# Data Privacy & Ethics
**Data Privacy & Ethics**
At We360.ai, data protection and ethical processing of workforce analytics are governed by strict legal, regulatory and information security standards. Our platform is designed to ensure that organizational visibility is achieved without compromising individual privacy, data ownership or lawful processing principles.
## Lawful, Fair & Purpose Limited Processing
We360.ai processes data solely for legitimate and explicitly defined business purposes, including productivity insights, operational analytics, insights, system security and regulatory compliance.
Data collection is limited to what is relevant, necessary and proportionate to these purposes, in alignment with globally accepted privacy principles and the requirements of the Digital Personal Data Protection Act (DPDP Act 2023), India.
## Transparency & Informed Use
{% hint style="info" %}
We enable organizations to implement clear and auditable monitoring policies by providing:
* Configurable tracking controls aligned to business requirements
* Visibility into what data is collected and how it is used
* Access for users to view their own work analytics
This ensures transparency, supports informed deployment and promotes accountable data governance.
{% endhint %}
## Data Subject Rights & Control
We360.ai supports the exercise of user rights, including the ability to:
* Access and review personal data
* Request rectification or erasure, where applicable
* Withdraw consent in consent based environments
* Raise grievances through defined redressal mechanisms
Data ownership remains with the customer organization and We360.ai acts as a data processor in accordance with contractual obligations.
## Security & Technical Safeguards
We maintain enterprise grade information security controls to ensure the confidentiality, integrity and availability of data, including:
* Encryption of data in transit and at rest
* Role based access control and least privilege enforcement
* Secure hosting infrastructure
* Continuous monitoring and vulnerability management
Our security framework aligns with internationally recognized standards such as ISO 27001, VAPT and SOC 2 Type II.
## Data Collection Specifics
All data collected by the We360.ai agent is encrypted both in transit and at rest using Google Cloud Platform (GCP) for secure storage.
Computer and User Information
The agent collects essential device and session metadata (not tied to individual user activities):
* **Computer Name** -- The machine's hostname.
* **Computer Timezone** -- The local timezone configured on the device.
* **Logon Domain** -- The Active Directory domain name, or the computer name if not domain-joined.
* **Network ID** -- A hashed representation used for uniqueness.
* **Private IP** -- Local network IP address.
* **Public IP** -- Internet-facing IP address.
* **Session ID** -- Identifies different user sessions, particularly on terminal servers.
* **User Information** -- Login names from the operating system (friendly name and simple login name).
User Activity Information
User activity is defined as the currently active window with mouse movement, mouse clicks, and keypresses — all captured with **sub-second precision**. We360.ai provides fully functional keyboard and mouse activity tracking but does **not** perform keylogging; individual characters typed are never recorded. The information collected includes:
* **Date and Time** -- When a specific activity was first accessed.
* **Description** -- Brief description of each activity.
* **Duration** -- Time spent on an activity.
* **Executable** -- The executable file associated with each activity.
* **Screenshots** -- Periodic screenshots of the active window (frequency is configurable).
* **Title** -- Content of the title bar of the activity window.
* **URL** -- Full URL accessed in a browser for web-based activities.
Data We Never Collect
We360.ai strictly does not collect:
* **Keystroke logging** -- Individual keystrokes are never recorded.
* **Video camera monitoring** -- Webcam feeds are never accessed or recorded.
## The Blur Engine
To further strengthen privacy protection, We360.ai incorporates a built-in **Blur Engine** designed to prevent the exposure of sensitive or confidential information during screen monitoring or analytics processes.
The Blur Engine automatically obscures or masks sensitive visual data that may appear on user screens, ensuring that productivity insights can be generated without revealing confidential content.
{% hint style="success" %}
The Blur Engine reinforces We360.ai’s commitment to **privacy by design**, ensuring that productivity analytics and workforce intelligence can be delivered while minimizing unnecessary exposure of sensitive data.
{% endhint %}
Key Capabilities of the Blur Engine
* Automatic blurring of sensitive on-screen content where required
* Configurable privacy settings aligned with organizational policies
* Protection of confidential information such as personal communications, financial details, authentication fields, or other sensitive data elements
* Support for privacy-conscious monitoring practices in hybrid and remote work environments
## Data Lifecycle
{% columns %}
{% column %}
**Data Retention & Minimization**
Data is retained only for the duration necessary to fulfill the specified purpose or to meet contractual and legal requirements. Upon expiry of the retention period, data is securely deleted or irreversibly anonymized.
