Legal Documentation
Your data, handled with care and transparency.
Section 01
Overview
LeaveTrack is an employee leave management application designed to help organisations track, approve, and manage staff leave requests. This Privacy Policy explains what personal data we collect, how it is used, and the measures we take to keep it secure.
By using LeaveTrack, your organisation (as a Tenant) and your employees agree to the practices described in this document. We encourage administrators to share this policy with their employees.
Plain-language summary: We collect only what's necessary to run the app. Admins control employee data within their organisation. Passwords are always hashed. Each organisation's data is fully isolated from others.
Section 02
Data We Collect
We collect different categories of data depending on the role within the platform.
For Tenant Administrators (Owners):
- Full name and email address (used for account verification and communication)
- Organisation name and billing details (if applicable)
- Account activity logs (login timestamps, settings changes)
- IP address at the time of registration and login
For Employees (added by Admin):
- Name and email address (assigned by the admin)
- Department, job title, and leave balance
- Leave request history and approvals
- Login timestamps and session metadata
Section 03
Tenant & Admin Verification
LeaveTrack follows a Tenant Owner verification model. Only the primary administrator (owner) of each organisation is required to verify their identity during the registration process.
The verified admin is solely responsible for the accuracy of the organisational data and for managing access within their tenant. Once a tenant is created, the admin receives full control over their organisation's workspace, including inviting employees and configuring leave policies.
Anthropic verifies only the tenant owner. We do not independently verify or validate the identity of individual employees added to the platform.
Section 04
Employee Account Creation
Employee accounts are created and managed entirely by the tenant administrator. The admin assigns an email address and an initial password for each employee. Credentials are then distributed to employees through the admin's preferred internal communication method.
Important: Employee email addresses are not verified by LeaveTrack. The admin is responsible for ensuring that the correct contact information is assigned to each employee account.
Employees may update their own password after first login. The admin retains administrative control over all accounts within the tenant, including the ability to deactivate or remove accounts.
- Employees do not need to complete a separate sign-up flow
- Admin assigns email and distributes credentials
- No email confirmation link is sent to employees
- Employees are encouraged to change their initial password upon first login
Section 05
Password Security
The security of your credentials is paramount. LeaveTrack applies industry-standard password hashing to all user passwords โ both admin and employee accounts.
Passwords are processed using a strong one-way cryptographic hashing algorithm (such as bcrypt) with a unique salt per user. This means:
- LeaveTrack staff cannot view or retrieve any user's password
- Even if the database were accessed without authorisation, passwords remain protected
- Password reset flows generate a new secure credential rather than recovering an old one
- Initial passwords distributed by admins should be changed by employees upon first login
Section 06
Multi-Tenancy Architecture & Data Isolation
LeaveTrack is built on a multi-tenant architecture. Every organisation that registers is assigned a unique Tenant ID, which is used to logically isolate all data within our shared database infrastructure.
All queries, records, and operations are scoped to the requesting tenant's ID. This ensures:
- Organisation A cannot access, view, or modify any data belonging to Organisation B
- Employee records, leave requests, and settings remain fully isolated per tenant
- Tenant IDs are system-generated and not guessable or enumerable
- Access control is enforced at the application and database query levels
In plain terms: Even though multiple organisations share the same underlying database infrastructure, the strict Tenant ID isolation means each organisation operates in its own private partition. No organisation can see another's data.
Section 07
How We Use Your Data
We use the data we collect exclusively to operate, maintain, and improve the LeaveTrack application. Specifically:
- Providing and personalising the leave management service
- Authenticating users and maintaining session security
- Sending administrative communications to verified tenant owners (e.g. billing, security alerts)
- Generating leave reports and analytics within your tenant
- Diagnosing technical issues and improving application stability
- Complying with legal obligations
We do not use employee data for advertising, profiling, or sale to third parties.
Section 08
Data Sharing & Third Parties
We do not sell, rent, or trade personal data. Data may be shared only in the following limited circumstances:
- Service Providers: Trusted infrastructure vendors (hosting, database, email delivery) who are contractually bound to process data only as instructed
- Legal Compliance: When required by applicable law, regulation, or valid government request
- Business Transfers: In the event of a merger or acquisition, data may transfer to the successor entity under the same privacy commitments
Any third-party processors engaged by LeaveTrack are required to maintain data security standards consistent with this policy.
Section 09
Data Retention
We retain data for as long as a tenant account is active and as needed to fulfil the purposes described in this policy.
Tenant administrators may request early deletion of their organisation's data by contacting our support team. Employee data is deleted in full when a tenant account is closed.
Section 10
Your Rights
Depending on your location, you may have certain rights regarding your personal data, including the right to access, correct, or request deletion of your information. Within LeaveTrack:
- Tenant Admins may access, update, or export their organisation's data directly from the dashboard
- Employees may request corrections to their personal information via their admin
- Account Deletion may be requested by the tenant admin for the entire organisation
- Data Portability โ admins may export leave records in CSV format at any time
To exercise rights that cannot be fulfilled through the application interface, please contact us using the details in Section 13.
Section 11
Security Measures
We implement a layered security approach to protect your data:
- All data transmitted between your browser and our servers is encrypted via TLS/HTTPS
- Passwords are hashed using a strong, salted one-way algorithm
- Tenant data is logically isolated using Tenant ID-scoped database queries
- Access controls enforce role-based permissions (admin vs. employee)
- Regular security audits and vulnerability assessments
- Secure server infrastructure with restricted administrative access
While we take extensive precautions, no system is 100% immune. We recommend admins use strong unique passwords and enable any available security features within the platform.
Section 12
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make material changes, we will notify verified tenant administrators via email and display a notice within the application.
Continued use of LeaveTrack after the effective date of a revised policy constitutes acceptance of the updated terms. We encourage admins to periodically review this page and communicate relevant updates to their employees.
Section 13
Contact Us
If you have questions, concerns, or requests related to this Privacy Policy or the handling of your data, please reach out:
LeaveTrack Privacy Team
We aim to respond to all privacy-related inquiries within 5 business days.
privacy@leavetrack.app