Skip to main content
DWERK
How it worksPricingAsk VORQON →Start free →

Legal

Privacy Policy

Effective date: 3 June 2026 · Last updated: 3 June 2026

This policy describes how DWERK handles personal data under the Digital Personal Data Protection Act, 2023 (India). It aligns with disclosures you will see in the Apple App Privacy questionnaire and Google Play Data Safety form for the DWERK mobile app.

Contents

A. Who we areB. What we collect and whyC. How we use personal dataD. Data sharingE. Data location and transfersF. Your rights as a data principalG. Grievance officerH. RetentionI. Security measuresJ. ChildrenK. Changes to this policyL. Effective date

A. Who we are

DWERK is the operating system for verified physical work — operational infrastructure for attendance, proof capture, exceptions, and audit-ready records. The platform is provided by Dwerk Systems Private Limited ( “DWERK”, “we”, “us”), incorporated in India, with its principal place of business in Bengaluru, Karnataka.

For the purposes of the Digital Personal Data Protection Act, 2023, Dwerk Systems Private Limited acts as the Data Fiduciary for personal data processed through the DWERK platform, except where your employer or service partner acts as a separate data fiduciary for data they control outside DWERK.

General contact: support@dwerk.io
Legal and privacy: legal@dwerk.io

B. What we collect and why

We collect only what is needed to operate DWERK. The mobile app disclosures below match Apple App Privacy and Google Data Safety categories.

Mobile app — frontline workers and supervisors

  • Phone number — OTP sign-in and account recovery. Retained while your account is active. Not sold. Purpose: app functionality only.
  • Name — display and operational records (user-provided or provisioned by your operator). Purpose: app functionality only.
  • Worker / actor identifier — assigned operational ID (for example FIELD-XXXX) linked to your account. Purpose: app functionality only.
  • Precise location — captured at check-in and check-out moments only (foreground / when-in-use). We do not collect background location. Purpose: verify you are at the assigned site when you record attendance.
  • Photos — selfie at check-in and task evidence photos you capture in the app. Purpose: proof-linked operational records. Not used for advertising or facial recognition marketing.
  • Device identifier — session attribution and fraud resistance. Purpose: app functionality only.

Web console — facility leaders and service partners

  • Name, email, phone, role title, organization name
  • Site configuration, contracts, scopes, and operational configuration you enter
  • Audit and export activity logs tied to your account

Website (dwerk.io)

  • Information you submit on contact or signup forms
  • Minimal analytics (page views) via our hosting provider — no advertising profiles
  • Optional AI assistant chat on the website only — not trained on your tenant operational data
  • IP address processed transiently for rate limiting — not stored as a persistent profile

Consent and notice: By using DWERK after your operator provisions access, you are informed of this policy. Where required, your organization obtains workforce notice; you may contact us or your operator with questions before continuing to use the app.

C. How we use personal data

We use personal data to:

  • Authenticate you and keep your session secure
  • Record check-in, check-out, tasks, absences, and exceptions with proof
  • Show supervisors and authorized operators the operational truth they need for their site
  • Generate exports and audit trails for contracted organizations
  • Respond to support and legal requests
  • Maintain platform reliability and security

We do not use personal data to:

  • Sell, rent, or trade personal data
  • Build advertising or cross-app tracking profiles
  • Share operational records across unrelated client organizations
  • Train third-party AI models on your tenant operational ledger

Service partners (SP) and facility leaders (FL) see operational data permitted by their workspace role and active service contract — not for surveillance products unrelated to contracted operations.

D. Data sharing

We do not sell personal data. Limited sharing occurs only as described below.

Within your operational chain

  • Your service partner and facility operator may view records for sites and contracts they manage, per role and contract scope.
  • Operational exports stay within your organization's governance rules.

