Privacy Policy
Last updated · 4 June 2026
This Privacy Policy explains how OriginalGuard (“OriginalGuard”, “we”, “us”) collects, uses, shares and protects your personal data when you use the OriginalGuardmobile app, web application and related services (together, the “Service”). It is written primarily under India's Digital Personal Data Protection Act, 2023 (“DPDP Act”) and also addresses the EU/UK General Data Protection Regulation (“GDPR”) where applicable.
1. Who we are
OriginalGuard is a workforce-operations platform for security teams: managing personnel, attendance, shifts, deployments, live tracking, incidents, patrols and leave. The data controller (Data Fiduciary, under the DPDP Act) is OriginalGuard, with its registered office at [Registered business address].
You can reach us about privacy at development@originalguard.com, and our Grievance Officer at development@originalguard.com (see Contact & Grievances).
2. Scope & roles
OriginalGuardis provided to organisations (your employer or operator — the “Workspace”) who invite their staff to use it. This affects how data responsibilities are split:
- Workspace as controller.Your organisation decides what staff data to enter and how to run its operations. For that operational data we act largely as a processor (Data Processor) on the Workspace's instructions.
- OriginalGuard as controller. For account security, authentication, device and session management, product analytics, billing, and keeping the Service safe and reliable, we act as a controller (Data Fiduciary).
If you are a member of a Workspace and want a copy of, or the deletion of, data your employer controls, please also contact your Workspace administrator.
3. Data we collect
We collect only what the Service needs to function. Categories of personal data include:
| Category | Examples |
|---|---|
| Identity & contact | Name, email address, phone number, profile photo, role (guard, supervisor, admin). |
| Employment & profile | Employee identifier, assigned sites/posts, supervisor relationships, employment status, onboarding state, invitation details. |
| Location | Geo-coordinates for attendance check-in/out, patrol checkpoint scans and breadcrumbs, and last-known location for live tracking during shifts. See section 4. |
| Operational activity | Attendance records, shifts and shift swaps, tasks, incident reports, leave requests and balances, patrol logs. |
| Media | Photos and files you upload (e.g. profile pictures, incident evidence). |
| Device & technical | Device identifier and name, platform, app version, push-notification token, IP address, user-agent, and active-session metadata. |
| Usage & logs | Audit-trail events (actions taken, timestamps, IP), notifications and notification preferences, and diagnostic logs. |
| Billing | For Workspace administrators: subscription, plan, invoice and payment status. Card details are handled by our payment processor, not stored by us. |
We do not sell your personal data, and we do not use it for third-party advertising.
4. Location data
Because OriginalGuard verifies that guards are at the right post, location is central to the Service:
- When it's collected. Location is captured when you check in or out, scan a patrol checkpoint, or while you are on an active shift with tracking enabled by your Workspace.
- Foreground & background. Live tracking may use location while the app is in the background during a shift. Your device asks for permission first, and you can revoke it at any time in your device settings (this may limit attendance/tracking features).
- Who sees it.Location is visible to your Workspace's authorised supervisors and administrators for operational oversight, and to you in your own records.
5. Why we use data (purposes & legal bases)
We process personal data for these purposes:
- Provide and operate the Service (accounts, shifts, attendance, tracking, incidents, leave).
- Authenticate you and keep accounts and devices secure.
- Send operational and account notifications.
- Maintain audit trails for safety, accountability and dispute resolution.
- Provide support, fix bugs, and improve reliability and features.
- Process subscriptions and billing for Workspaces.
- Comply with legal obligations and enforce our terms.
Legal bases.Under the DPDP Act we rely on your consent and on “legitimate uses” (such as the purpose for which you provide data in an employment context). Under the GDPR, where it applies, we rely on performance of a contract, our legitimate interests (operating and securing the Service), consent (e.g. certain location/notification permissions), and legal obligation.
6. Sharing & disclosure
We share personal data only as needed to run the Service:
- Your Workspace. Administrators and supervisors in your organisation can access data relevant to managing operations.
- Sub-processors. Vetted vendors that host infrastructure, store media, and deliver notifications and messages on our behalf — see our Sub-processors list.
- Legal & safety. When required by law, regulation, or valid legal process, or to protect rights, safety and the integrity of the Service.
- Business transfers. In a merger, acquisition or asset sale, with continued protection under this Policy.
7. Data retention
We keep personal data only as long as necessary for the purposes above, or as required by law. When you delete your account (see Account Deletion), your profile and operational data are removed from active use. Limited records may be retained in read-only form where the law requires it (for example, statutory payroll or employment records) or to resolve disputes, prevent abuse and enforce our agreements. Backups are rotated and expire on a regular schedule.
8. Security
We protect data with industry-standard measures including encryption in transit (TLS), encrypted password storage (Argon2id), token-based sessions with rotation and revocation, strict access controls, multi-tenant isolation, rate limiting and audit logging. Read more on our Security page. No system is perfectly secure, so we also ask you to keep your credentials and devices safe.
9. Your rights
Subject to applicable law, you have the right to access, correct, update and delete your personal data, to withdraw consent, and to raise a grievance. Under the DPDP Act you are a “Data Principal” with the right to access, correction and erasure, grievance redressal, and to nominate another person to exercise your rights. Under the GDPR you may additionally have rights to restrict or object to processing and to data portability.
- Access / export. Download a copy of your data in-app via Profile → Download my data, which produces a portable export of the records we hold about you.
- Correction. Update your profile in-app, or ask your Workspace administrator for operational records.
- Erasure. Delete your account in-app, or follow Account Deletion / Data Deletion.
- Grievances. Contact our Grievance Officer at development@originalguard.com. We will respond within the timeframes required by applicable law.
You may also lodge a complaint with the Data Protection Board of India or, in the EU/UK, your local supervisory authority.
10. Children
The Service is intended for use by working professionals and is not directed at children. We do not knowingly collect personal data from children. Under the DPDP Act, processing a child's data requires verifiable parental consent; if you believe a child has provided us data, contact development@originalguard.com and we will delete it.
11. International transfers
We and our sub-processors may process data in countries other than your own. Where we transfer personal data internationally, we use safeguards consistent with applicable law (such as contractual protections) and only transfer to jurisdictions permitted under the DPDP Act and, where relevant, the GDPR.
12. Changes to this Policy
We may update this Policy from time to time. Material changes will be notified in-app or by email. The “Last updated” date above reflects the current version; continued use of the Service after an update means you accept the revised Policy.
13. Contact us
Privacy & data requests: development@originalguard.com
Grievance Officer: development@originalguard.com
Postal: OriginalGuard, [Registered business address]