Privacy Policy for Workmustra


Last Updated: July 10, 2026


1. Introduction

Workmustra (“we,” “us,” “our,” or the “Company”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our mobile application, website, and related services (collectively, the “Service”).

This Privacy Policy applies to all users of the Service, including Account Owners (businesses, employers, or administrators) and Workers (employees or contractors whose information is managed through the Service).

By using the Service, you consent to the data practices described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Service.


2. Information We Collect

2.1 Information You Provide to Us

Account Owner Information:

  • Registration Data: Name, email address, phone number, company name, and password.
  • Billing Information: Payment method details (processed through our third-party payment processor, Razorpay).
  • Communication Data: Information you provide when contacting our support team.

Worker Information (provided by Account Owners):

  • Personal Identifiers: Full name, employee ID, job title, department.
  • Contact Information: Phone number, email address.
  • Employment Details: Date of joining, employment status, work schedule.
  • Attendance Data: Daily attendance records, check-in/check-out times.
  • Financial Information: Salary details, compensation structure, bank account information (if collected for payroll).
  • Documentation: Any documents uploaded by Account Owners, such as identity proofs, contracts, or other employment-related records.

2.2 Information Collected Automatically

When you use the Service, we may automatically collect:

  • Device Information: Device type, operating system, device identifiers, and mobile network information.
  • Usage Data: Pages or screens visited, features used, time spent on the Service, and interaction patterns.
  • Log Data: IP address, browser type, access times, and referring URLs.
  • App Information: App version, installation source, and app settings.

2.3 Information from Third Parties

We may receive information about you from third parties, including:

  • Payment Processors: Razorpay provides transaction confirmation and payment status.
  • Authentication Services: If you sign in using third-party authentication (if applicable).

3. How We Use Your Information

We use the information we collect for the following purposes:

  1. To Provide and Maintain the Service:
    • Create and manage your account.
    • Enable attendance tracking, worker management, and salary calculation features.
    • Process subscription payments and manage billing.
    • Provide customer support and respond to inquiries.
  2. To Improve Our Service:
    • Analyze usage patterns to enhance user experience.
    • Develop new features and functionalities.
    • Troubleshoot technical issues and optimize performance.
  3. To Communicate with You:
    • Send service-related notifications (e.g., payment confirmations, subscription updates).
    • Provide updates about new features, security alerts, or changes to our policies.
  4. To Ensure Security and Compliance:
    • Detect, prevent, and address fraud, security, or technical issues.
    • Comply with applicable laws, regulations, and legal obligations.

4. Third-Party Services and Data Sharing

4.1 Third-Party Service Providers

We use the following third-party services to operate and improve our Service. Each service provider has its own privacy policy and data processing practices:

4.1.1 Supabase (Backend & Database)

  • Purpose: Our primary backend infrastructure, database, authentication, and real-time services.
  • Data Collected: All user data (account information, worker data, attendance records, etc.) is stored on Supabase servers.
  • Data Storage: Data is stored on secure servers managed by Supabase.
  • Privacy Policy: Supabase Privacy Policy

4.1.2 Razorpay (Payment Processing)

  • Purpose: Processing subscription payments and managing billing.
  • Data Collected: Payment information, transaction history, and subscription details.
  • Data Storage: Razorpay processes and stores payment data on their secure servers.
  • Privacy Policy: Razorpay Privacy Policy

4.1.3 Firebase Analytics (Future Use)

  • Purpose: Understanding how users interact with the Service and improving user experience.
  • Data Collected: Anonymized usage data, app performance metrics, user engagement statistics, and crash reports.
  • Data Storage: Firebase stores analytics data on Google Cloud servers.
  • Privacy Policy: Google Privacy Policy
  • Data Anonymization: We use Firebase Analytics to collect aggregated, anonymized data that does not personally identify you.

4.1.4 Firebase Crashlytics (Future Use)

  • Purpose: Monitoring app stability, diagnosing crashes, and improving app performance.
  • Data Collected: Crash reports, device information, app state at time of crash, and stack traces.
  • Data Storage: Firebase stores crash data on Google Cloud servers.
  • Privacy Policy: Google Privacy Policy
  • Opt-Out: You may disable crash reporting in your device settings.

4.2 Additional Third-Party Services

4.2.1 Share Plus

  • Purpose: Allows sharing of content from the Service to other applications.
  • Data Collected: No data is collected by this package; it only enables sharing functionality.
  • Note: When you use the share feature, the receiving application’s privacy policy applies.

4.2.2 Package Info Plus

  • Purpose: Provides app version and package information.
  • Data Collected: No personal data is collected by this package.

4.2.3 URL Launcher

  • Purpose: Opens web URLs from within the Service.
  • Data Collected: No data is collected by this package.

4.2.4 Country Picker

  • Purpose: Provides country selection functionality for user registration.
  • Data Collected: No data is collected by this package.

4.2.5 Intl

  • Purpose: Provides internationalization and localization support.
  • Data Collected: No data is collected by this package.

