Back to Home

Privacy Policy

Last updated: February 16, 2026

1. Introduction

PhoneClock.in ("we," "our," or "the Service") is a cloud-based time tracking and Electronic Visit Verification (EVV) platform designed for homecare agencies, caregivers, and employees. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.

2. Information We Collect

2.1 Account Information

  • Full name and email address
  • Role designation (employee, caregiver, or administrator)
  • Profile picture (if uploaded)

2.2 Time & Location Data

  • Clock-in and clock-out timestamps
  • GPS coordinates (latitude, longitude, and accuracy) captured at clock-in and clock-out for EVV compliance
  • Reverse-geocoded location names derived from coordinates
  • Digital signatures collected at clock-out (employee and client)

2.3 Device Information

When the device capture feature is enabled, we may collect:

  • User agent string and browser platform
  • Browser language preference
  • Screen dimensions (width and height)

2.4 Usage & Analytics Data

With your consent, we may collect:

  • Interaction event logs (clicks and keystrokes) for application improvement
  • Session replay recordings for quality assurance and debugging
  • Error logs including JavaScript error messages and stack traces
  • Vercel web analytics (page views and performance metrics)

2.5 Security Data

  • IP addresses associated with login sessions
  • Login attempt history (successful and failed)
  • Session identifiers and device fingerprints
  • Security events (suspicious activity, account lockouts)

3. How We Use Your Information

  • Time tracking and EVV compliance: Recording work hours with verified GPS locations and digital signatures as required by homecare regulations
  • Security monitoring: Detecting unauthorized access, preventing brute-force attacks, and maintaining audit trails
  • Service improvement: Analyzing usage patterns to improve the platform experience (with consent)
  • Communication: Sending transactional emails (password resets, account notifications) and SMS alerts
  • Reporting: Generating timesheets, compliance reports, and audit records for employers

4. Third-Party Services

We share data with the following third-party service providers who process data on our behalf:

  • Supabase — Database hosting, user authentication, and file storage
  • Vercel — Application hosting and web analytics
  • OpenAI — AI-powered query assistance and insights (when used by administrators)
  • OpenStreetMap Nominatim — Reverse geocoding of GPS coordinates into human-readable addresses
  • Resend — Transactional email delivery
  • Textbelt — SMS notification delivery

We do not sell your personal data to any third party.

5. Data Retention

  • Time entry and compliance data: Retained as required by applicable healthcare regulations and employer policies (typically 6–10 years)
  • Session replays and event logs: Retained for security auditing and quality assurance purposes, typically for up to 90 days
  • Security event logs: Retained for up to 1 year for threat analysis and compliance
  • Account data: Retained for the duration of your account. Upon account deletion, personal data is permanently removed

6. Your Rights

You have the right to:

  • Access your personal data and request a copy
  • Correct inaccurate or incomplete personal data
  • Delete your account and associated personal data via the self-service account deletion feature in your settings or by contacting us
  • Withdraw consent for optional data collection (session replays and interaction logging) at any time via the consent preferences
  • Object to processing of your personal data in certain circumstances

To exercise any of these rights, use the in-app settings or contact us at contact@phoneclock.in.

7. Cookies & Local Storage

  • Authentication cookies: Essential session cookies managed by Supabase for maintaining your logged-in state
  • Preference cookies: Sidebar state and user interface preferences
  • Consent preferences: Your tracking consent choice stored in browser local storage

We do not use third-party advertising or tracking cookies.

8. Security Measures

We implement industry-standard security practices including:

  • HTTPS/TLS encryption for all data in transit
  • Row Level Security (RLS) policies on all database tables
  • Automatic account lockout after 5 consecutive failed login attempts (30-minute lockout period)
  • Session timeout after 4 hours of inactivity with a maximum of 3 concurrent sessions
  • Security headers including Content Security Policy (CSP), HTTP Strict Transport Security (HSTS), and X-Frame-Options
  • IP change detection and suspicious activity monitoring
  • Strong password requirements (minimum 8 characters with complexity rules)

9. Children's Privacy

PhoneClock.in is a business application not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will take steps to delete such information promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Your continued use of the Service after any changes constitutes acceptance of the updated policy.

11. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Email: contact@phoneclock.in

Terms of Service
    Privacy Policy - PhoneClock.in