1. Who We Are
Wainga is a workforce management platform built for Indian labour teams, contractors, and SMEs. We provide HRMS, billing, and talent tools that help employers manage attendance, payroll, compliance, and worker skill profiles. Our platform is accessible at wainga.com.
For purposes of data protection law, Wainga is the data controller for information about its Subscribers (company owners and their team members). For worker personal data uploaded by a Subscriber, Wainga acts as a data processor on behalf of that Subscriber.
2. Data We Collect
2.1 Subscriber & Account Data
| Category | Examples | Source |
|---|---|---|
| Identity | Full name, email address, mobile number | Provided by you during registration |
| Company details | Company name, type, PAN, official email & phone | Provided by you during onboarding |
| Billing & payment | Subscription plan, payment method type, transaction IDs (Razorpay) | Collected at checkout; card details held by Razorpay |
| Usage data | Pages visited, features used, session duration, IP address | Automatically collected by the Platform |
| Communication | Support emails, feedback messages | Provided by you when contacting us |
2.2 Worker Data (uploaded by Subscribers)
| Category | Examples |
|---|---|
| Identity & KYC | Name, Aadhaar number (masked), photo, date of birth, address |
| Attendance & shifts | Clock-in/out records, site location, shift assignments |
| Payroll | Wages, deductions, PF/ESIC contributions, bank account details for salary transfer |
| Compliance | Labour licence numbers, form submissions, statutory register entries |
| Skills & certifications | Trade skills, certifications, work history contributing to the Skill Passport |
| Leave & settlements | Leave applications, balances, Full & Final Settlement records |
Worker data is provided to Wainga by the Subscriber (employer or contractor) who is responsible for obtaining the necessary consents from workers.
3. How We Use Your Data
- Provide and operate the Platform — delivering the HRMS, Billing, Worker Portal, and other subscribed features.
- Process payments — verifying transactions and managing your Subscription through Razorpay.
- Communications — sending payslips, invoices, welcome emails, overdue reminders, and account notifications.
- Platform improvement — analysing usage patterns (in aggregate and anonymised form) to improve features and fix issues.
- Legal compliance — retaining records as required by Indian labour, tax, and financial regulations.
- Security — detecting and preventing fraud, abuse, and unauthorised access.
- Insight Hub — generating labour-related content using LLM tools where enabled; no personally identifiable Subscriber or worker data is passed to external AI providers.
We do not sell your data or use it for advertising.
4. Legal Basis for Processing
We process personal data on the following grounds under applicable Indian law and internationally recognised principles:
- Contract performance — processing needed to provide the services you have subscribed to.
- Legitimate interests — analytics, security monitoring, and platform improvement, balanced against your rights.
- Legal obligation — retaining financial and statutory records as required by Indian law.
- Consent — where we rely on consent (e.g. optional marketing communications), you may withdraw it at any time.
5. Data Sharing & Disclosures
We share personal data only in the following circumstances:
- Razorpay — your name and email are shared to create a payment customer record. Razorpay processes card details under its own privacy policy and PCI-DSS certification.
- Email delivery providers — your email address is passed to our transactional email service to deliver payslips, invoices, and notifications.
- Infrastructure providers — our hosting and database providers store Platform data under contractual data processing agreements.
- Legal or regulatory requirements — if required by law, court order, or a government authority, we may disclose data. We will notify you where permitted.
- Business transfer — if Wainga is acquired or merged, personal data may be transferred to the acquiring entity under equivalent protections.
We do not share individual Subscriber or worker data with other Subscribers.
6. Worker Data — Special Provisions
Because Wainga handles sensitive personal data of blue-collar workers who may have limited digital literacy, we apply the following additional protections:
- Data minimisation — we store only the fields that Subscribers enter. We do not require Aadhaar numbers; any such field is masked at rest.
- Worker access — workers can access their own Skill Passport, payslips, and attendance records through the Worker Portal at any time using their registered mobile number, independent of their employer's account status.
- Portability — workers may request an export of their personal data held on the Platform by contacting support@wainga.com.
- Deletion requests — workers may request deletion of their data. Where legal retention requirements do not apply, we will action such requests within 30 days. Payroll records required for statutory compliance are retained for the legally mandated period.
- Employer limitations — a Subscriber may deactivate a worker record but cannot permanently delete a worker's Skill Passport or verified work history. This protects workers' portable career records.
7. Data Retention
- Account data — retained for the duration of your Subscription plus 5 years for financial and legal compliance, or as required by applicable law.
- Payroll & compliance records — retained for a minimum of 7 years from the date of entry, consistent with Indian statutory requirements.
- Worker Skill Passports — retained indefinitely for the benefit of the worker, unless the worker requests deletion.
- Usage & log data — retained for 90 days for security and debugging purposes.
After the applicable retention period, data is securely deleted or anonymised.
8. Security
We implement the following measures to protect your data:
- Encryption in transit (TLS 1.2+) for all data exchanged between your browser and our servers.
- Encrypted storage for sensitive fields (e.g. Aadhaar, bank account numbers are masked).
- Role-based access controls ensuring team members can only access data relevant to their role.
- Regular security reviews and dependency updates.
- Auto-generated, complex passwords for new accounts, delivered securely by email.
No method of electronic transmission or storage is 100% secure. If you become aware of a potential security issue, please report it immediately to support@wainga.com.
9. Cookies & Analytics
The Platform uses the following types of cookies:
- Session cookies — essential for login state and cart management. These expire when you close your browser.
- Preference cookies — remembering your language preference (English / मराठी). Stored in
localStorage. - Security cookies — CSRF tokens to protect against cross-site request forgery attacks.
We do not currently use third-party advertising or tracking cookies. If this changes, we will update this Policy and provide a consent mechanism.
10. Your Rights
Request a copy of the personal data we hold about you.
Ask us to correct inaccurate or incomplete data.
Request deletion of your data where no legal retention requirement applies.
Receive your data in a machine-readable format (JSON / CSV export).
Object to processing based on legitimate interests.
Request restriction of processing in certain circumstances.
To exercise any right, email support@wainga.com with subject line "Privacy Request — [Right]". We will respond within 30 days. In some cases we may need to verify your identity before processing the request.
11. Children's Privacy
The Platform is intended for use by businesses and adults (18+). We do not knowingly collect personal data from anyone under 18. If you believe a minor's data has been uploaded in error, please contact us and we will take appropriate action.
12. Changes to This Policy
We may update this Privacy Policy to reflect changes in our practices or applicable law. Material changes will be communicated to active Subscribers by email at least 14 days before they take effect. The "Last updated" date at the top of this page will always reflect the most recent revision.
13. Contact & Grievance Officer
Support: support@wainga.com
Admin / Data Officer: admin@wainga.com
Phone / WhatsApp: +91 77410 67045
Subject line format: "Privacy Request — [Access / Deletion / Correction / Portability]"
We aim to acknowledge all privacy requests within 3 business days and resolve them within 30 days. If you are not satisfied with our response, you may raise a complaint with the relevant data protection authority.