Privacy Policy

NepalHRM (“we”, “us”, “our”) respects your privacy. This Privacy Policy describes how we collect, use, store, disclose, and protect personal data when you visit nepalhrm.com, create an account, or use the NepalHRM platform and mobile applications for Android and iOS.

1. Scope

This Policy applies to:

• Visitors to nepalhrm.com
• Prospective customers who contact us
• Authorized users of the NepalHRM web platform and mobile apps
• Employees of our customers whose data is processed via the platform

For employee personal data processed within the platform, the customer (your employer) is the data controller and NepalHRM acts as a data processor, processing the data on the customer's instructions.

2. Information we collect

2.1 Information you give us

• Contact details — name, work email, phone, company
• Account credentials — username, hashed password
• Billing information — for paid subscriptions
• Support interactions — email, chat and ticket content

2.2 Information our customers upload (about their employees)

• Identity — name, government-issued ID numbers, date of birth
• Contact — address, phone, email, emergency contact
• Employment — role, department, reporting line, employment dates
• Financial — salary, bank account, PF / CIT / SSF details, tax status
• Attendance, leave, performance, and lifecycle data
• Documents — contracts, certificates, photo ID, visa

2.3 Information we collect automatically

• Device & browser information, IP address
• Usage data — pages viewed, features used, actions taken
• Cookies and similar technologies — see our Cookie Policy

2.4 Information our mobile apps may access

When you use the NepalHRM mobile apps, we may (with your explicit permission) access:

• Camera — to capture selfies for attendance check-in verification
• Location — to GPS-verify check-ins when your employer enables field attendance
• Storage — to save payslips and documents you download
• Notifications — to deliver approvals, announcements and reminders
• Biometric (FaceID / Fingerprint) — only for on-device app unlock, never sent to our servers

You can revoke any of these permissions in your device settings at any time. Some app features may become unavailable if the relevant permission is revoked.

3. How we use information

• To provide, operate, and improve the NepalHRM service
• To process payments and manage subscriptions
• To communicate about service changes, billing, and support
• With your consent, to send marketing communications (you can unsubscribe anytime)
• To prevent fraud and protect the security of the service
• To comply with legal, tax, and statutory obligations
• To enforce our Terms of Service

4. Legal basis for processing

We process personal data on one or more of the following bases:

• Performance of a contract — our agreement with you or your employer
• Legitimate interests — running, securing, and improving our business
• Consent — for marketing communications and optional features
• Legal obligation — tax, accounting, and statutory requirements

For employee data, our customers are responsible for establishing and documenting the legal basis for processing.

5. How we share information

We do not sell personal data. We share it only:

• With sub-processors who help run our service (hosting, email, payments, analytics) — see our Subprocessors list
• With professional advisors — lawyers, accountants, auditors — under confidentiality
• With government authorities or regulators when legally required
• In the event of a merger or acquisition, with successors under equivalent protections
• With your explicit consent

6. Data transfers

Our primary hosting is in secure, certified data centers. Where data is transferred across borders, we use appropriate safeguards such as standard contractual clauses or equivalent protections.

7. Data retention

• Account and billing data — retained for the life of the account plus 7 years (statutory)
• Customer data in the service — per customer instructions; deleted or exported within 30 days of account termination
• Marketing lists — until you unsubscribe
• Support tickets — 3 years after closure
• Web analytics — up to 26 months

8. Security

We apply industry-standard measures — encryption in transit (TLS 1.2+) and at rest (AES-256), role-based access, audit logging, regular backups, penetration testing, staff training, and physical security at our hosting partners. See our Data Security page for more.

9. Your rights

Subject to applicable law, you may have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Request deletion of your data
• Restrict or object to processing
• Receive your data in a portable format
• Withdraw consent at any time
• Lodge a complaint with a supervisory authority

To exercise these rights, email privacy@nepalhrm.com. If you are an employee of one of our customers, please contact your employer first, as they control your record.

To delete your personal account or request deletion of data you created directly with NepalHRM, visit our Account & Data Deletion page.

10. Children's privacy

NepalHRM is a business-to-business service not intended for children under 18. We do not knowingly collect personal data from minors. If you believe we have collected data from a child, contact us so we can remove it.

11. Cookies and tracking

See our Cookie Policy for details on cookies and similar technologies used by nepalhrm.com.

12. Third-party links

Our website and apps may contain links to third-party sites. We are not responsible for their privacy practices. Please review their policies separately.

13. Changes to this policy

We may update this Policy from time to time. Material changes will be notified via email or in-product notice. The “last updated” date at the top reflects the latest change. Continued use after changes constitutes acceptance.

14. Contact

Privacy questions: privacy@nepalhrm.com
Data Protection contact: dpo@nepalhrm.com
Postal: NepalHRM, Kathmandu, Nepal