CP Hours

Who we are

CP Hours (we, us) provides a work hours registration service for companies. This Privacy Policy explains how we process personal data when you use CP Hours.

What data we process

Account data: email, name, role, company membership.
Work entries: work date, from/to time, break minutes, status, rejection reason.
Audit logs: events about changes (who changed what and when).
Security data: session identifiers, IP/user-agent (if stored), timestamps.

Why we process data

To provide the service (authentication, tenant access, hour registration and approvals).
To keep the service secure (sessions, abuse prevention, investigation).
To maintain an audit trail for accountability (admin/employee changes).
To operate and improve the service (reliability and troubleshooting).

Legal basis

For business customers, processing is typically necessary to perform the contract and to meet legitimate interests in operating a secure, auditable hours system. The customer is usually the data controller for employee data, and CP Hours acts as a processor.

Data sharing

We do not sell personal data. We share data only with service providers needed to run CP Hours (for example: hosting and database providers), and only to the extent required to provide the service.

Data retention

We retain personal data as long as needed to provide the service and meet legitimate operational needs (such as auditability and security), unless a longer retention period is required by law or agreed with the customer.

Security

We use reasonable technical and organizational measures to protect data, including tenant isolation, server-side sessions, and audit logging for key actions.

Your rights

If you are an employee using CP Hours through your employer, please contact your employer first. If you are a customer admin, you can contact us to request access, correction, export, or deletion where applicable.