Home/Privacy Policy

Privacy controls for workforce performance data.

ProdSpur is built to help organizations motivate and support frontline teams while protecting personal data and keeping processing tied to clear business purposes.

Last updated

14 Jun 2025

What we collect

Account details, tenant setup data, workforce records entered into the product, and limited usage and security telemetry.

How we use it

To provide ProdSpur, operate it securely, support customers, and improve reliability for frontline teams.

Your rights

You may request access, correction, erasure, grievance redressal, or nomination through the privacy contact below.

Lawful basis and consent

ProdSpur processes personal data only for specified, lawful purposes. Where your organization relies on consent as the legal basis, ProdSpur supports verifiable, informed, and freely given consent before processing begins.

Consent may be withdrawn through the in-app consent controls where enabled by your organization. Withdrawal does not affect the lawfulness of processing already completed.

Information we collect

Account and business details: name, work email, optional phone, company name, industry, and location.
Workforce data: teams, roles, assignments, activity logs, rewards, recognition events, and payout workflow records entered by admins or users.
Product usage: app interactions, feature usage, device metadata, and security telemetry used to improve reliability and protect accounts.
Support interactions: information shared with support, onboarding, or customer success teams.

How we use information

Provide and improve analytics views, activity workflows, goals, incentive programs, rewards, and payout governance.
Secure accounts, detect abuse, troubleshoot reliability issues, and enforce acceptable use.
Deliver support, onboarding, and product communications relevant to customer teams.
Maintain records and logs required to operate the service and support customer requests.

Data flow and sub-processors

ProdSpur data flows through browser or mobile access, frontend delivery, API services, database storage, cache, backups, and transactional email systems.

Primary infrastructure currently uses AWS services in ap-south-1, Vercel for frontend delivery, and Sentry for error monitoring. We do not sell personal data and share data with sub-processors only to operate the service under contractual and security controls.

Data residency and retention

Primary data storage is designed around AWS ap-south-1 in Mumbai, India.
Account data is retained for the life of the account and deleted after closure according to contractual and legal requirements.
Financial audit records for points, rewards, payout requests, and cash movement may be retained longer to satisfy audit and statutory needs.
Consent and security records are retained as evidence of lawful processing and platform protection.

Security controls

Data in transit is protected using TLS. At-rest encryption is provided by the hosting and storage layer.
Access is role-based and restricted to authorized users and personnel.
Sensitive reward, payout, and configuration actions are logged for auditability.
Operational monitoring, backups, dependency review, and controlled releases support service reliability.

Lawful basis and consent

Consent may be withdrawn through the in-app consent controls where enabled by your organization. Withdrawal does not affect the lawfulness of processing already completed.

Information we collect

Account and business details: name, work email, optional phone, company name, industry, and location.

Workforce data: teams, roles, assignments, activity logs, rewards, recognition events, and payout workflow records entered by admins or users.

Product usage: app interactions, feature usage, device metadata, and security telemetry used to improve reliability and protect accounts.

Support interactions: information shared with support, onboarding, or customer success teams.

How we use information

Provide and improve analytics views, activity workflows, goals, incentive programs, rewards, and payout governance.

Secure accounts, detect abuse, troubleshoot reliability issues, and enforce acceptable use.

Deliver support, onboarding, and product communications relevant to customer teams.

Maintain records and logs required to operate the service and support customer requests.

Data flow and sub-processors

ProdSpur data flows through browser or mobile access, frontend delivery, API services, database storage, cache, backups, and transactional email systems.

Data residency and retention

Primary data storage is designed around AWS ap-south-1 in Mumbai, India.

Account data is retained for the life of the account and deleted after closure according to contractual and legal requirements.

Financial audit records for points, rewards, payout requests, and cash movement may be retained longer to satisfy audit and statutory needs.

Consent and security records are retained as evidence of lawful processing and platform protection.

Security controls

Data in transit is protected using TLS. At-rest encryption is provided by the hosting and storage layer.

Access is role-based and restricted to authorized users and personnel.

Sensitive reward, payout, and configuration actions are logged for auditability.

Operational monitoring, backups, dependency review, and controlled releases support service reliability.