Privacy Policy
Last updated: May 8, 2026
This Privacy Policy explains how Sharkforce Inc. (“Sharkforce”, “we,” “us,” or “our”) collects, uses, shares, and protects personal data when you use our websites, applications, APIs, and related services (collectively, the “Service”). It also explains the choices and rights that may be available to you under applicable law.
Personal Data We Collect
We may collect contact details, account and authentication data, organization and billing information, workforce and scheduling records, support communications, uploaded files and images, device and log data, cookie and browser data, location data, audit trails, and information we receive from customer administrators, integrations, or other authorized sources.
Where Personal Data Comes From
We collect personal data directly from users and customer administrators, from Service usage and devices, from cookies and similar technologies, and from customer-connected systems or integrations. Where enabled by a customer and legally permitted, data may also be validated through trusted third-party or government-linked sources used for onboarding, compliance, or fraud prevention.
Our Role in Processing Personal Data
For workforce and operational data submitted by organization customers, the customer generally acts as the controller (or equivalent) and Sharkforce acts as a processor/service provider on documented instructions. Sharkforce acts as a controller for data we process for our own legitimate business purposes, such as account administration, billing, service security, abuse prevention, legal compliance, and customer support.
How We Use Personal Data
We use personal data to provide and secure the Service, authenticate users, manage accounts, process payments, operate scheduling and workflow features, support customers, improve performance and reliability, investigate abuse or security incidents, comply with legal obligations, and protect rights, safety, and the Service.
Legal Bases and Consent
Depending on jurisdiction, we process personal data based on performance of a contract, legitimate interests, legal obligations, and consent where required. Where consent is used (for example, certain optional cookies, marketing, or customer-configured biometric/location features), users may withdraw consent at any time, subject to legal or contractual limits and without affecting prior lawful processing.
Biometrics, Location, and AI Features
If a customer enables facial recognition, identity verification, or related AI features, we may collect or generate facial images, biometric reference data or provider-managed identifiers, liveness or similarity signals, timestamps, verification results, and related logs. We may also process GPS coordinates or geofence events for attendance and location-based workflows. These features may be provided using approved biometric verification subprocessors acting on our behalf. Customers are responsible for deciding whether to enable these features and for providing legally required notices and obtaining legally required consents.
AI and Product Improvement
We may use submitted content to provide requested AI, automation, and verification features. We do not use customer workforce data to train general-purpose AI models unless we clearly disclose that use and have an appropriate legal basis or permission.
How We Share Personal Data
We may share personal data with service providers and subprocessors that help us host, support, secure, analyze, communicate, process payments, authenticate users, map locations, or perform biometric and verification services; with customer-designated administrators and integrations; with professional advisers, auditors, insurers, or transaction counterparties; or when required by law or needed to protect rights, safety, or the Service.
Third-Party Links and Features
Our websites and apps may link to or integrate with third-party sites and services. Their privacy practices are governed by their own notices and policies, not this Policy. We encourage you to review third-party privacy terms before using those services.
Cookies and Similar Technologies
We use cookies and similar technologies to keep users signed in, remember preferences, measure usage, detect abuse, and support embedded features. Some cookies are essential. Others are optional and may be managed through our cookie tools or browser settings.
Retention
We retain personal data for as long as needed for the purposes described in this Policy, customer instructions, applicable contracts, and legal obligations. Retention periods vary by data type, feature, customer settings, and law. When data is no longer required, we delete, de-identify, or anonymize it as appropriate.
Account Deletion and Data Lifecycle
Where available, users may request account deletion in-app or by contacting us. Deletion requests may include validation and review steps to protect organizations and prevent abuse. Certain records (for example attendance, payroll, tax, fraud-prevention, security, legal hold, and audit records) may be retained where required by law, contract, or legitimate business need.
Security
We use commercially reasonable technical, administrative, and organizational safeguards designed to protect personal data, including encryption in transit and at rest where appropriate, access controls, logging, and monitoring. No system is completely secure, and we cannot guarantee absolute security.
Data Incidents and Breach Notifications
If we determine that a breach of security safeguards involving personal data creates a real risk of significant harm, we will take steps required by applicable law, which may include notifying affected individuals, reporting to regulators, and maintaining records of qualifying incidents. Where notification is required, we will do so as soon as feasible in accordance with legal requirements. Where required, breach records are retained for at least 24 months.
International Transfers
We may process data in the United States and other countries where we or our service providers operate. When required by law, we use contractual or other lawful safeguards for cross-border transfers.
Your Rights and Choices
Depending on your jurisdiction, you may have rights to access, correct, delete, port, restrict, object to, or withdraw consent for certain processing. You can submit requests to [email protected]. We may need to verify identity and authority before responding, and certain requests may need to be handled by the organization that controls the account or workforce data. Where PIPEDA applies, we generally respond within 30 days, subject to lawful extensions and exceptions.
Children's Privacy
The Service is intended for business use and is not directed to children. We do not knowingly collect personal data from children under 13 through our public websites. Customers remain responsible for lawful use of the Service in workplace, education, or youth-related settings.
Changes and Contact
We may update this Privacy Policy from time to time. When we do, we will post the revised version and update the "Last updated" date. Privacy requests: [email protected]. Legal inquiries: [email protected]. Support: [email protected]. Mailing address: Sharkforce Inc., Toronto, Ontario, Canada.
الحين تعرف.
شوف كيف الحضور الموثّق والتحقق الذكي وكشوف الرواتب الآلية تشتغل لفريقك.