Privacy Policy
Version 1.0 · Last updated: 29 May 2026
1. Introduction and legal framework
This Privacy Policy describes how personal data is collected and processed within the Workin application (https://app.workin.app) and the marketing website (https://workin.app), published by Pi-Com Sàrl. It is established in compliance with:
- the revised Swiss Federal Act on Data Protection (nFADP), revised and in force since 1 September 2023, and its ordinance (DPO) ;
- the General Data Protection Regulation (GDPR, Regulation (EU) 2016/679), where it applies (users or client companies located in the EU / EEA).
2. Roles: controller and processor
Workin acts in a dual capacity depending on the data concerned:
- Pi-Com Sàrl is the PROCESSOR for the employee data of client companies (clock-ins, hours, geolocation, leave, medical certificates, etc.). In this case, it is the client company that is the controller of its own employees' data. The terms of this processing are set out in the Data Processing Agreement (DPA), available on request.
- Pi-Com Sàrl is the CONTROLLER for: the account data of administrators and the management of the contractual relationship (registration, subscription, billing, support); the marketing website data; the technical data necessary for the security and operation of the Service (logs, error monitoring).
Contact details:
- Controller: Pi-Com Sàrl, Rue de Lausanne 22, 1030 Bussigny, Switzerland
- IDE / register: CHE-490.271.650
- “Privacy” contact: app@workin.app
As Pi-Com Sàrl is established in Switzerland and the processing of data of persons located in the EU is not carried out on a large scale on a regular basis, Pi-Com has, as things stand, not appointed a representative in the EU (art. 27 GDPR) or a data protection officer (DPO). This assessment is reviewed in light of the development of the activity.
3. Categories of data collected
3.1. Account and identity data
First name, last name, email address (Firebase Authentication); password (hashed, never accessible in clear text by Pi-Com); postal address (optional); preferred language and theme; role (administrator, manager, employee) and company(ies) of affiliation.
3.2. Working-time data (employees)
Clock-ins (start/end times, breaks, net durations, multiple sessions); time-stamped timeline of events; type of device used for clock-in; contractual parameters (activity rate, hours per day, engagement periods, contract type, balances and carry-overs); overtime and its payment.
3.3. Geolocation data
Approximate GPS position (latitude, longitude, accuracy) captured at each clock-in event when geolocation is enabled, and a readable address derived by reverse geocoding (via Nominatim / OpenStreetMap). Geolocation can be disabled at any time by the company and by each user (“My profile”). The user's consent is tracked (date, version, status).
3.4. Leave and absence data
Leave requests (dates, type of absence, reason, status, working days, comments) and medical certificates uploaded as attachments (see 3.5).
3.5. Sensitive data / data deserving particular protection
Certain data falls within the special categories (art. 9 GDPR) and sensitive data (art. 5 let. c nFADP):
- Medical certificates (health data): files uploaded as supporting documents, stored in Firebase Storage. Access is restricted to the employee concerned, administrators and the designated manager. These files are permanently purged upon deletion of the employee's or the company's account;
- Data revealing health status via the types of absence (sickness, accident, maternity, paternity);
- Geolocation (which may reveal movements / habits).
The processing of this data is the responsibility of the client company (employer), which must have an appropriate legal basis (see § 5).
3.6. Billing and subscription data
Subscription status (plan, tier, currency, status, dates); Stripe customer identifier and billing history (managed by Stripe). The payment card data is processed exclusively by Stripe and never stored by Pi-Com (which receives only the brand and the last 4 digits for display).
3.7. Technical data, logs and monitoring
Server logs (Google Cloud Logging / Error Reporting); frontend error reports via Sentry (with masking of personal data, see § 11); rate-limiting data; data stored locally in the browser (see § 8).
4. Purposes of processing
| Purpose | Data concerned |
|---|---|
| Provision of the time tracking and hours management service | Accounts, clock-ins, contractual parameters |
| Geolocation of clock-ins (option, with consent) | GPS position, derived address |
| Leave and absence management | Leave requests, medical certificates |
| HR reporting and exports (PDF/Excel) | Hours, absences, identity |
| Authentication and access security | Credentials, verified email, App Check |
| Sending transactional emails | Email, first name, language |
| Subscription management and billing | Subscription data, Stripe identifier |
| Customer support | Contact details, company reference |
| Security, abuse prevention, monitoring | Logs, technical data, Sentry |
| Compliance with legal obligations (labor law) | Clock-ins, contracts, absences |
5. Legal bases
On the client company side (controller of its employees — indicative bases): performance of the employment contract (art. 6(1)(b) GDPR; art. 31 nFADP); legal obligation (art. 6(1)(c) GDPR) for the retention of working-time data; legitimate interest (art. 6(1)(f) GDPR) for internal organization and abuse prevention; consent (art. 6(1)(a) and 9(2)(a) GDPR) for geolocation and, where applicable, health data. The precise classification is for each company as controller.
On the Pi-Com side (controller): performance of the contract (Terms / subscription); legal obligation (accounting retention); legitimate interest (security, fraud prevention, monitoring, improvement of the Service).
6. Processors and recipients
Pi-Com uses the following processors, selected for their security guarantees. None is authorized to use the data for purposes other than the provision of its service to Pi-Com.
| Processor | Role | Location |
|---|---|---|
| Google Firebase / Google Cloud (Google Ireland Ltd. / Google LLC) | Authentication, database (Firestore), storage (certificates), Cloud Functions, hosting | European Union (Cloud Functions in europe-west1, Belgium; database and storage in a European region) |
| Resend (Resend, Inc.) | Sending transactional emails | United States (transfer with safeguards, see § 7) |
| Stripe (Stripe Payments Europe, Ltd. / Stripe, Inc.) | Payments, subscription, tax calculation | Ireland (EU) and United States |
| Sentry (Functional Software, Inc.) | Error monitoring (personal data masked) | United States (transfer with safeguards, see § 7) |
| OpenStreetMap / Nominatim | Reverse geocoding (coordinates → address) | European Union |
| OpenHolidays API | Public holidays and subdivisions (no personal data) | European Union |
The fonts (Arimo, DM Mono) are self-hosted: no request is sent to Google Fonts servers. No third-party audience analysis (analytics) tool is used.
