Privacy Policy

Last updated: June 2026 (revised)

1. Introduction

Emplora ("we", "our", "us") is a workforce scheduling platform. This Privacy Policy explains what data we collect, why we collect it, who we share it with, and the rights you have over your data under the EU General Data Protection Regulation (GDPR), the UK GDPR, and similar privacy laws.

For the purposes of GDPR Article 4(7), the data controller for marketing site visitors is Emplora. For data collected inside the app (employee schedules, time-off, etc.), Emplora acts as the data processor on behalf of the customer organisation that signed up; that organisation is the data controller for its own employees.

GDPR-grade, worldwide. Emplora is available globally, and we apply GDPR-grade data protection to every customer and user, regardless of where they are located. Wherever you are, we extend the core rights described in Section 8 to you as a baseline, in addition to any rights you may have under your local law (such as the California rights in Section 11).

2. Information we collect

We collect three categories of information:

  • Account data - name, email address, organisation name, role. Collected when you sign up for a manager account. Authentication is handled by Clerk; we never see your password. If you start a free trial of a paid plan, we record the trial start and end dates against your organisation. If you purchase a paid plan, we also store your subscription plan and billing references; card details are entered directly with our payment processor (Stripe) and never touch our servers.
  • Workforce data- employees you add (name, optional contact details, job title, employment type, internal staff number, pay rate, schedule, time-off, sick leave) and each employee's notification preferences (per-topic email opt-outs they control themselves). Where provided, we also store the name and phone number of an employee's emergency contact. Emergency contacts are third parties entered by you as the manager: under GDPR Art. 14 you are responsible for informing that person that their details are stored in Emplora and that they can ask you to correct or remove them. Employees access this data via a PIN-protected page; we do not require employees to create an account.
  • Usage data - pages visited, browser type, approximate region (derived from IP, not stored as IP). Collected via Google Analytics 4 only if you accept analytics cookies. See our Cookie Policy for the technical details.

3. Legal basis for processing

  • Contract (Art. 6(1)(b)) - running the scheduling service, billing, account management.
  • Legitimate interest (Art. 6(1)(f)) - security, abuse prevention, error monitoring (via Sentry, with personal-data scrubbed before transmission).
  • Consent (Art. 6(1)(a)) - analytics and marketing cookies. You can withdraw consent at any time via the tool.
  • Legal obligation (Art. 6(1)(c)) - responding to lawful requests, tax records, etc.

4. How we use your data

  • To deliver the scheduling service and the features you use.
  • To run and manage free trials of paid plans: to enforce the one-trial-per-organisation rule, show how much trial time remains, and revert your organisation to the Free plan when a trial ends.
  • To send transactional emails (employee invitations, password resets, billing receipts, and - where the employee has not opted out - notification emails about their own shifts, time-off, and swaps).
  • To improve the product (only with your analytics consent).
  • To detect and prevent fraud, abuse, or security incidents.
  • To comply with legal obligations.

Sick-leave pattern summaries. For organisations whose plan includes sick-leave monitoring, Emplora computes simple timing summaries over sick-leave records (for example, several events within 30 days, or a concentration of Monday/Friday start dates) and surfaces them to managers as patterns to review. These summaries are descriptive tools only: they make no judgement about any leave and trigger no automated consequence. The employer, as data controller, decides whether and how to use them, is responsible for informing employees that leave patterns are monitored, and must follow local employment law before acting on any pattern.

We do not sell or share your personal data as those terms are defined under applicable law. We do not use Customer Data to train machine-learning models. We do not currently run paid advertising; if that changes, we will update this policy and our Cookie Policy before any advertising trackers load.

