Table of Contents
Summary: TOD 360 AI is a B2B tool — we collect data on behalf of your employer (our customer). Your employer is the data controller; we are the data processor. We do not sell your data.
1. Overview
This Privacy Policy explains how RDBYTES ("we", "us", "our") collects, uses, stores, and shares personal information when you use TOD 360 AI ("Service").
TOD 360 AI is a business-to-business (B2B) Software-as-a-Service platform. We provide the Service to organisations ("Customers") who use it to manage their workforce. Individual employees whose data is processed through the Service are referred to as "End Users".
In this context:
- The Customer (your employer) is the data controller — they determine what data is collected and why.
- We (RDBYTES) are the data processor — we process data on the Customer's behalf, as instructed.
If you are an employee whose data is being processed, please contact your employer for information about their specific monitoring practices and policies.
2. Information We Collect
2.1 Account & Organisation Data (from Customers)
| Data Type | Examples | Purpose |
|---|---|---|
| Organisation details | Company name, address, GST, logo | Account setup, billing, invoices |
| Admin contact | Name, email address | Account access, notifications |
| Payment information | Processed via Razorpay; we store only last 4 digits, card type, billing name | Subscription billing |
| Usage data | Pages visited, features used, API calls | Service improvement, troubleshooting |
2.2 Employee / End User Data (processed on behalf of Customers)
| Data Type | Examples | Collected By |
|---|---|---|
| Identity | Full name, email, employee ID, role | Admin during onboarding |
| Attendance | Punch-in/out timestamps, location (if field tracking enabled) | Desktop agent / mobile app |
| Activity logs | Active/idle/productive seconds per day | Desktop agent (Windows) |
| Application & URL usage | Application names and usage duration, website domains visited | Desktop agent (Windows) |
| Screenshots | Periodic desktop screenshots (frequency set by employer) | Desktop agent (Windows) |
| HR & payroll data | Salary, bank details, leave records, performance scores | Admin / HR manager |
| Device information | Device name, OS, IP address at time of activity | Desktop agent / mobile app |
| GPS coordinates | Location during field check-ins (if enabled) | Mobile app (with permission) |
2.3 Technical Data (automatically collected)
- Browser type, operating system, screen resolution
- IP address and approximate geolocation (city level)
- Session cookies and authentication tokens
- Server-side error logs (retained for 30 days)
3. How We Use Information
We use collected information to:
- Provide the Service — deliver all features, process activity data, generate reports
- Billing & Payments — process subscriptions, generate invoices, manage payment history
- Communication — send transactional emails (invoices, alerts, account notifications)
- Security — detect fraud, abuse, and unauthorised access
- Support — diagnose issues, respond to support tickets
- Service improvement — analyse usage patterns to improve features (using aggregated, anonymised data only)
- Legal compliance — comply with applicable laws, court orders, or regulatory requirements
We do not use Employee data for advertising, profiling for external purposes, or selling to third parties.
4. Employee Monitoring Data
Important: TOD 360 AI is a workplace monitoring tool. Monitoring only occurs on devices enrolled by your employer. All monitoring data belongs to and is controlled by your employer.
4.1 What is monitored
The desktop agent (installed on Windows computers) can, when configured by the employer, collect:
- Time spent on applications (by application name)
- Websites visited (domain name only, not full URLs or content)
- Keyboard/mouse activity levels (not keystrokes themselves)
- Desktop screenshots at intervals set by the employer (typically every 5–30 minutes)
- Attendance via manual or automatic punch-in/out
4.2 What is NOT monitored
- Keystrokes or typed content
- Email content or private messages
- Personal devices not enrolled by the employer
- Activity outside working hours (unless the agent is running)
- Audio or video surveillance
4.3 Employee notice
The desktop agent displays a system tray icon that is visible at all times when monitoring is active. Employers are contractually required to inform employees of monitoring before deployment. Employees can see their own data through the Employee Portal.
6. Data Security
We implement technical and organisational measures to protect your data. See our Security page for full details. Key measures include:
- HTTPS/TLS encryption for all data in transit
- Encrypted storage for sensitive fields (passwords, tokens)
- Access controls and role-based permissions
- Regular security assessments and dependency updates
- AWS infrastructure hosted in the ap-south-1 (Mumbai) region
7. Data Retention
- Active subscriptions: Data retained for the duration of the subscription.
- After cancellation: Data retained for 30 days, then permanently deleted unless export is requested.
- Payment records: Retained for 7 years as required by Indian tax law.
- Server logs: Retained for 30 days for security and debugging purposes.
- Backup copies: May persist for up to 90 days in encrypted backups after deletion from primary storage.
8. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Access: Request a copy of data we hold about you
- Correction: Request correction of inaccurate data
- Deletion: Request deletion of your data (subject to legal retention obligations)
- Portability: Receive your data in a machine-readable format
- Objection: Object to certain processing activities
For employees: Rights requests regarding workplace data should be directed to your employer (the data controller). We will assist your employer in fulfilling their obligations.
For account administrators: Submit requests to support@tod360ai.com.
10. Children's Privacy
The Service is intended for use by businesses and professionals aged 18 and above. We do not knowingly collect personal information from individuals under 18. If we become aware that we have collected data from a minor, we will delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy periodically. Material changes will be notified via email and in-app notice at least 14 days before taking effect. The "Last updated" date at the top of this page reflects the most recent revision.
12. Contact Us
For privacy-related queries or data subject requests:
- Data Controller (for employee data): Your employer / the organisation that manages your account
- Data Processor (us): RDBYTES
- Email: support@tod360ai.com
- Address: 5/129, 'A' Type, 65th Street, Sidco Nagar, Villivakkam, Tamil Nadu, Chennai 600049
We aim to respond to all privacy requests within 30 days.