4.2.6 Provider

  • Purpose: State management for the app.
  • Data Collected: No data is collected by this package.

4.3 Data Sharing Summary

ServicePurposeData SharedData Location
SupabaseBackend & DatabaseAll user dataCloud (US/Europe/Asia)
RazorpayPayment ProcessingPayment detailsIndia/International
Firebase AnalyticsUsage AnalyticsAnonymized usage dataGoogle Cloud
Firebase CrashlyticsCrash ReportingDevice info, crash logsGoogle Cloud

5. Legal Basis for Processing (for Users in the EEA/UK)

If you are located in the European Economic Area (EEA) or the United Kingdom, we process your personal data based on the following legal grounds:

  • Contractual Necessity: Processing is necessary for the performance of our contract with you (e.g., providing the Service).
  • Legitimate Interests: Processing is necessary for our legitimate business interests, such as improving the Service and ensuring security.
  • Legal Obligation: Processing is necessary to comply with applicable laws and regulations.
  • Consent: Where you have provided explicit consent for specific processing activities.

6. Data Security

We implement reasonable technical and organizational measures to protect your personal information, including:

  • Encryption: Data is encrypted in transit using SSL/TLS protocols. Supabase provides encryption at rest.
  • Access Controls: Only authorized personnel have access to personal data.
  • Secure Storage: Data is stored on secure servers with firewalls and intrusion detection systems.
  • Regular Security Reviews: We conduct periodic security assessments.

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.


7. Data Retention

We retain your personal information only for as long as necessary:

7.1 Account Owner Data

  • Retained for the duration of your active subscription.
  • Upon account termination, data is retained for 30 days to allow for data export.
  • After this period, we delete or anonymize your data, unless required by law.

7.2 Worker Data

  • Retained at the direction of the Account Owner.
  • Account Owners determine retention periods for their worker data.
  • Data is deleted when the Account Owner terminates their subscription.

7.3 Firebase Analytics Data

  • Firebase Analytics data is retained for [specify period, e.g., 14 months] as per Google’s data retention policies.

7.4 Crashlytics Data

  • Crash reports are retained for [specify period, e.g., 90 days] to identify and fix issues.

8. Your Rights

Depending on your location and applicable law, you may have certain rights:

8.1 Rights for All Users

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your data (subject to legal obligations).

8.2 Additional Rights for EEA/UK Users

  • Restriction: Request restriction of processing.
  • Data Portability: Request transfer of your data to another provider.
  • Objection: Object to processing based on legitimate interests.
  • Withdraw Consent: Withdraw consent at any time.

8.3 Rights for Indian Users (under DPDP Act)

  • Obtain Confirmation: Request confirmation of whether we process your personal data.
  • Access: Request a summary of your personal data.
  • Correction: Request correction, completion, or updating of your data.
  • Erasure: Request erasure of your data when no longer necessary.
  • Grievance Redressal: File a complaint with the Data Protection Board of India.

8.4 How to Exercise Your Rights

Email: privacy@workmustra.com

For Worker Data: Workers should first contact their employer (the Account Owner). If the Account Owner does not respond, workers may contact us directly.

We will respond to your request within 30 days as required by applicable law.


9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including:

  • United States: Firebase Analytics and Crashlytics data is processed on Google Cloud servers in the US.
  • India: Razorpay and Supabase may have servers in India.
  • European Union: Supabase may have servers in Europe for EEA users.

We ensure adequate protection through:

  • Standard contractual clauses (SCCs) approved by regulatory authorities.
  • Ensuring service providers are compliant with applicable data protection laws.

10. Cookies and Tracking Technologies

We may use cookies and similar tracking technologies to enhance your experience:

  • Analytics Cookies: Used by Firebase Analytics to collect usage data.
  • Performance Cookies: Used to monitor app performance and crashes.
  • Preferences: To remember your preferences and settings.

You can control cookies through your browser or device settings. However, disabling cookies may affect the functionality of certain features.


11. Children’s Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children.

Under the Digital Personal Data Protection Act, 2023, we are required to obtain verified parental consent before processing the personal data of children (below 18 years of age) or persons with disabilities.


12. Third-Party Links and Services

The Service may contain links to third-party websites, applications, or services. This Privacy Policy does not apply to such third-party services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you use.


13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the updated Privacy Policy on our website and within the application.
  • Sending an email notification (if we have your email address).
  • Displaying a prominent notice within the Service.

The “Last Updated” date at the top of this Privacy Policy indicates when it was last revised. Your continued use of the Service after the effective date constitutes your acceptance of the updated Privacy Policy.


14. Grievance Redressal

In compliance with the Digital Personal Data Protection Act, 2023, and the Information Technology Act, 2000, we have appointed a Grievance Officer:

Grievance Officer: [Name of Grievance Officer]
Email: grievance@workmustra.com
Address: [Your Business Address]
Response Time: Acknowledgment within 24 hours, resolution within 30 days.


15. Contact Us

Email: lalit@aarviapps.com
Phone: +918460159166



© 2026 Workmustra. All Rights Reserved.