Get started
Legal

Privacy Policy

We collect only what we need to run the service, never sell your data, and protect it carefully. This page explains the details.

Effective

OverviewData we collectHow we use itSharing dataData retentionYour rightsCookiesSecurityPolicy changesContact us

Overview

Weekola("we", "us", or "our") is committed to protecting your personal data and your right to privacy. This Privacy Policy explains what information we collect, why we collect it, and how we handle it when you use our services at weekola.com.

By using Weekola, you agree to the practices described in this policy. If you do not agree, please discontinue use of the service.

Data we collect

We collect the following categories of data:

  • Account data

    Name, email address, and hashed password when you create an account or are invited by an organisation owner.

  • Organisation data

    Organisation name, billing contact details, and module subscription choices.

  • Workforce & operational data

    Rota shifts, attendance records, timesheet entries, swap requests, and leave records created by you or your organisation's admin.

  • Location data

    When clock-in geofencing is enabled by your organisation admin, we collect your device's GPS coordinates at the moment of clock-in. This data is only used to verify proximity to the configured workplace address and is not tracked continuously.

  • Usage data

    Pages visited, features used, browser type, device type, and IP address — collected via standard server logs and analytics to improve the product.

  • Billing data

    Billing is handled by our payment processor. We store only what is necessary to link your subscription to your account (e.g. subscription status, plan tier). We do not store full payment card details.

How we use your data

We use your data to:

  • Provide and maintain the Weekola service.
  • Authenticate users and protect accounts.
  • Process billing and send transactional emails (e.g. receipts, password resets).
  • Enforce geofencing rules configured by your organisation admin.
  • Analyse usage patterns to improve the product.
  • Respond to support requests.
  • Comply with legal obligations.

We process your data on the legal bases of contractual necessity (to deliver the service you signed up for) and legitimate interest (to improve the product and prevent fraud).

Sharing your data

We do not sell your personal data. We share it only in the following limited circumstances:

  • With your organisation owner and admins, as needed to operate the service (e.g. viewing rotas and attendance records).
  • With our payment processor (Stripe) to process billing.
  • With cloud infrastructure providers who host and deliver the service.
  • When required by law, court order, or to protect rights and safety.

All third-party providers are bound by data processing agreements and may not use your data for their own purposes.

Data retention

We retain your account data for as long as your account is active. If you close your account, we will delete your personal data within 90 days, except where we are required to retain it for legal or accounting purposes.

Workforce records (rotas, attendance, timesheets) may be retained for up to 6 years as required by UK employment law. Organisation owners can export this data at any time from the settings area.

Your rights

Under UK and EU GDPR, you have the following rights with respect to your personal data:

  • AccessRequest a copy of the data we hold about you.
  • RectificationAsk us to correct inaccurate or incomplete data.
  • ErasureRequest deletion of your data (subject to legal retention requirements).
  • PortabilityReceive your data in a structured, machine-readable format.
  • RestrictionAsk us to restrict processing in certain circumstances.
  • ObjectionObject to processing based on legitimate interest.

To exercise any of these rights, email us at help@weekola.com. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

Cookies

We use a small number of cookies essential to the operation of the service:

  • Session cookies to keep you logged in.
  • CSRF tokens to protect form submissions.
  • A preference cookie to remember your dismissed banners.

We do not use third-party advertising or tracking cookies. Analytics data is collected in aggregate form only.

Security

We implement appropriate technical and organisational measures to protect your data, including encryption in transit (TLS), hashed password storage, and role-based access controls. No system is perfectly secure; if you believe your account has been compromised, contact us immediately.

Policy changes

We may update this policy from time to time. If we make material changes, we will notify account holders by email or via an in-app notice before the change takes effect. The effective date at the top of this page reflects the most recent update.

Contact us

For any privacy-related questions or to exercise your rights, please contact us at:

Email us

Also see

Terms of ServiceContact us