Legal

Last updated Invalid Date.

Draft pending counsel review. This page is published so the site is link-complete; the binding version will be the one our attorney signs off on before paid customers come on board. The substance below is accurate.

ClockVe (“we”, “our”, “us”) is operated by Cloudsmith Labs LLC, based in Salt Lake City, Utah. This policy explains what data we collect when you use ClockVe at clockve.com and app.clockve.com, why we collect it, and what choices you have.

What we collect

Account data. Email address, name, company name, role, and any profile fields you choose to enter. This is needed to run the account.

Workforce data. When your team uses ClockVe, we store the records needed to operate it: timecards (clock-in / clock-out timestamps, optional location coordinates when geofence is enabled, optional photo when photo-clock-in is enabled), schedules, time-off requests, and the audit log of administrative actions.

Payment data. Billing email, billing address, and Stripe customer identifier. We never see your card number — Stripe processes it end-to-end.

Usage data. Standard server logs (IP address, user agent, timestamps) are retained for 30 days for debugging, security, and abuse prevention. We use self-hosted PostHog for product analytics; no third-party tracking pixels or advertising SDKs run on ClockVe.

Why we collect it

To provide ClockVe. That’s the entire purpose. We don’t:

  • Sell or share your data with brokers, advertisers, or any third party for their own commercial use.
  • Use your team’s timecards or location data to train AI models.
  • Send marketing email to your employees on your behalf.

The only places your data flows outside our infrastructure are:

  • Stripe — billing.
  • AWS SES — outbound email (signup verification, lifecycle notifications you and your team have consented to).
  • Cloudflare — DNS, TLS termination, DDoS protection. Cloudflare sees encrypted traffic only; they don’t see your data.

Retention + your rights

  • Export anytime. CSV from the dashboard. Full database export on request to hello@clockve.com — fulfilled within 14 days.
  • Delete anytime. Account deletion requests honored within 30 days. Backups age out within 90 days after that.
  • Correct anytime. Anything wrong, email us; we’ll fix it.
  • Object to processing. Email hello@clockve.com and we’ll work with you to restrict processing where the law allows.

EU + UK customers (GDPR). You have the rights listed above plus the right to lodge a complaint with your local data protection authority. Our Data Processing Agreement is available on request.

California (CCPA). You have the right to know what categories of personal information we have collected about you and request deletion.

Security

See our security page for the technical details: TLS everywhere, encryption at rest, US-hosted, role-based access, audit logs. Disclosing a vulnerability? security@clockve.com.

Cookies

We use one cookie strictly necessary to the application: your session token at app.clockve.com. No tracking cookies, no third-party cookies, no consent banner needed under EU rules.

Children

ClockVe is intended for use by adults in a workplace setting. We do not knowingly collect data from anyone under 16. If you believe we have, email hello@clockve.com and we’ll delete it.

Changes

We’ll update this policy as the product evolves. Material changes get an email to account admins; the “Last updated” date at the top reflects the most recent revision.

Contact

Cloudsmith Labs LLC Salt Lake City, Utah, USA hello@clockve.com

Questions about this document? Email hello@clockve.com.