Privacy Policy

Karva Technologies ("we", "us", "our") operates KarvaHRMS, a cloud-based Human Resource Management System. This Privacy Policy explains how we collect, use, disclose, and protect information when you use our Service at newhrms.karvatechnologies.com.

By using KarvaHRMS, you agree to the collection and use of information in accordance with this policy.

1. Overview

KarvaHRMS processes two types of data: (a) Account Data about the organisation and its administrators, and (b) Employee Datathat organisations upload about their employees. We act as a data processorfor Employee Data on your behalf — you (the organisation) remain the data controller.

2. Data We Collect

2.1 Account & Company Data

• Company name, address, industry, size
• Administrator name, email address, phone number
• Billing information (processed by Razorpay — we do not store card details)
• Usage logs and activity data related to your account

2.2 Employee Data (uploaded by your organisation)

• Employee names, contact details, job titles, departments
• Attendance records and timestamps
• Salary and payroll information
• Leave applications and balances
• Performance reviews and appraisal data
• Documents, contracts, and letters
• Biometric face embeddings (for face recognition attendance)

2.3 Technical Data

• IP address and device information
• Browser type and operating system
• Pages visited and features used (for analytics and support)
• Error logs and performance data

2.4 Data Summary Table

3. How We Use Your Data

We use the data we collect to:

• Provide, operate, and maintain the KarvaHRMS Service
• Process payments and manage subscriptions
• Send transactional emails (payslips, leave approvals, account notifications)
• Provide customer support and respond to inquiries
• Monitor and improve the performance and security of the Service
• Comply with legal obligations
• Detect and prevent fraud or abuse

We do not use your employee data for marketing, advertising, or any purpose beyond operating the Service you have subscribed to.

4. Sharing Your Data

We do not sell, rent, or share your personal data with third parties for their marketing purposes. We may share data in the following limited circumstances:

4.1 Service Providers

We use trusted third-party providers to help operate the Service. They are bound by confidentiality and data processing agreements and may only use your data to perform services on our behalf:

• Razorpay — payment processing
• MongoDB Atlas — database hosting
• Cloudinary — file and image storage
• Email delivery providers (for transactional emails)

4.2 Legal Requirements

We may disclose your data if required by law, court order, or government authority, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

4.3 Business Transfers

If Karva Technologies is involved in a merger, acquisition, or sale of assets, your data may be transferred. We will notify you before your data becomes subject to a different privacy policy.

5. Biometric & Face Recognition Data

The face recognition attendance feature processes biometric data. Here is how we handle it:

• What we store: Mathematical face embeddings (numerical vectors), not photographs or images.
• Purpose: Solely for employee attendance identification within your organisation.
• Your responsibility: You (the employer) are responsible for obtaining informed, written consent from each employee before enrolling their face data. You must also comply with applicable local laws regarding biometric data collection.
• Access: Only authorised administrators of your account can manage enrolled face data.
• Deletion: Face embeddings are permanently deleted when an employee is removed from the system or when your account is terminated.

6. Data Storage & Security

Your data is stored on secure cloud infrastructure. We implement the following security measures:

• TLS/SSL encryption for all data in transit
• Encryption at rest for sensitive data fields
• Role-based access controls — staff can only access data relevant to their role
• Regular automated backups
• Security monitoring and intrusion detection
• Employee access logs and audit trails

While we take security seriously, no method of transmission over the internet is 100% secure. If you become aware of any security vulnerability, please contact us immediately at admin@karvatechnologies.com.

7. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. Upon cancellation:

• Your data remains accessible for 90 days — you may request a full data export during this period.
• After 90 days, all data including employee records, attendance logs, and face embeddings are permanently deleted from our systems and backups.
• Billing records may be retained for up to 7 years as required by Indian tax law.

8. Your Rights

As an account holder, you have the following rights regarding your data:

• Access: Request a copy of all data we hold about your company and employees.
• Correction: Update or correct inaccurate information directly within the platform or by contacting us.
• Deletion: Request deletion of your account and all associated data.
• Portability: Export your data in a machine-readable format (CSV) before account closure.
• Objection: Object to specific processing activities where permitted by law.

To exercise these rights, contact us at admin@karvatechnologies.com. We will respond within 30 days.

Employee rights: Individual employees whose data is processed by KarvaHRMS should first contact their employer (the data controller). We will cooperate with employers to fulfil employee data requests.

9. Cookies & Tracking

KarvaHRMS uses minimal cookies required for the Service to function:

• Session cookies: To keep you logged in during a session.
• Authentication tokens: Stored securely to maintain your login state (JWT).

We do not use advertising cookies or third-party tracking pixels. You can clear cookies from your browser settings at any time, though this will log you out of the Service.

10. Third-Party Services & Links

The Service may contain links to third-party websites or integrate with external services. This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party services you use.

Our key third-party integrations and their privacy policies:

• Razorpay Privacy Policy
• MongoDB Privacy Policy
• Cloudinary Privacy Policy

11. Children's Privacy

KarvaHRMS is a business HR management platform and is not directed at individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor's data has been submitted, please contact us immediately.

12. International Data Transfers

Your data is primarily stored and processed in India. Some of our service providers (such as MongoDB Atlas and Cloudinary) may store data in other regions. Where data is transferred internationally, we ensure appropriate safeguards are in place through standard contractual clauses or equivalent mechanisms.

13. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes by email or prominent notice on the platform at least 14 days before the changes take effect.

The "Last updated" date at the top of this page reflects the most recent revision. Continued use of the Service after changes constitutes your acceptance.

14. Contact Us

For any privacy-related questions, data access requests, or concerns, please contact our Data Protection contact:

• Karva Technologies
• G-14, Ground Floor, COXBIT, TNAU Campus, Coimbatore – 641 003, Tamil Nadu, India
• Email: admin@karvatechnologies.com
• Phone: +91 93635 63693

We aim to respond to all privacy requests within 30 business days.