Core ConsoleEffective: April 21, 2026

Privacy Policy

Last updated: April 21, 2026

1. Introduction

Core Console ("we", "us", or "our") is committed to protecting the privacy of individuals and organizations that use our HR and Work Management platform. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.

By using the Platform, you agree to the collection and use of information as described in this policy.

2. Data We Collect

2.1 Account & Organization Data

  • Organization name, industry, size, and subscription plan
  • Administrator name, work email address, job title, and phone number
  • Billing and payment information (processed securely by our payment provider)

2.2 Employee & HR Data (Customer Data)

This data is entered by your organization and belongs to you:

  • Employee profiles: name, email, job title, department, role
  • Attendance records, leave requests, and work schedules
  • Payroll information, salary details, and bank account data (encrypted)
  • Documents, announcements, and notes uploaded by your team
  • Project assignments, tasks, and time logs (software industry)
  • Industry-specific data (e.g., patient records, shift schedules, inventory)

2.3 Usage & Technical Data

  • Audit logs of administrative actions (who did what, when)
  • Browser type, device information, and IP address
  • Feature usage patterns to improve the Platform
  • Error logs and crash reports

3. How We Use Your Data

  • Service Delivery: To operate and maintain the Platform and its features.
  • Authentication & Security: To verify identities, detect fraud, and protect accounts.
  • Billing: To process subscription payments and send invoices.
  • Support: To respond to queries, diagnose issues, and provide technical assistance.
  • Compliance: To meet legal and regulatory obligations.
  • Improvement: To analyze usage patterns and improve the Platform. We use anonymized, aggregated data only for this purpose.
  • Communications: To send service-related notifications, security alerts, and updates. We do not send unsolicited marketing emails.

4. Multi-Tenant Data Isolation

The Platform uses Row-Level Security (RLS) at the database level to ensure each organization's data is completely isolated. No organization can access another organization's data. All access is scoped to the authenticated user's organization.

Platform super-administrators may access tenant data only for support, audit, or legal compliance purposes, and such access is logged.

5. Data Sharing & Third Parties

We do not sell your data. We may share data with third parties only in the following circumstances:

  • Service Providers: Cloud hosting (database, storage, compute), email delivery, and payment processing. All providers are bound by data processing agreements.
  • Legal Requirements: If required by law, court order, or regulatory authority.
  • Business Transfer: In the event of a merger, acquisition, or sale of assets, with advance notice to users.

6. Data Security

We take data security seriously and implement the following measures:

  • Encryption in Transit: All data transmitted between your browser and our servers uses TLS 1.2 or higher.
  • Encryption at Rest: Sensitive fields (payroll data, bank accounts, SMTP passwords) are encrypted at the database level.
  • Access Control: Role-based access with a 4-tier permission model (Super Admin, Leadership, Manager, Employee).
  • Audit Logs: All significant actions are logged with user identity, timestamp, and action type.
  • Secure Authentication: Powered by Supabase Auth with support for session management and secure token handling.

7. Healthcare Data (HIPAA Considerations)

Organizations using the Healthcare module may store patient-related data. We apply additional controls for such data including stricter access policies and audit trails. If your organization is subject to health data regulations in your jurisdiction, please contact us to discuss a Data Processing Agreement (DPA).

8. Financial Data

Organizations using payroll and financial features may store salary and banking information. This data is encrypted and access is restricted to authorized personnel only. We maintain complete audit trails for all financial data access and modifications.

9. Data Retention

  • Active accounts: Data is retained for the duration of your subscription.
  • After termination: Customer Data is retained for 30 days then permanently deleted, unless legal obligations require longer retention.
  • Audit logs: Retained for 12 months for security and compliance purposes.
  • Anonymized usage analytics: Retained indefinitely in aggregated form.

10. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate data.
  • Deletion: Request deletion of your personal data, subject to legal retention requirements.
  • Portability: Request an export of your Customer Data in a machine-readable format.
  • Objection: Object to certain processing activities.

To exercise any of these rights, contact us at privacy@coreconsole.io. We will respond within 14 business days.

11. Cookies & Tracking

We use strictly necessary cookies to maintain your session and authentication state. We do not use advertising cookies or cross-site tracking. You may configure your browser to block cookies, but this may prevent the Platform from functioning correctly.

12. Email Communications

Each organization configures its own SMTP email server for sending internal communications (invitations, notifications, payslips). We do not access the contents of your email server credentials beyond what is necessary to deliver messages on your behalf. SMTP passwords are stored encrypted.

13. Children's Privacy

The Platform is intended for business use only and is not directed at individuals under the age of 18. We do not knowingly collect personal data from minors.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or an in-platform notice at least 14 days before the changes take effect. Continued use of the Platform after the effective date constitutes acceptance of the updated policy.

15. Contact & Data Controller

For privacy-related inquiries, data requests, or to report a data breach, please contact our Privacy team:

Core Console — Privacy Team

Email: privacy@coreconsole.io

© 2026 Core Console. All rights reserved. · Terms of Service