7. Data transfers outside Switzerland / the EU
The data is hosted primarily in the European Union. Some processors (in particular Resend, Sentry, and the US entity of Stripe / the parent company Google LLC) may process data in the United States. These transfers are covered by appropriate safeguards, in particular the European Commission's Standard Contractual Clauses (SCC) (art. 46 GDPR) and the standard clauses recognized by the FDPIC (PFPDT) for transfers from Switzerland, where applicable supplemented by the recipient's adherence to the EU–US Data Privacy Framework (DPF) and its Swiss extension.
8. Cookies, audience measurement and local storage
8.1 Strictly necessary elements (without consent)
The Workin application relies on the browser's local storage (localStorage) and Firebase authentication, strictly necessary for the operation of the Service:
| Element | Purpose |
|---|---|
| Firebase authentication token | Keeping the logged-in session |
workin-lang | Remembering the interface language |
workin-theme | Remembering the theme (light / dark / auto) |
workin-consent | Remembering your choice on measurement cookies |
geo_notice_ok | Remembering the dismissal of the geolocation notice |
| Service Worker cache (PWA) | Offline operation |
As these elements are strictly necessary, they do not require prior consent.
8.2 Website audience measurement (with consent)
The marketing site workin.app uses Google Analytics 4 (loaded via Google Tag Manager) to measure traffic and improve content. These measurement cookies are placed only after your explicit consent (banner displayed on your first visit); the IP address is anonymized. You can decline or change your choice at any time via the “Manage cookies” link at the bottom of the page. The processing is carried out by Google Ireland Ltd / Google LLC; any transfer outside the EU/Switzerland is covered by appropriate safeguards (standard contractual clauses).
9. Retention periods
| Category | Duration (indicative) |
|---|---|
| Clock-ins, hours, absences | Duration of the employment contract, then according to the legal obligations of labor law (Switzerland: ≈ 5 to 10 years depending on the documents; to be adapted to the Client's country) |
| Medical certificates (health) | The time strictly necessary to process the absence; purged upon deletion of the employee's or the company's account |
| Geolocation data | Retained with the associated clock-ins |
| Administrator / user accounts | Duration of the contractual relationship |
| Billing / subscription | Legal accounting obligations (Switzerland: ≈ 10 years) |
| Technical logs and monitoring | Limited duration necessary for security and debugging (generally a few months) |
| After account deletion (art. 17 GDPR) | Anonymized identity, medical certificates purged; clock-ins may be retained (anonymized/pseudonymized) for the employer's accounting and labor law needs |
Restriction related to labor law: an employee still active in at least one company cannot self-delete. Deletion must be preceded by a removal by the employer, due to the legal obligations to retain time-tracking data.
10. Rights of data subjects
In accordance with the nFADP and the GDPR, every person has the following rights: access (art. 25 nFADP; 15 GDPR), rectification (art. 32 nFADP; 16 GDPR), erasure (art. 17 GDPR; 32 nFADP), portability (art. 28 nFADP; 20 GDPR) — Workin offers a full JSON export from “My profile” —, objection (art. 21 GDPR; 30 nFADP), restriction (art. 18 GDPR) and withdrawal of consent at any time (in particular geolocation).
How to exercise: for data processed by Pi-Com as a processor (employee data), the person addresses, in principle, their employer (the client company as controller); Pi-Com assists them. For data for which Pi-Com is the controller (administrator account, billing), requests are sent to app@workin.app. The response is provided within the legal time limits (in principle 30 days). The requester's identity may be verified before the request is processed.
11. Security
Pi-Com implements appropriate technical and organizational measures, in particular: encryption in transit (HTTPS/TLS) and at rest (Google Cloud infrastructure); strict multi-tenant isolation (Firestore and Storage security rules); authentication with mandatory email verification; App Check (reCAPTCHA Enterprise); role-based access control; rate limiting; security HTTP headers (strict CSP, etc.); masking of personal data before transmission to monitoring; logging of sensitive actions.
In the event of a data breach likely to give rise to a risk, Pi-Com notifies the competent authority — the FDPIC (PFPDT) in Switzerland and/or the relevant EU supervisory authority — as soon as possible (in principle within 72 hours where the GDPR applies), and informs the data subjects where the law requires it.
12. Minors
The Service is intended for professional use within an employment relationship. It is not aimed at minors outside this context. Where a minor apprentice is concerned, the processing is the responsibility of the employer, who ensures compliance with the specific rules applicable to minors' data.
13. Right to lodge a complaint with a supervisory authority
Any data subject may lodge a complaint with the competent authority:
- In Switzerland: the Federal Data Protection and Information Commissioner (FDPIC (PFPDT)) — www.edoeb.admin.ch ;
- In the European Union: the supervisory authority of the State of residence (e.g. the CNIL in France).
14. Changes to this Policy
Pi-Com may modify this Policy to take account of legal or technical developments. The applicable version is the one published at https://workin.app/confidentialite. In the event of a substantial change, the users concerned are informed by an appropriate means.
15. Contact
Email: app@workin.app
Publisher: Pi-Com Sàrl, Rue de Lausanne 22, 1030 Bussigny, Switzerland
IDE: CHE-490.271.650