This Privacy Policy describes how RubanHR, a product of Ruban Softwares ("we", "our", or "us"), collects, uses, stores, and protects information when you use our HR & Payroll SaaS platform available at rubansoftwares.com/work-pulse ("Service"). By using the Service you agree to the practices described in this policy.
1. Information We Collect
1.1 Account & Company Information
- Company name, industry, address, phone, website
- Administrator name, work email address, password (stored as bcrypt hash — never in plain text)
- Billing details: plan selected, payment method token (we do not store full card numbers; payments are processed by Razorpay)
1.2 Employee Data (entered by your HR team)
- Personal details: name, date of birth, gender, contact information, address
- Employment details: designation, department, joining date, employee code
- Payroll data: CTC, salary components, PF/ESI/PT/TDS deductions, bank account details
- Attendance and leave records
- Performance reviews and appraisal notes
- Documents uploaded to the document vault (contracts, ID copies, etc.)
1.3 Usage Data
- IP address, browser type, operating system, pages visited, session duration
- Actions recorded in the audit log (which admin performed which operation and when)
- API key usage timestamps
2. How We Use Your Information
- Service delivery — to operate payroll, attendance, leave management, and all other HR modules
- Billing — to process subscription payments and send invoices via Razorpay
- Communication — to send transactional emails (payslips, leave approvals, onboarding credentials) and platform notifications (trial expiry, payment reminders)
- Security — to detect and prevent fraud, unauthorized access, and abuse
- Product improvement — aggregated, anonymized usage analytics to improve features
- Legal compliance — to comply with Indian laws including the Information Technology Act, 2000 and applicable tax regulations
We do not sell or rent your data to third parties for marketing purposes.
3. Data Sharing & Third Parties
- Razorpay — payment processing. Governed by Razorpay's privacy policy.
- SMTP provider — your configured SMTP credentials are used to send emails on your behalf; email content may pass through your chosen provider's servers.
- WhatsApp / WATI — if you configure WhatsApp notifications, message content is transmitted through WATI's API.
- Hosting infrastructure — servers and databases are operated by trusted cloud providers under data processing agreements.
- Legal requirement — we may disclose information if required by law, court order, or government authority.
4. Data Retention
We retain your data for as long as your account is active. Upon account termination:
- Active data is soft-deleted immediately
- Backups are purged within 90 days
- Payroll and statutory records may be retained for up to 8 years as required by Indian labour laws
You may request earlier deletion by contacting us (see Section 9).
5. Data Security
- All passwords are hashed with bcrypt (PHP
PASSWORD_DEFAULT)
- Sessions use httpOnly, SameSite=Strict cookies with a 30-minute idle timeout
- CSRF tokens protect every state-changing request
- HTTPS is enforced on production deployments
- API keys are stored as SHA-256 tokens and shown only once at generation
- Access to databases is restricted to application servers; no public database ports are exposed
No method of transmission over the internet is 100% secure. We implement industry-standard measures but cannot guarantee absolute security.
6. Employee Data & Your Responsibilities
RubanHR is a data processor acting on your (the employer's) instructions. You are the data controller for all employee personal data entered into the platform. You are responsible for:
- Obtaining necessary consent from employees to process their personal data
- Complying with applicable data protection laws in your jurisdiction
- Ensuring accuracy of employee data entered into the system
7. Cookies
We use session cookies to maintain login state. No tracking or advertising cookies are set. The public landing page does not use any third-party analytics scripts.
8. Children's Privacy
The Service is intended for businesses and is not directed at persons under 18 years of age. We do not knowingly collect personal data from minors.
9. Your Rights & Contact
You may request access to, correction of, or deletion of your personal data at any time. To exercise these rights or for any privacy-related queries:
We will respond to requests within 30 days.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you by email or via an in-app notice at least 7 days before material changes take effect. Continued use of the Service after the effective date constitutes acceptance of the revised policy.
11. Governing Law
This Privacy Policy is governed by the laws of India, including the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. Disputes are subject to the exclusive jurisdiction of courts in Chennai, Tamil Nadu, India.