Privacy Policy

Last updated: March 26, 2026

Introduction

This Privacy Policy describes how Checkly collects, uses, and protects personal information when you use our HR management platform. This policy applies to all data processed through our services, including attendance records, scheduling data, leave records, payroll information, and workforce reports.

Information We Collect

We collect information you and your organization provide directly, as well as information automatically generated when using our platform:

Personal & Employment Information:

  • Email address for authentication, communication, and account management
  • Full name for identification, reporting, and payroll purposes
  • Job title, department, role permissions, and organizational hierarchy

HR & Operational Data:

  • Check-in/check-out times, shift schedules, leave requests, and payroll records
  • Geographic location data when using GPS-based attendance verification
  • Device information, IP addresses, and browser data for security and audit purposes

How We Use Your Information

We use the collected information for the following purposes:

  • Record and manage employee attendance, shifts, leave balances, and payroll calculations
  • Verify user identity and provide role-based secure access to the platform
  • Send notifications for schedule changes, leave approvals, payroll updates, and service announcements
  • Meet legal and regulatory requirements for employment records, payroll documentation, and data retention
  • Analyze usage patterns and workforce data to improve platform functionality and user experience

Information Sharing

We do not sell, trade, or otherwise transfer your personal information or employee data to third parties without your consent, except as described below:

We may share information in the following limited circumstances:

  • With your explicit consent or at the direction of your organization's administrator
  • To comply with legal obligations, court orders, labor regulations, or law enforcement requests
  • To protect the rights, property, or safety of Checkly, our users, or others

Data Security

We implement robust technical and organizational measures to protect your personal and organizational data:

  • End-to-end encryption for data in transit and at rest
  • Role-based access controls and authentication mechanisms
  • Regular security monitoring and intrusion detection systems

Your Rights

You have certain rights with respect to your personal information:

  • Right to access your personal data and request copies
  • Right to correct or update inaccurate information
  • Right to request deletion of your data (subject to legal retention requirements)
  • Right to data portability (receive your data in a structured, machine-readable format)
  • Right to object to certain data processing activities

Regulatory Compliance

Checkly works to keep our data handling practices aligned with applicable privacy laws in the regions we serve. In Indonesia — our primary market — that means continuously updating our platform to reflect the requirements of Indonesia's Personal Data Protection Law (Undang-Undang Pelindungan Data Pribadi, or UU PDP, Law No. 27 of 2022, in full effect since October 17, 2024). We also build with broader frameworks such as GDPR principles in mind so that customers operating across Southeast Asia can rely on consistent baseline protections.

We make every effort to stay current with regulatory changes, but our platform is not a substitute for legal counsel. If you have specific compliance obligations under UU PDP, GDPR, or other applicable laws, please consult a qualified attorney for advice tailored to your organization.

Where Your Data is Stored

Your account data, attendance records, schedules, notes, and other operational data are stored in a Supabase project hosted in Frankfurt, Germany (AWS region eu-central-1). Database queries, file storage, and authentication operations are all processed in this region.

For users in the European Economic Area (EEA), your operational data does not leave the EEA for storage — no GDPR Chapter V transfer is involved.

For users in Indonesia, transferring data from Indonesia to the EEA is a cross-border transfer under UU PDP (Law 27/2022) Article 56. We rely on (a) the EEA's recognised framework providing an equivalent level of personal-data protection and (b) the standard contractual safeguards in our agreement with our hosting provider, Supabase Inc., as the legal basis for that transfer.

Some optional third-party processors (such as analytics) may store data in other regions; these are described in the Cookies and Analytics section below.

Cookies and Analytics

Checkly uses cookies and similar technologies for two purposes: essential cookies that keep you signed in and remember your preferences (these cannot be disabled), and analytics cookies that help us understand how the platform is used so we can improve it.

Analytics cookies only run if you opt in. We use Microsoft Clarity to collect anonymized session data — including page interactions, click and scroll behavior, device type, and approximate location — to identify usability issues and product improvements. Clarity may set first- and third-party cookies and transfer data to Microsoft Corporation in the United States. See the Microsoft Privacy Statement for details.

You can review or change your choice at any time via the link in the footer. Withdrawing consent is as easy as giving it.

Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of material changes by email or through the platform.

Contact Information

If you have questions about this Privacy Policy or our privacy practices, please contact us at legal@checklyhr.com.

View Terms of Service
Privacy Policy | Checkly