Privacy Policy

Last updated: July 2026

Faciro ("we", "us") provides workforce leave management software for small and medium businesses. This policy explains how we process personal data when you use faciro.com and related services.

Who is responsible for your data?

Your employer (the company workspace owner) is the data controller for employee leave records. Faciro acts as a data processor on behalf of your employer. For account and billing data, Faciro is the controller.

Data we collect

  • Identity and contact: name, email, phone number
  • Account: password (stored hashed), role, company association
  • Leave records: dates, type, status, reasons, manager notes
  • Sick leave attachments you upload (may include health-related information)
  • Technical: session cookie, server logs

Why we process data

  • To provide leave request and approval services
  • To send notifications (email) about leave status
  • To maintain security and prevent fraud
  • To comply with legal obligations

Legal basis (Mauritius Data Protection Act 2017)

Processing is based on contract performance (providing the service), legitimate interests of employers in managing workforce leave, and consent where required (e.g. account registration).

Data storage and subprocessors

Data may be processed using:

  • Neon (PostgreSQL database hosting)
  • Vercel (application hosting)
  • Resend (transactional email)

Data may be stored outside Mauritius. We use providers with appropriate security measures and contractual safeguards.

Retention

Leave records are retained while your employer maintains an active workspace and as required for employment and legal purposes. Password reset tokens expire after 1 hour.

Your rights

Under the Data Protection Act 2017, you may have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request erasure (subject to legal exceptions)
  • Object to certain processing

Employees should contact their employer first. You may also contact us at privacy@faciro.com.

Security

We use encryption in transit (HTTPS), hashed passwords, access controls, and company-scoped data isolation. No system is 100% secure; report concerns to security@faciro.com.

Contact

Email: privacy@faciro.com