5. Categories of third parties (sub-processors)

We share data with a small number of carefully vetted sub-processors who help us operate Emplora. We have a Data Processing Agreement with each one. By category, these include:

  • Application hosting and edge network - operates the Emplora infrastructure that serves emplora.io and app.emplora.io.
  • Primary database - stores all workforce data: organisations, employees, schedules, time-off, sick leave. EU-resident.
  • Authentication service - manages manager accounts, password hashing, session tokens.
  • Transactional email delivery - sends employee invitations, password resets, and billing notifications.
  • Error monitoring - receives anonymised crash reports and performance traces. Cookies and auth headers are scrubbed before transmission. EU-resident.
  • Web analytics (optional, marketing site only) - loaded only with your cookie consent. Uses Google Consent Mode v2 with IP anonymisation. If you decline, the script operates in cookieless mode and no identifying data is collected.
  • Real-time messaging - delivers live schedule and notification updates to active sessions.
  • Payment processing- handles paid-plan billing. Card details are entered directly with the processor and never touch Emplora's servers; for payment data the processor acts as an independent controller.
  • Webhook verification - validates the authenticity of inbound service events (sign-in events, email delivery status) before we act on them. Payloads are processed transiently.
  • Content management - stores the marketing blog content. Does not process personal data.

The named vendor for each category, what they process, and their data-residency region are listed on our dedicated Sub-processors page. We commit to giving customer organisations at least 30 days notice before adding or replacing any sub-processor.

Customers who act as data controllers can review the processor terms that apply to their use of Emplora in our Data Processing Agreement.

6. International data transfers

Some sub-processors operate outside the EEA / UK. Where personal data is transferred outside the EEA or UK, we rely on an appropriate safeguard: the EU-US Data Privacy Framework (where the provider is certified), the European Commission's Standard Contractual Clauses, and, for transfers of UK personal data, the UK International Data Transfer Addendum (UK IDTA). The region in which each sub-processor processes data is listed on our Sub-processors page.

Note that while workforce data at rest is stored in the EU, application traffic is served through our hosting provider's global edge network, so requests (including the personal data they carry in flight) may transit the United States or other regions before reaching the EU database. This in-transit processing is covered by the same safeguards above and by TLS encryption end to end.

7. Data retention

  • Account and workforce data: retained while your subscription is active. If you cancel, we keep it for up to 90 days so you can resubscribe. If you request deletion (Settings > Privacy), all organisation and workforce data is permanently deleted 30 days after the request, carried out by an automated daily process.
  • Data above a plan's limits on downgrade: when your plan changes to lower limits (for example a Professional trial expiring, or a cancellation), any locations, teams, or employees above the new limit are locked, not deleted. They stay in your account and remain visible. They are archived (soft-deleted) only if you explicitly choose to switch to the Free plan and archive the excess. Archived data is recoverable in the same way as a manual deletion; permanent erasure of it follows the standard account-deletion / GDPR route above (Settings > Privacy). We do not run a separate automatic purge of archived trial data.
  • Login failure ledger (anti-brute-force): rows older than 15 minutes are deleted automatically by a daily sweep and opportunistically on login attempts.
  • In-app notifications: deleted automatically 180 days after they are created.
  • Audit logs of administrative actions (employee changes, approvals, exports): retained for the life of the organisation to support accountability, and permanently deleted together with the organisation's data when a deletion request completes.
  • Server access logs (Vercel): deleted after 30 days.
  • Sentry error reports: retained for 30 days on the free plan.
  • Google Analytics aggregated data: retained per Google's default (2 months for user data, 14 months for events).
  • Email delivery records (Resend): retained for the duration required to support deliverability monitoring, typically 30 days.

8. Your rights under GDPR

We apply GDPR-grade protection to all users worldwide, so we extend the following rights to you as a baseline, wherever you are located, in addition to any rights you have under your local law:

  • Access - request a copy of the personal data we hold about you.
  • Rectify - correct inaccurate or incomplete data.
  • Erase - request deletion of your data (right to be forgotten).
  • Restrict - limit how we process your data.
  • Object - object to processing based on legitimate interest.
  • Portability - receive your data in a machine-readable format.
  • Withdraw consent - at any time, without affecting prior lawful processing.
  • Lodge a complaint - with a supervisory authority in your country. Emplora is established in Bulgaria; our lead supervisory authority is the Bulgarian Commission for Personal Data Protection (CPDP / КЗЛД).

