Back to Home

Privacy Policy

Last Updated: April 28, 2026

1. Introduction

TeamLyf, Inc. ("Company," "we," or "us") respects your privacy. This Privacy Policy explains how we collect, use, process, and protect your information when you use our Service. It applies to all users, including employees and administrators.

2. Information We Collect

  • Account Data: Email, password (hashed), name, profile image, tenant details (name, subdomain, storage limits).
  • Personal Information: First/last name, preferred name, phone number, address, date of birth, gender, emergency contact details (name, relationship, phone, address).
  • Employment Data: Employee number, job title, hire date, reports-to relationship, employment status, termination date.
  • Communication Data: Messages, file attachments, mentions, threaded conversations, presence status.
  • Usage Data: IP addresses, user agents, session logs, activity logs (actions, timestamps), audit trails (entity changes with old/new values).
  • Billing Data: Subscription details, payment information processed via Polar.sh and Paystack (we do not store full payment details).
  • Third-Party Data: From OAuth (Google: email, name, image); LiveKit (call metadata); file storage (uploaded files).
  • Cookies and Tracking: HttpOnly cookies for JWT tokens; session tracking for security.

3. How We Use Information

  • Service Provision: To authenticate users, manage tenants/members, enable collaboration features, and process billing.
  • Communication: To send transactional emails via Resend/Zeptomail and facilitate real-time messaging.
  • Security: To monitor for threats, log activities, and enforce access controls.
  • Analytics: To improve the Service and track usage (no personal data shared with analytics without consent).
  • Legal Compliance: To respond to legal requests or enforce Terms.

4. Information Sharing and Disclosure

  • Third Parties: We share data with service providers (e.g., Cloudflare R2 for storage, LiveKit for calls, Polar/Paystack for billing) only as necessary for operations. All providers are bound by data processing agreements.
  • Legal Requirements: We may disclose data if required by law, subpoena, or to protect rights/safety.
  • Business Transfers: In mergers/acquisitions, data may be transferred.
  • No Sale: We do not sell personal data.

5. Data Storage and Security

  • Storage: Data is stored in PostgreSQL databases with encryption at rest. Files are stored in Cloudflare R2 or AWS S3 with secure URLs. Logs are retained for 1 year.
  • Protection: Argon2 hashing for passwords; TLS 1.3 for transmission; RBAC for access; audit logging; rate limiting; monitoring via Logtail.
  • Retention: User data retained during active use; deleted upon account termination or per legal requirements (e.g., 7 years for HR data in some jurisdictions).

6. Your Rights

  • Access: Request a copy of your data via account settings or email.
  • Correction: Update personal information in your profile.
  • Deletion: Request erasure of your data (subject to legal/business needs).
  • Portability: Export your data in a structured format.
  • Opt-Out: Withdraw consent for non-essential processing (e.g., marketing).

7. International Data Transfers

Data may be transferred to servers in the US/EU. We ensure adequate protection via standard contractual clauses.

8. Children's Privacy

The Service is not intended for children under 13. We do not knowingly collect data from minors.

9. Changes to Policy

We may update this Policy with notice. Continued use implies acceptance.

10. Contact

For privacy inquiries, contact privacy@getteamlyf.com.