Messaging Privacy Notice

This Notice describes how Yoddhalab Pvt. Ltd., trading as NepalHRM (“NepalHRM,” “we,” “us”), handles workplace messages exchanged inside the platform — channels, direct messages (DMs), attachments, mentions, reactions, and related metadata. It supplements (and where there is a conflict, prevails over) the general Privacy Policy in respect of messaging.

Read this first: NepalHRM is a workplace-communications tool, not a private messenger. Messages are stored on the platform, accessible to the people listed in Section 3, and subject to your employer's workplace policies. Do not use NepalHRM messaging for content you would not want your employer or a future auditor to read.

1. Who is the controller?

Your employer (the company that operates the NepalHRM workspace) is the data controller of every message you send or receive inside that workspace. NepalHRM is the data processor and handles messages on the employer's documented instructions, in line with the Individual Privacy Act 2075 (2018) of Nepal.

2. What is collected

• Message content — text, emoji, mentions, formatting markers.
• Attachments — files, images, voice notes (subject to attachment size limits and your employer's acceptable-use policy).
• Metadata — sender ID, channel / DM target, timestamp, edit history, deliver / read receipts, reactions.
• Network signals — IP address and device type at the moment a message is sent, retained only for abuse-prevention and audit.

We do not scan message content for advertising. We do not feed messages into AI training. Optional in-product features that summarise or translate messages (e.g., the “summarise this thread” assistant) run only when the user explicitly triggers them and only on the messages they already have access to.

3. Who can read your messages

• The sender and every intended recipient — the normal case.
• Members of the channel the message was posted to (channels are listed by name and member count inside the workspace).
• Your employer's HR or admin role — using the audit / compliance tools provided by NepalHRM, where the employer has a lawful basis (Labour Act 2074, internal investigation, regulatory inquiry, or your written consent). Every such access is recorded in an immutable audit log visible to the workspace super-admin.
• NepalHRM engineers — only to the minimum extent necessary to operate, secure, or repair the service. Access is RBAC-gated, requires a recorded incident reason, and is logged.
• Nepali authorities — only on a legally valid request as described in Section 7.

NepalHRM messaging is not end-to-end encrypted. Messages are encrypted in transit (TLS 1.2+) and at rest (AES-256), but the keys are managed by NepalHRM so we can deliver search, audit, retention controls, and compliance features. If your conversation needs end-to-end privacy from your employer, use a different channel.

4. Employer monitoring — what the Labour Act allows

Under the Labour Act 2074 and standard Nepali workplace practice, an employer may monitor work-channel communications for legitimate purposes such as performance management, compliance, dispute investigation, and the protection of company property. Your employer is required to inform you of any monitoring under their internal policy (typically the Employee Handbook or NepalHRM's Acceptable-Use Policy template which they may have adopted).

NepalHRM does not enable real-time keystroke monitoring of messages. The tools available to HR / admin are: search across channels they are a member of, retrieval of specific messages by subject of an investigation, and export of message histories on employee-separation events.

5. Personal use

Whether you may use the workspace messaging for personal conversation is a matter for your employer's policy. NepalHRM does not classify or separate “personal” and “work” messages — all messages inside the workspace are stored identically and subject to the same retention and access rules.

6. Retention

• Default retention. Messages are retained for the life of the workspace unless your employer configures a shorter retention window. Where the platform exposes per-channel retention controls, the configured value applies.
• Deleted messages. Soft-deleted from the conversation view immediately and purged from primary storage on the schedule set out in our Privacy Policy. They may remain in encrypted backups for a limited additional period before backup rotation removes them.
• Legal hold. Your employer may place a legal hold on a channel or user during an active dispute or regulatory inquiry, suspending the normal retention schedule until the hold is lifted.
• Employee separation. The separated employee's outgoing messages remain in channel history as part of the workplace record; access to the individual's direct-message mailbox follows your employer's configured policy.

7. Government and law-enforcement requests

We disclose messages to law enforcement, courts, or regulators only on a legally valid request (court order, search warrant, or written demand validly issued under the laws of Nepal, including the Privacy Act 2075 and the Electronic Transactions Act 2063). Where the law permits we will notify the affected customer (the employer) before disclosing, so they can challenge the request. Where the request directly targets an employee (for example, a personal court order served on the platform), we will also attempt to notify the employee.

8. Mobile applications — messaging-specific permissions

• Push notifications — to deliver new-message alerts. May be disabled in your device settings; the message itself remains accessible inside the app.
• Storage — to save attachments you download.
• Microphone — only if you opt to send a voice note. The recording uploads to the workspace on send; cancellation discards it before upload.
• Camera — only when you attach a fresh photo to a message.
• Contacts — never. We do not read your phone contacts.

9. Reporting abuse

If you receive a message that violates your employer's acceptable-use policy, you can report it from the message's context menu. A report routes to your workspace super-admin (and, where they have configured one, to a workspace HR mailbox). The reporter's identity is visible to the super-admin handling the report; we mask it from the reported user. NepalHRM does not adjudicate the dispute — that is the employer's responsibility — but we provide tooling for the investigation (export, audit, hold).

10. Your rights

You may:

• Edit or delete your own messages, subject to your employer's policy.
• Request export of your own DM mailbox via your workspace settings (subject to your employer's configuration). Where exports are available, they are delivered in a machine-readable format on a reasonable timeline.
• Ask your employer to delete a specific message you sent if your employer's retention policy permits.
• Contact your employer's super-admin if you believe a message was accessed beyond the lawful basis described in Section 3.
• Escalate to NepalHRM at privacy@nepalhrm.com if the employer does not respond within 30 days, or if you believe NepalHRM's own staff have improperly accessed messages.

11. Changes

We may update this Notice from time to time. Material changes will be notified via email or in-product notice at least 15 days before they take effect. The “last updated” date at the top reflects the latest change.

12. Contact

• Workspace questions — contact your employer's NepalHRM super-admin first.
• Privacy escalations — privacy@nepalhrm.com
• Data Protection contact — dpo@nepalhrm.com
• Postal: Yoddhalab Pvt. Ltd. (NepalHRM), Ward No. 7, Chabahil, Kathmandu Metropolitan City, Kathmandu, Nepal