{% endcolumn %}
{% column %}
**Third-Party Processing**
If required, any engagement with subprocessors is governed by strict confidentiality, data processing agreements and equivalent security obligations. Cross border data transfers, where applicable, are conducted in compliance with relevant legal frameworks.
{% endcolumn %}
{% endcolumns %}
## Compliance Commitment
Our privacy and security program are structured to support compliance with major global data protection and industry regulations:
{% tabs %}
{% tab title="DPDP" %}
**Digital Personal Data Protection Act 2023 (India)** Aligns with requirements governing the processing of digital personal data in India.
{% endtab %}
{% tab title="GDPR" %}
**General Data Protection Regulation** Governs the protection of personal data for individuals within the European Union.
{% endtab %}
{% tab title="CCPA" %}
**California Consumer Privacy Act** Provides California residents with enhanced rights regarding the use of their personal data.
{% endtab %}
{% tab title="HIPAA" %}
**Health Insurance Portability and Accountability Act** Protects sensitive patient health information from being disclosed without the patient's consent or knowledge.
{% endtab %}
{% tab title="SOC 2 Type II" %}
**Service Organization Control 2 Type II** Validates that internal controls meet the Trust Service Criteria.
{% endtab %}
{% endtabs %}
## Governance & Accountability
We maintain internal policies, audit mechanisms and contractual controls to ensure responsible data handling and continuous compliance with evolving regulatory standards.
Data Governance Policies
**Data Residency**
Customer data is hosted in secure cloud infrastructure environments designed to meet enterprise security and compliance requirements. Where applicable, We360.ai supports hosting customer data within specific geographic regions to comply with regulatory or organizational data residency requirements. For customers operating in India, data may be hosted within infrastructure located in India to support compliance with the Digital Personal Data Protection Act and other applicable regulations.
**Data Ownership**
Customers retain full ownership of the data they provide or generate within We360.ai. The organization does not sell, rent, or commercially exploit customer data. Customer data is processed solely for the purpose of delivering platform services and supporting system functionality.
**Data Usage Limitations**
Customer data is processed only for legitimate operational purposes related to the delivery of platform services including:
* Platform functionality and analytics
* System monitoring and troubleshooting
* Service improvement and reliability
Unauthorized access, sharing, or use of customer data is strictly prohibited. Data usage is governed by strict access control policies and internal security procedures.
Customer Access & Portability
**Customer Data Access Rights**
Customers maintain control over access to their data within We360.ai. Authorized customer administrators can:
* Manage user access permissions
* Configure system integrations
* View and analyze operational data
* Export data where functionality permits
**Data Portability**
Customers may request access to their data in order to export or transfer it for operational or compliance purposes through APIs, system reports, or explicit export mechanisms.
## Ethical Use of Workforce Analytics
We360.ai is built on the principle that workforce analytics must enable better work outcomes while preserving individual dignity, trust and organizational transparency. The platform is designed to generate objective, work pattern based insights that support process optimization, capacity planning and data driven decision making, rather than employee surveillance.
Workplace data is contextualized to reflect productivity trends, application usage patterns and workflow efficiency, ensuring that insights are business relevant and not behaviorally intrusive.
{% hint style="info" %}
We360.ai does not position analytics as a tool for micromanagement or punitive evaluation. Instead, it enables organizations to adopt a balanced, proportionate and policy driven approach that is consistent with applicable data protection laws, internal governance frameworks and globally accepted workplace ethics standards.
{% endhint %}
We360.ai promotes ethical deployment by enabling organizations to:
* Define role-based and policy driven tracking configurations aligned with business needs.
* Restrict monitoring to designated work hours and authorized environments.
* Provide employees visibility into their own productivity analytics to encourage self improvement and accountability.
* Use aggregated and trend based insights for performance conversations, workforce planning and process enhancement.
* Avoid disproportionate or covert monitoring practices.
### Stealth and Visible Modes
We360.ai provides configurable deployment options through Stealth Mode and Visible Mode, allowing organizations to align monitoring practices with their internal policies and regulatory requirements.
{% tabs %}
{% tab title="Visible Mode" %}
Ensures transparency by displaying the application interface to users, allowing them to view their work analytics and system status. Users are required to punch in & out in Visible Mode.
{% endtab %}
{% tab title="Stealth Mode" %}
Where permitted by applicable laws and organizational policies, allows the monitoring agent to operate silently in the background without a visible interface. Stealth Mode is fully functional — all tracking features (per-second activity monitoring, screenshots, input tracking, and screen recording) work identically to Visible Mode.
{% endtab %}
{% endtabs %}
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.we360.ai/reference/work-and-time-management/framework/data-privacy-and-ethics.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.