Privacy Policy

Cethos Time Clock is operated by Cethos Solutions Inc. (“we”, “us”) for the purpose of recording the working hours, breaks, and pay for our employees and contractors. The app is provided to staff at our cost centers (Cethos Solutions Inc. and 12537494 Canada Inc.).

• Account information — your full name, email address, phone number, employment role, timezone, and (optionally) home address and avatar.
• Time tracking events — when you clock in, clock out, and start or end a break, along with which job site you were working from.
• Location at the time of an event — latitude, longitude, accuracy, and (where available) the Wi-Fi SSID. We use this only to verify on-site presence at the moment you tap clock in / clock out / start break / end break. We do not track your location continuously or in the background.
• Push tokens — anonymous identifiers issued by Apple Push Notification service or Firebase Cloud Messaging so we can send you reminders (e.g. break ending soon).
• Payroll records — paystubs, deductions, and CRA-required tax data for employees on payroll. SIN is encrypted at rest and access is logged.

• To record work hours and produce accurate paystubs.
• To verify that clock-in events occurred at an assigned job site.
• To remit Canada Revenue Agency (CRA) source deductions.
• To deliver in-app reminders (breaks, schedule changes).
• To respond to user requests (timesheet edits, leave approvals, password resets).

We do not sell, rent, or trade your information. We do not use your data for advertising. Aggregated, de-identified statistics may be used internally for staffing and operations planning.

Records are stored in a Supabase Postgres database hosted in Canada (ca-central-1). Files (paystub PDFs, identification scans) are stored in Supabase Storage in the same region. The web admin surface is hosted on Vercel.

We retain time tracking and payroll data for the period required by Canadian provincial Employment Standards and CRA tax record retention rules — typically six (6) years from the end of the calendar year to which the records relate.

• You — your own time entries, paystubs, leave balances, and personal documents through the app.
• HR and admin staff at your employer cost center, scoped via Postgres row-level security.
• Our payroll engine — server-side only, used to compute CRA-compliant deductions.
• Government authorities — only when legally required (CRA filings, court order, etc.).

You can request a copy of your personal data, ask for corrections, or ask us to delete data not subject to a statutory retention rule. Contact hr@cethos.com and we will respond within 30 days.

You may revoke push notification or location permissions at any time from your device settings. Revoking location will prevent clock-in / out actions because on-site verification is part of the timekeeping policy.

Authentication is handled by Supabase Auth with refresh-token rotation. SIN values are encrypted at rest in Postgres. All traffic uses HTTPS. Access to admin functions requires the “hr”, “admin”, or “superadmin” role on a profile and is enforced both at the API layer and via row-level security in the database.

If we make material changes we will update the “Last updated” date at the top of this page and notify active users in the app. Continued use of the app after a change constitutes acceptance.

Cethos Solutions Inc.
421, 7th Ave SW, Floor 30
Calgary, AB T2P 4K9
Canada
hr@cethos.com