Privacy Policy
Last updated: June 29, 2026
One section pending confirmation. Section 9 (International Transfers) is awaiting
confirmation of the specific transfer safeguards used by each processor. All other sections, including the
identity of the data controller, are final. Questions:
privacy@wrokapp.com.
1. Introduction
Wrok ("Wrok", "we", "our", "us") is a shift scheduling and team management application for employers and their teams. We are committed to protecting your personal data and respecting your privacy in accordance with the General Data Protection Regulation (GDPR) and applicable national data protection laws. Our website is wrokapp.com.
This policy explains what personal data we collect, why we collect it, the lawful basis for each use, who we share it with, how long we keep it, and the rights you have over it.
2. Data Controller
The data controller responsible for your personal data is:
- Legal name: Tomislav Planinić, operating as a sole trader (natural person)
- Jurisdiction: Republic of Croatia (European Union)
- Contact email: support@wrokapp.com
- Privacy contact: privacy@wrokapp.com
- Postal address: Available on request via privacy@wrokapp.com
- Data Protection Officer / EU representative: Not applicable. Wrok is operated by a controller established within the EU and does not meet the Art. 37 GDPR criteria requiring a designated DPO.
Where your employer (the Boss who created the workplace) uploads or manages data about you as part of running their workplace, that employer may act as a separate or joint controller for employment record-keeping purposes. In that case the employer is responsible for the lawfulness of its own use of your data, and you may also direct requests to them.
3. Personal Data We Collect
We collect and process the following categories of personal data:
- Account data: Name, email address (Boss accounts), username, and an encrypted (hashed) password. For Shift Managers: name, username, assigned workplace, and permission settings.
- Schedule and employment data: Workplace assignments, shift preferences, experience level, work schedules, timetables, worked hours, shift swap and day-off requests, attendance and clock-in records, and tasks.
- Sick and vacation data (special category): Records that you are on sick leave or vacation, and the associated dates. Because data revealing that a person is on sick leave can concern a person's health, we treat sick/vacation records as special-category data under Article 9 GDPR and apply the additional safeguards described in Section 5.
- Push notification tokens: Firebase Cloud Messaging (FCM) device tokens, only if you opt in to push notifications.
- Device and usage data: Device operating system and version, and (only if you consent to analytics) anonymized in-app usage events such as which features are used. Crash and error diagnostics (stack traces, app state at the time of an error, device model, OS version) are collected to keep the app stable.
- Communication data: Messages sent within the in-app messaging system, and in-app notification history (read/unread status, type, workplace association).
- Location data: GPS coordinates, only when you actively use the clock-in/check-in feature and only with your explicit consent.
- Purchase data: Subscription tier, payment status, and billing dates. Payment processing is handled by Google Play on Android and by Stripe on the web. We never store your full card number, CVV, or full card details. We receive only a confirmation of your purchase and subscription status through RevenueCat (Android) or Stripe (web).
- Invite code data: Generated invite codes for onboarding workers and shift managers, including associated workplace and permission configuration. Codes expire automatically after 15 minutes.
- Consent records: Your consent choices for the privacy policy, analytics, crash reporting, and push notifications, with a timestamp, policy version, and basic device information.
4. Purposes and Lawful Bases
We only process your personal data where we have a lawful basis under the GDPR. The table below maps each category to its purpose and lawful basis.
| Data | Purpose | Lawful basis |
| Account data |
Create and operate your account; authenticate you; provide the service. |
Contract (Art. 6(1)(b)). |
| Schedule and employment data |
Generate schedules, manage shifts, swaps, day-off requests, attendance and tasks. |
Contract (Art. 6(1)(b)); for the employer's workforce management, legitimate interest (Art. 6(1)(f)). |
| Sick and vacation data (special category) |
Record leave so the workplace can be staffed and managed. |
Art. 6(1)(b) plus Art. 9(2)(b) (processing necessary for carrying out obligations and exercising rights in the field of employment law). |
| Push notification tokens |
Deliver push notifications about schedule changes, swaps, and workplace events. |
Consent (Art. 6(1)(a)) - you opt in. |
| Crash and error reporting |
Detect, diagnose, and fix crashes and errors to keep the app stable and secure. |
Legitimate interest (Art. 6(1)(f)). On by default with an easy opt-out in settings. |
| Usage analytics |
Understand how the app is used and improve it (anonymized events only). |
Consent (Art. 6(1)(a)) - strictly opt-in, off by default. |
| Location data (clock-in) |
Verify workplace attendance when you check in. |
Consent (Art. 6(1)(a)) - only when you trigger check-in. |
| Purchase data |
Manage subscriptions and provide access to paid features. |
Contract (Art. 6(1)(b)). |
| Retained worker record after deactivation |
Keep a deactivated worker's name and work history so the employer can continue to manage the workplace and meet record-keeping obligations. |
Legitimate interest and employment record-keeping (Art. 6(1)(f); Art. 6(1)(c) where a legal retention duty applies). See Section 7. |
| Consent records |
Demonstrate that consent was obtained and honour your choices. |
Legal obligation / legitimate interest (Art. 6(1)(c) and (f)). |
5. Special-Category (Health) Data: Sick and Vacation
A record that a worker is on sick leave can reveal information about that person's health and is therefore special-category data under Article 9 GDPR. We process this data on the basis of Article 9(2)(b): processing is necessary for the purposes of carrying out the obligations and exercising the specific rights of the employer or the worker in the field of employment law, as authorised by EU or national law. We collect only what is needed to manage staffing (that a person is absent and the dates) and apply role-based access controls so that only authorised people in the workplace can see it. We do not collect medical diagnoses or doctor's notes through the app.