Sub-processors (platform operation only)

  • Supabase — primary database (PostgreSQL). Region configured for India deployment.
  • Render — backend API hosting (United States). Access restricted to platform operations.
  • Vercel — website and console front-end hosting (global edge).
  • MSG91 — OTP delivery via WhatsApp/SMS channels where enabled (India).
  • Resend — transactional email where enabled.
  • Anthropic — optional website chat assistant only; not applied to mobile operational ledger.

For Apple and Google store questionnaires: operational data is not shared with third parties for advertising or tracking. Hosting and messaging providers process data solely to run the service.

E. Data location and transfers

Primary operational records are stored in our database region configured for India (Supabase). Some processing occurs on infrastructure in other countries — notably API hosting on Render in the United States and CDN/edge delivery via Vercel. Where personal data is processed outside India, we rely on contractual safeguards with sub-processors and purpose limitation in this policy.

Data in transit is protected with HTTPS (TLS 1.2 or higher). Data at rest uses encryption provided by our cloud sub-processors (managed database and object storage encryption).

F. Your rights as a data principal

Under the Digital Personal Data Protection Act, 2023, you may have the right to:

  • Access — request a copy of personal data we hold about you
  • Correction — request correction of inaccurate personal data
  • Erasure — request deletion when no longer required (subject to legal and contract retention)
  • Grievance redressal — escalate to our Grievance Officer (Section G)
  • Nominate — nominate another individual to exercise rights on your behalf where the law allows

How to exercise rights: email support@dwerk.io from your registered phone or with confirmation from your operator. We acknowledge requests within one business day and aim to complete access, correction, or erasure requests within 15 business days, or sooner where possible. Complex requests may take longer — we will tell you.

Account deletion: email support@dwerk.io with your name, registered phone (last four digits are enough if you prefer), and organization. Your operator may also initiate offboarding per contract.

G. Grievance officer

For privacy grievances under the Digital Personal Data Protection Act, 2023:

  • Name: Praveen Kumar (Grievance Officer)
  • Email: legal@dwerk.io
  • Response SLA: within 7 days of receipt, per applicable DPDP timelines

H. Retention

  • Active accounts: personal data retained while your organization's service contract is active and you remain provisioned.
  • Inactive accounts: after contract end or de-provisioning, a grace period of up to 6 months may apply before automated review for deletion, unless your contract specifies otherwise.
  • Append-only event ledger: operational events may be retained for business records, dispute resolution, and regulatory needs — typically aligned to contract and applicable law (often multi-year for audit trails).
  • Security and access logs: retained as needed for security investigations and compliance obligations.

I. Security measures

Summary of measures (not an exhaustive technical specification):

  • Encryption in transit (TLS) for all client connections
  • Encryption at rest on managed database and storage (Supabase / cloud provider defaults)
  • Tenant isolation at the data layer — one client cannot query another's operational records
  • Append-only event ledger design for tamper-evident operational history
  • Role-based access in console and mobile surfaces
  • Audit logging for sensitive console actions
  • Internal security review on each release; external certification audit planned — we do not claim SOC 2 or ISO 27001 certification today

J. Children

DWERK is a workplace operations tool. It is not directed at children under 18. We do not knowingly collect personal data from minors. If you believe a minor's data was collected, contact legal@dwerk.io and we will delete it promptly.

For Google Play Data Safety: the app is not designed for users under 13.

K. Changes to this policy

We may update this policy as law, store requirements, or platform features change. Material changes will be communicated to registered console users by email and surfaced in-app where practical. The effective date at the top of this page will change when updates apply.

L. Effective date

This policy is effective from 3 June 2026. Previous version dated 27 March 2026 is superseded for store submission and DPDP alignment purposes.

Related: Terms of Service · Support

DWERK

Physical work, verified. Infrastructure for operational proof across enterprise physical operations.

hello@dwerk.io
Product
How it worksMobileConsoleVORQONTraining
Company
AboutBlogGuidePricing
Legal
Privacy PolicyTermsSecurity
© 2026 Dwerk Systems Private Limited
Language: EN · HI · KN