sign-in metadata.
• Organisation membership data: The organisation you belong to, your role(s), your designation and responsibility level, your department, the date you joined, your membership status (active, invited, left), and pending invites and join requests.
• Work data: Projects, Jobs, Tasks, and Checklists you create or are assigned to; their content, status transitions (To Do > Doing > Done > Checked > Authorised), assigned dates and due times, recurrence schedules, attached files, and the audit history of who changed what and when.
• Approval data: Approval requests for completions, edits, and deletions, including who requested, who approved or rejected, and any comments.
• Communication data: Chat-conversation metadata (participants, timestamps, delivery state), call signaling metadata, voice-note and media metadata, and read receipts. Message content in 1:1 and group conversations is end-to-end encrypted between participants.
• Attendance and leave data: Daily attendance entries, leave requests, leave types, leave-approval records, and Time Manager actions.
• Google Calendar data: If you choose to connect Google Calendar, the events from your own calendar that the app reads in order to display them to you. See Google Calendar data below.
• KPIs, skills, and feedback: Skills, competencies, KPIs, and feedback you or your admins enter against your profile inside your organisation.
• Content you provide: Profile media, voice notes, photos, videos, documents you upload, chat attachments, abuse-report submissions, and support submissions.
• Location data: Only when you choose to attach your current location to a chat message. Peopleist App does not continuously track location.
• Device and diagnostics data: Device model, OS version, app version, language, crash logs, performance and connectivity diagnostics.
• Notification data: Push tokens and notification metadata used to deliver task assignments, approval requests, chat messages, attendance reminders, and similar in-app events.
• Legal and compliance records: Rights requests, abuse reports, and lawful-request handling records.

4. End-to-End Encryption

Messages between Peopleist App users are end-to-end encrypted - only the people in the conversation can read the message content. Peopleist App does not have access to the plaintext content of end-to-end encrypted messages. Message metadata (sender, recipients, timestamps, delivery state) is processed by us so we can deliver messages reliably.

5. Permissions and Optional Access

Depending on the features you use, Peopleist App may request permissions such as notifications, microphone, camera, photo-library access, contacts (for adding teammates), location (only when attaching it to a chat message), and read-only Google Calendar access (only when you connect your calendar). You can manage permissions through your device settings at any time. Revoking a permission disables only the related feature.

6. Google Calendar Data

When you choose to connect Google Calendar, Peopleist App requests read-only access to your Google Calendar using the calendar.readonly scope. A future version of the app may request the calendar.events scope so you can create or edit events from inside Peopleist App; we will request that additional access only when, and if, that feature is introduced.

We use this access only to read your own Google Calendar events and display them to you inside the app's Calendar tab. Calendar events are cached locally on your device so the Calendar loads quickly and works offline. We do not transmit your Google Calendar data to our servers, we do not share or sell it, and we do not use it for advertising or to train machine-learning models.

Peopleist App's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

You can revoke Peopleist App's access to your Google Calendar at any time from your Google Account permissions. When you disconnect Google Calendar or sign out, the locally cached calendar data is removed from the device.

7. Why We Process Data

• Provide core app functionality and account services.
• Run the Workspace, Approvals, Checklists, Chat, Attendance, Leaves, Calendar, Org Chart, Leaderboard, Users, and Settings tabs.
• Deliver task assignments, approval requests, chat messages, voice and video calls, and notifications.
• Generate recurring Projects, Jobs, Tasks, and Checklists on schedule.
• Display your own Google Calendar events alongside your work when you connect your calendar.
• Enforce role-based access (Super Admin, Tech Admin, Authoriser, Checker, Auditor, Maker, Member), including biometric re-authentication on sensitive actions.
• Maintain security, integrity, abuse prevention, and policy enforcement.
• Investigate incidents, debug reliability issues, and improve product quality.
• Comply with legal obligations and respond to valid legal process.

8. Legal Bases (Where Applicable)

Depending on your location, we rely on legal bases such as contract necessity, legitimate interests, consent, and legal obligations. For data processed on behalf of your employer or organisation, your organisation is the controller and you should also consult their privacy notice.

9. Sharing and Recipient Categories

We may share personal data with service-provider categories needed to operate Peopleist App - for example, identity and authentication providers, cloud hosting and database providers, file and media storage providers, real-time communication infrastructure (voice and video), push-notification delivery, error tracking and diagnostics, and analytics. Your Google Calendar data is not included in this sharing - it stays on your device.

Inside your organisation's workspace, your work activity is visible to other members in line with your role and theirs. Authorisers see approval requests; Auditors may view all activity; Super Admin and Tech Admin manage the workspace configuration; Time Managers see attendance and leave activity. Chats are visible only to the participants of that chat.

We may also disclose data to advisers, regulators, or authorities when legally required or to protect rights, safety, and platform integrity. See Law Enforcement Guidelines.

10. Retention

We retain data for as long as needed for service delivery, security, legal compliance, dispute handling, and abuse prevention. Your organisation's data is retained for as long as your organisation uses Peopleist App; when it is deleted, its data is removed in line with our deletion procedures. Account data is retained while your account is active; on account deletion, it is removed as described in Account & Data Deletion. Google Calendar data is held only in the on-device cache and is cleared when you disconnect or sign out.

11. Account Deletion and Data Removal

You may request account deletion in-app (Settings > Account > Delete account) or by email. We delete associated data unless retention is legally required or unless the data belongs to your organisation (in which case your organisation, as controller, decides retention). See Account Deletion & Data Removal.

12. International Transfers

Your data may be processed outside your country of residence, including in jurisdictions where our service providers operate. Where required, we use lawful transfer mechanisms and safeguards. See International Data Transfers.

13. Your Rights

Depending on your region, you may have rights to access, correct, delete, restrict, object, withdraw consent, and request portability.

• EEA/UK/Switzerland: GDPR/EEA/UK/CH Rights
• California: CCPA/CPRA Rights

14. Children

Peopleist App is intended for use in a professional or organisational context and is not directed to children below the applicable minimum age. See Children's Privacy Policy.

15. Security

We apply technical and organizational safeguards intended to protect personal data, including end-to-end encryption for message content and biometric re-authentication for sensitive actions on the device. No system is completely secure, and users should also help protect their accounts and devices.

16. Automated Decision-Making

We may use automated checks for fraud, abuse prevention, and service safety. Where required by law, you can request human review of significant decisions.

17. Service Disclaimer

Peopleist App helps teams plan, track, and review work. It does not guarantee delivery, approval, recall, retention, or availability of any task, message, file, attendance entry, or notification. It is not a system of record for any statutory, regulatory, payroll, or human-resources purpose. See Terms of Use for the full disclaimer and limitation of liability.

18. Policy Changes

We may update this policy as features, legal requirements, or operational practices evolve. Updates become effective when posted with the updated date.

19. Contact

For privacy requests or questions, contact arjun@peopleist.in, or write to Peopleist India Private Limited, Office No. 933, B-3, Spaze I.T Park, Sector 49, Gurgaon, Haryana - 122018, India.