6. Data Sharing Between Roles
To enable workplace management, certain data is visible to other roles within the same workplace:
- Boss accounts can view worker and shift manager data within their workplaces, including names, schedules, and attendance.
- Shift Manager accounts can view worker data within their assigned workplace only, limited by the permissions granted by the Boss.
- Worker accounts can see the names of coworkers within their workplace for shift swap purposes.
7. Data Retention
We keep personal data only as long as necessary for the purposes for which it was collected, and then delete or anonymize it, unless a longer period is required by law.
- Active accounts: Data is retained while your account is active and you use the service.
- Boss account deletion: When a Boss deletes their account, the associated workplaces, workers, schedules, and messages are permanently deleted (full erasure).
- Worker account deletion (important): When a worker deletes their account, the account is deactivated: login is disabled and personal login/preference data is removed. However, the worker's name and work history (timetables and past shifts) are intentionally retained so the employer can keep managing the workplace and meet employment record-keeping obligations. This is done on the basis of the employer's legitimate interest and, where applicable, a legal retention duty. This retained record is erased once it is no longer needed for those purposes, or at the end of any applicable legal retention period.
- Invite codes: Expire after 15 minutes; any retained record contains no personal data beyond workplace association.
- Crash, analytics, and consent records: Retained only as long as needed for diagnostics, product improvement, and to evidence consent.
8. Processors and Third-Party Services
We use the following processors and service providers. Each processes data only on our instructions under a data processing agreement (DPA), except payment providers who act as independent controllers for payment data.
- Firebase Analytics (Google): Anonymized usage analytics, only if you consent.
- Firebase Crashlytics (Google): Crash and error reporting on mobile (legitimate interest, opt-out available).
- Firebase Cloud Messaging (Google): Push notification delivery, only if you opt in.
- Google Sign-In (Google): Optional authentication for Boss accounts; we receive your name and email from Google and no other account data.
- RevenueCat: Subscription management; receives an anonymous user ID and purchase data. See RevenueCat's privacy policy.
- Sentry (EU region): Crash and error reporting for the web app (legitimate interest, opt-out available); processed in the EU region.
- Railway / PostgreSQL: Cloud hosting of our backend services and database.
- Resend: Sending transactional emails (for example welcome and password-reset emails).
- Google Play Billing and Stripe: Payment processing on Android and web respectively; they handle your payment details directly as independent controllers and we never store your full card details.
- Cloudflare: DNS, CDN, and security in front of our services.
We do not sell your personal data.
9. International Transfers
Some of the processors above may process data outside the European Economic Area (EEA). Where that happens, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (SCCs) and the relevant data processing agreements (DPAs). [CONFIRM SPECIFIC TRANSFER MECHANISM AND PROCESSOR LOCATIONS]. You can request a copy of the relevant safeguards by contacting privacy@wrokapp.com.
10. Your Rights
Under the GDPR you have the right to:
- Access and portability: Request a copy of your personal data, including in a structured, machine-readable format. You can export your data directly in the app's settings.
- Erasure: Request deletion of your personal data. You can delete your account in the app's settings. Note the retention caveat in Section 7: when a worker deletes their account, the name and work history are retained for the employer's legitimate interest and any legal retention period, and are erased once no longer needed.
- Rectification: Correct inaccurate data, for example by editing your profile.
- Withdraw consent: Withdraw consent for optional processing (analytics, push notifications, location) at any time in the app's Privacy & Legal settings, without affecting processing already carried out.
- Object and restrict: Object to processing based on legitimate interest, and request restriction in certain circumstances.
- Complain: Lodge a complaint with a data protection supervisory authority in your country of residence or work.
You can exercise export and account-deletion rights directly in the app. For any other request, contact privacy@wrokapp.com.
11. Data Security
- Passwords are hashed using BCrypt and never stored in plain text.
- All communication is encrypted via HTTPS/TLS.
- JWT-based authentication with role-specific claims and limited token lifetimes.
- Role-based access control limits each user to data relevant to their role and workplace.
- Database access is restricted and connection-pooled.
12. Cookies and Tracking
The mobile application does not use cookies. Analytics and crash reporting are governed by the bases in Section 4: analytics is strictly opt-in, and crash reporting runs on legitimate interest with an opt-out. You can change these choices at any time in the app's Privacy & Legal settings. The web app presents a cookie/consent banner for tracking preferences.
13. Children's Privacy
Wrok is not intended for anyone under the age of 16. We do not knowingly collect data from children.
14. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes through the app or by email. The "Last updated" date above indicates the most recent revision.
15. Contact Us
If you have questions about this Privacy Policy or wish to exercise your rights, contact us at privacy@wrokapp.com.