This Privacy Policy describes how KLF Pro (“we”, “us”) handles information when you use the KLF Pro CRM (web) and the KLF Pro Employee mobile application. It is written for operational transparency. Legal counsel should review before external publication.
Who this applies to
Employees and other authorized users who sign in with company-issued or company-approved accounts, and internal users (such as HR and administrators) who use the CRM in a work context.
What we collect
- Account and authentication: Email address and password hash for login. API access uses a JSON Web Token (JWT) after you sign in. If you change your password, previously issued tokens are invalidated and you must sign in again.
- Mobile app: Optional “remember me” and biometric unlock (where supported) use credentials and tokens stored only on your device using platform secure storage—not on our servers as plain text. We do not use these features to collect marketing data.
- Push notifications: If you enable notifications, a Firebase Cloud Messaging (FCM) device token may be registered with our backend so we can deliver work-related alerts.
- HR and operational data (high level): Depending on features your organization enables, the systems may process attendance-related data, leave requests, internal queries, chat or messaging content, profile fields, task or project information, and similar employment or operations data needed to run HR and business processes.
- Technical and security logs: Our servers may log API requests, errors, and related metadata (such as timestamps and endpoints) as needed to operate, secure, and troubleshoot the service.
Why we use this information
- To authenticate users and provide access to authorized features.
- To deliver HR, attendance, leave, internal communications, notifications, and related workflows your employer has chosen to use.
- To maintain security, prevent abuse, and diagnose operational issues.
- To send operational push notifications when enabled.
Legal basis and consent
Processing is typically grounded in your employment or contractor relationship, your employer’s legitimate business interests in workforce management, and—where required—your consent (for example, optional device features or notifications, where applicable). Your employer may also define additional rules. This statement does not replace your employment contract or company policies.
Retention and deletion
We retain information for as long as needed to provide the service and meet legal, contractual, and operational requirements of your organization. Specific retention schedules may be set by your employer. Requests about correction or deletion of your personal data in a work context should be directed to your HR or data protection contact (see below).
Third parties
- Hosting and infrastructure: Systems may run on servers or cloud infrastructure chosen by your organization.
- Email and messaging providers: If your deployment sends email or SMS (for example, OTP or notices), those providers may process recipient addresses or phone numbers only as needed to deliver messages.
- Push notifications: Google Firebase / FCM (or equivalent) may process device tokens to deliver notifications.
We do not sell your personal information as a product. We do not claim specific third-party certifications (such as “GDPR certified”) unless your product owner has confirmed that in writing.
Security
- Production access should use HTTPS. Passwords are stored using strong one-way hashing; we do not store plaintext passwords for authentication.
- API access for clients uses JWT bearer authentication; protecting your token and device helps protect your account.
Your rights and contacts
For access, correction, restriction, or deletion requests relating to data processed in the employment context, contact your HR department or your organization’s designated data protection contact (DPO or equivalent). If you are unsure whom to contact, ask your manager or HR.
For technical issues with the application, use the support channel your organization provides.
Changes to this policy
We may update this page from time to time. The “Last updated” date at the top will change when we do. Continued use of the service after changes may be subject to your employer’s policies.
Region: This description is provided for an India-based organization unless your deployment specifies otherwise.