To exercise any of these rights, please contact us. We respond within 30 days as required by GDPR Art. 12(3).

If you are an employee scheduled through Emplora: your employer is the data controller for your workforce data, so requests about that data (access, correction, deletion) should go to your employer first - they hold the relationship and the context to act on it, and we assist them as their processor. If your employer is unresponsive or has ceased operating, contact us directly and we will help route or, where appropriate, fulfil the request.

Automated decision-making. Emplora does not make decisions that produce legal or similarly significant effects about you based solely on automated processing within the meaning of GDPR Art. 22. Scheduling views, totals, and any suggestions are tools that assist managers, who remain responsible for the decisions they make.

9. Children and younger workers

You must be 18 or older to create a manager account or accept our Terms. Employee data in Emplora is entered by the customer (the employer), who is the data controller. Employers may lawfully engage younger workers (for example, teenagers in retail or hospitality), so a minor worker's data may be processed in the Service. Where that happens, the employer is responsible for the lawful basis for processing that data under GDPR Art. 6 (typically the employment contract, a legal obligation, or legitimate interests) and for any work permits, parental consent, or notices required by local employment and data-protection law.

The digital-consent thresholds in GDPR Art. 8 (and national rules such as age 14 under the Bulgarian Personal Data Protection Act) apply to online services offered directly to a child, not to an employer's processing of a worker's data, and Emplora does not rely on a child's consent. Emplora does not knowingly offer its marketing site or manager accounts to children; if you believe a child has signed up directly, please contact us.

10. Data security

We protect your data with industry-standard measures: TLS in transit, encrypted database at rest, bcrypt-hashed PINs and passwords, role-based access control, and a multi-tenant isolation policy where every database query is scoped by organisation ID.

We maintain a breach-response process. For workforce data we process on a customer's behalf, Emplora acts as processor: we notify the customer (the data controller) without undue delay after becoming aware of a personal data breach and assist them in meeting their own obligations, including notifying their supervisory authority within 72 hours and affected individuals where required (GDPR Arts. 33-34). For data where Emplora is itself the controller (for example, marketing-site data), we notify the competent supervisory authority within 72 hours where required, and affected individuals where the breach is likely to result in a high risk to their rights.

11. Your US state privacy rights (California and others)

If you are a resident of California or another US state with a comprehensive privacy law, you have rights over your personal information under laws such as the California Consumer Privacy Act, as amended by the CPRA.

  • Categories we collect: identifiers (name, email), professional or employment information (schedules, time-off), and internet/usage data (analytics, collected only with consent). Sources and purposes are described in sections 2 to 4 above.
  • We do not sell or share your personal information as those terms are defined under the CPRA, and we do not use or disclose it for cross-context behavioural advertising. Because we do not sell or share, no opt-out is required, but you may still contact us with any request.
  • Your rights: to know and access, delete, and correct your personal information, and to not be discriminated against for exercising these rights.
  • How to exercise them: contact us. We will verify your request and respond within the time required by law. You may use an authorised agent.

12. Changes to this policy

We may update this Privacy Policy. When we make material changes, we will notify you by email to the address on file, or by a banner on the site. The "Last updated" date at the top of this page always reflects the latest version.

13. Contact us

For privacy questions, GDPR rights requests, or to report a security concern, please contact us or email hello@emplora.io.

For all data-protection matters you can reach our privacy contact at hello@emplora.io. We have assessed our obligations under GDPR Art. 37 and will appoint a Data Protection Officer if and when our processing meets the threshold that requires one.

Emplora is operated by CAPITAL MANAGEMENT 2000 LTD, 224 6th of September Boulevard, Central District, Plovdiv 4000, Bulgaria. As we are established in the EU, a representative under GDPR Art. 27 is not required. If you are in the UK, you can also reach our UK GDPR Art. 27 representative once appointed; until then, please use the contact details above.

We use cookies to improve your experience

We use cookies to analyse site usage and improve our service. Learn more