← Back to WeERM

WeERM Privacy Policy

Version 1.1 · Effective June 1, 2026 · Last updated June 18, 2026

This Privacy Policy explains how Mutor Biz (“Mutor Biz,” “we,” “us”), the operator of the WeERM platform (the “Service”), collects, uses, and shares information. It applies to our websites, web applications, and mobile applications. Please also read our Terms and Conditions.

1. Our Role: Controller vs. Processor

For employee and workplace data submitted by or generated for an employer (“Company”) — such as time entries, location readings, leave, payroll inputs, and messages — the Company is the data controller and Mutor Biz acts as a processor that handles the data on the Company’s behalf and under its instructions. For information about Company administrators, account owners, billing contacts, and visitors to our marketing site, Mutor Biz acts as the controller. If you are an employee, please direct privacy requests to your employer first; we will assist the employer as its processor.

2. Information We Collect

  • Account & profile: name, email, phone, display name, job title, role/scope, worksite and team assignment, and authentication identifiers (including from Google or Microsoft single sign-on).
  • Time & attendance: clock-in/out and break events, worked hours, and the geofence status of each event.
  • Location: a single device location reading (latitude, longitude, and accuracy) captured at the moment of a clock or break action — see Section 3.
  • Leave & scheduling: leave requests, balances, approvals, and calendar entries.
  • Payroll inputs: pay-rate or salary figures and derived summary figures that your employer configures (these are informational only).
  • Communications: Ask HR threads and direct/team/project chat messages, and report flags you submit.
  • Documents: policy files an administrator uploads and your views of them.
  • Billing: subscription and seat information; card payments are processed by Stripe and we do not store full card numbers.
  • Device & usage: IP address, device/browser type, log and diagnostic data, and audit records of actions taken in the Service.

3. Location Data — How and When

By default, the WeERM mobile app requests “while using the app” location permission and captures a location reading only at the moment you tap Start Work, End Work, Break Start, or Break End, to confirm whether the clock event occurred within your employer’s configured worksite geofence. By default we do not collect location continuously or in the background, and we do not track your movements between those actions.

Optional “Clock reminders” (off by default). If you choose to turn on Clock reminders in the app, WeERM uses background (“Always”) location to detect when you arrive at or leave your assigned worksite and shows you a reminder to clock in or out. This feature is strictly opt-in: it stays off unless you enable it, it only monitors your worksite’s geofence (not your detailed movements or location history), the reminders are generated on your device, and you can turn it off at any time in the app or revoke the permission in your device settings. You can disable location permission entirely, though your employer may require the on-tap location for clocking in.

4. How We Use Information

We use information to:

  • provide, operate, secure, and support the Service;
  • authenticate users, enforce roles and multi-tenant isolation, and maintain audit logs;
  • calculate informational time, leave, and payroll summaries for the employer’s review;
  • deliver transactional emails and in-app notifications;
  • process subscriptions and prevent fraud and abuse;
  • diagnose problems, improve the Service, and comply with legal obligations.

We do not sell personal information, and we do not use employee workplace data for advertising.

5. How We Share Information

We share information only as needed:

  • With your employer: administrators and authorized supervisors can see workplace data within their scope (for example, attendance, leave, and reported messages).
  • Service providers (sub-processors): Supabase (cloud hosting, database, authentication, and file storage), Stripe (payments), Resend (email delivery), Google and Microsoft (single sign-on), and a mapping provider (to display worksite maps). They may process data only to provide their services to us.
  • Legal & safety: when required by law, to enforce our Terms, or to protect rights and safety.
  • Business transfers: in connection with a merger, acquisition, or sale of assets, subject to this Policy.

6. Data Retention

We retain Customer Data for as long as the Company’s account is active and as the Company directs. Audit logs are retained for approximately three years. When a Company closes its account, its data is archived and then removed in accordance with our retention practices, except where longer retention is required by law or for dispute resolution.

7. Security

We use technical and organizational measures to protect information, including encryption in transit, row-level security for tenant isolation, scoped access controls, and least-privilege handling of administrative keys. No method of transmission or storage is completely secure, and you are responsible for keeping your credentials confidential.

8. Your Privacy Rights

Depending on where you live, you may have rights to access, correct, delete, or obtain a copy of your personal information, and to opt out of any “sale” or “sharing” of personal information (we do not sell or share for cross-context behavioral advertising). California residents have these rights under the CCPA/CPRA and the right not to be discriminated against for exercising them. Because much workplace data is controlled by your employer, employees should submit requests to their employer; for data we control, contact us using Section 11. We will verify requests before acting on them.

9. Cookies and Analytics

We use strictly necessary cookies to keep you signed in and to operate the Service. If we enable product or website analytics in the future, we will use it to understand usage and improve the Service and will update this Policy accordingly.

10. Children and Data Location

The Service is intended for workplace use and is not directed to children under 16, and we do not knowingly collect their information. The Service is operated from, and information is stored in, the United States.

11. Changes and Contact

We may update this Policy from time to time; we will revise the version and effective date above and may provide additional notice for material changes. For privacy questions or requests, contact Mutor Biz, the operator of WeERM, at info@weerm.com.

See also our Terms and Conditions. Back to WeERM →
Privacy Policy — WeERM