Privacy Policy

Last updated: March 16, 2026

1. Introduction

Onboardia ("Company", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our employee onboarding platform ("Service").

Please read this Privacy Policy carefully. By using the Service, you consent to the data practices described in this policy.

2. Information We Collect

2.1 Information You Provide

We collect information you voluntarily provide when using the Service, including:

  • Account information: name, email address, password, and company name when you register
  • Employee data: names, email addresses, job titles, departments, and other onboarding-related information you enter about your employees
  • Documents: files you upload such as contracts, identification documents, and other onboarding materials
  • Form responses: data submitted through custom onboarding forms
  • Contact information: details you provide when reaching out to us via email or our website contact form

2.2 Information Collected Automatically

When you access the Service, we may automatically collect:

  • Log data: IP address, browser type, operating system, referring URLs, and access times
  • Usage data: pages viewed, features used, and actions taken within the Service
  • Device information: device type, screen resolution, and browser settings

2.3 Cookies

We use essential cookies to maintain your session and authenticate your access. We do not use third-party tracking cookies or advertising cookies.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Process and manage employee onboarding workflows
  • Send onboarding invitation emails on your behalf
  • Authenticate users and maintain account security
  • Respond to your requests and provide customer support
  • Monitor and analyze usage to improve the Service
  • Detect, prevent, and address technical issues and security threats
  • Comply with legal obligations

4. Data Storage and Security

We take the security of your data seriously and implement industry-standard measures to protect it:

  • Encryption at rest: all documents and files are encrypted using AES-256 on AWS S3
  • Encryption in transit: all data is transmitted over HTTPS/TLS
  • Access control: role-based access ensures users only see data relevant to their role
  • Session management: sessions expire automatically and enforce single-device access
  • Infrastructure: our Service is hosted on AWS infrastructure within the European Union
  • Password security: passwords are hashed using bcrypt and never stored in plain text

5. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties. We may share information only in the following circumstances:

  • Service providers: we use AWS for hosting, storage, and email delivery. These providers process data on our behalf under strict confidentiality agreements
  • Legal requirements: we may disclose information if required by law, regulation, legal process, or governmental request
  • Business transfers: in the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction
  • With your consent: we may share information with third parties when you explicitly authorize us to do so

6. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. When you delete your account or request data deletion:

  • Account data and employee records are deleted from our databases
  • Uploaded documents are removed from our storage systems
  • We may retain certain data as required by law or for legitimate business purposes (e.g., fraud prevention)

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: request a copy of the personal data we hold about you
  • Correction: request correction of inaccurate or incomplete data
  • Deletion: request deletion of your personal data
  • Portability: request a machine-readable copy of your data
  • Objection: object to certain processing of your data
  • Restriction: request restriction of processing in certain circumstances

To exercise any of these rights, please contact us at contact@onboardiahr.com.

8. International Data Transfers

Our Service is hosted within the European Union. If you access the Service from outside the EU, please be aware that your data may be transferred to and processed in the EU. We ensure appropriate safeguards are in place for any data transfers.

9. Children's Privacy

The Service is not intended for individuals under the age of 16. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal data, please contact us and we will take steps to delete such information.

10. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites you visit.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the Service after changes are posted constitutes acceptance of the revised policy.

12. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

contact@onboardiahr.com