Privacy Policy
Effective 2026-05-01
JambaHR Privacy Policy
Effective Date: 2026-05-01
Last Updated: 2026-05-01
Welcome to JambaHR ("JambaHR," "we," "our," or "us").
JambaHR is a Software-as-a-Service ("SaaS") platform designed to help businesses manage human resource functions including but not limited to employee records, attendance tracking, leave management, payroll integrations, performance management, recruitment, onboarding, document storage, compliance workflows, and other HR-related operations.
This Privacy Policy explains how we collect, use, store, process, and protect personal information when organizations use JambaHR.
By accessing or using JambaHR, you agree to the practices described in this Privacy Policy.
1. Information We Collect
We may collect the following categories of information:
A. Organization Information
When a company signs up for JambaHR, we may collect:
- Company name
- Business address
- GST/business registration details
- Admin contact information
- Billing details
- Subscription/payment information
B. Employee Information (Uploaded by Client Organizations)
Organizations using JambaHR may upload employee-related information including:
- Full name
- Email address
- Phone number
- Employee ID
- Department details
- Salary/payroll-related records
- Attendance data
- Leave records
- Performance reviews
- Identification documents
- Offer letters/contracts
- Tax documents
- Emergency contact details
- Any other HR-related documentation uploaded by the employer
This employee data is uploaded and controlled by the client organization.
C. Usage Information
We may automatically collect:
- IP address
- Browser type
- Device information
- Login timestamps
- Platform usage activity
- Audit logs
- Cookies/session data
2. Our Role as a Data Processor
JambaHR primarily acts as a data processor/service provider.
The organization using JambaHR ("Client Organization") acts as the data controller/data fiduciary, and determines:
- What employee data is uploaded
- Who can access employee data
- How long employee data is retained
- How employee information is managed internally
JambaHR processes employee data only based on instructions provided by the client organization.
3. How We Use Information
We use information to:
- Provide HR management services
- Maintain employee records
- Enable payroll workflows
- Manage leave and attendance
- Facilitate recruitment processes
- Improve platform performance
- Provide customer support
- Maintain security logs
- Comply with legal obligations
We do not sell employee data.
We do not monetize employee information.
We do not share employee information with unrelated third parties for marketing purposes.
4. Strict Data Access Limitations
One of JambaHR's core privacy commitments is strict internal data isolation.
Employee Data Visibility
Employee data remains private within the client organization.
Access is restricted through:
- Role-based access control (RBAC)
- Department-level permissions
- Column-level access restrictions
- User authentication protocols
- Internal access controls configured by the client organization
Example:
A recruiter may only see hiring-related data.
A payroll administrator may only see compensation data.
Managers may only view team-specific information.
JambaHR Internal Team Access Restrictions
JambaHR employees, contractors, founders, and administrators do not have unrestricted access to employee data.
Even company owners/founders of JambaHR are not permitted to access confidential employee records unless:
- Explicitly authorized by the client organization
- Required for technical troubleshooting
- Required by law
- Necessary for security investigations
Such access, if ever granted:
- Is temporary
- Is logged
- Is audited
- Is minimized to the least amount necessary
5. Data Security
We take security seriously and implement industry-standard protections including:
- Encryption of data in transit (SSL/TLS)
- Encryption of data at rest
- Secure cloud infrastructure
- Access logging
- Multi-factor authentication where applicable
- Role-level security
- Column-level security
- Regular vulnerability monitoring
- Backup systems
- Disaster recovery mechanisms
- Secure API protocols
While no digital system is 100% immune to risks, we continuously work to maintain high security standards.
6. Data Sharing
We may share limited information only with:
Service Providers
Third-party vendors that help us operate our platform, such as:
- Cloud hosting providers
- Payment processors
- Analytics providers
- Email service providers
These providers are contractually obligated to maintain confidentiality.
Legal Requirements
We may disclose information if required by:
- Court orders
- Government authorities
- Legal investigations
- Regulatory obligations
Business Transfers
If JambaHR undergoes merger, acquisition, or restructuring, user data may be transferred subject to confidentiality obligations.
7. Client Responsibilities
Organizations using JambaHR are responsible for:
- Uploading lawful employee data
- Obtaining necessary employee consent where required
- Maintaining confidentiality of login credentials
- Assigning appropriate access permissions
- Following internal privacy policies
- Ensuring authorized personnel use JambaHR responsibly
Client organizations must ensure that employee information remains confidential within their own internal teams.
Improper internal sharing by client employees is outside JambaHR's liability.
8. Data Retention
We retain data:
- For as long as the client maintains an active subscription
- As required for legal obligations
- For backup and disaster recovery purposes
- Until deletion is requested by the client
Upon account termination:
- Data may be deleted after a defined retention period
- Certain records may be retained where legally required
9. Employee Rights
Where applicable under law, employees may have rights to:
- Access their personal information
- Request corrections
- Request deletion
- Withdraw consent
- Request portability of data
These requests should typically be directed to the employer (client organization), which controls employee data.
Cookies
JambaHR uses cookies and similar tracking technologies for the following purposes:
- Session authentication — keeping you signed in securely across page loads.
- Security — detecting and preventing fraudulent or abusive requests.
- Performance optimization — caching responses to improve load times.
- Product analytics — we use PostHog to collect anonymised usage data (page views, feature interactions, session replays). PostHog analytics cookies help us understand how users navigate the platform so we can improve it. No data is sold or shared with third-party advertisers.
We do not use third-party advertising or retargeting cookies.
You can change your cookie preference at any time using the Cookie settings link in the footer of the site. You may also manage or delete cookies through your browser settings; note that disabling session cookies will prevent you from signing in.
11. International Data Transfers
If data is processed outside the user's country, we ensure reasonable safeguards are in place consistent with applicable law.
12. Children's Privacy
JambaHR is not intended for individuals under 18 years of age.
We do not knowingly collect data from minors.
13. Limitation of Liability
JambaHR shall not be liable for privacy breaches caused by:
- Misconfigured permissions by the client organization
- Unauthorized sharing by client employees
- Weak passwords
- Negligence by client administrators
Clients are responsible for properly managing their internal HR privacy workflows.
14. Changes to This Policy
We may update this Privacy Policy periodically.
We will notify users of material changes via:
- Platform notifications
- Website updates
15. Contact Information
For privacy-related concerns, contact:
JambaHR Privacy Team
Email: support@jambahr.com
Website: jambahr.com