Frekyl Privacy Policy

Last Updated: April 8, 2026

Frekyl Software, Inc. (“Frekyl”, “we,” “our,” “us”) is committed to protecting the privacy of the individuals and organizations that use our platform. This Privacy Policy describes how we collect, use, disclose, and protect personal information in connection with our absence management and workforce communication services (collectively, the “Services”).

Frekyl is headquartered in Canada and our practices are grounded in the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation. For organizations that operate in the European Economic Area (EEA) or United Kingdom, additional rights and obligations apply and are described in Section 11 of this policy.

By using Frekyl, you agree to the terms of this Privacy Policy. If you do not agree, please do not use our Services.

1. Our Role

Frekyl provides workforce management tools to organizations (“Employers”). In doing so, we handle personal information in two capacities:

  • On behalf of Employers: When Employers use Frekyl to manage their workforce, they direct how employee personal information is collected and used. Frekyl processes that information on the Employer’s behalf and in accordance with their instructions.
  • As a service operator: For platform administrators and users who interact with Frekyl directly, we determine how certain information is collected and used to operate and improve our Services.

This distinction matters when exercising privacy rights, some requests will be handled directly by Frekyl, while others will be directed to the relevant Employer.

2. Information We Collect

Information Provided by Employers

When an Employer sets up and manages their account, they may provide us with employee information including:

  • Name, email address, and phone number
  • Employee ID, department, job title, location, and employment status
  • Seniority date and work schedule details
  • Absence reports including dates, reason, contact method, and status

Information You Provide Directly

  • Account credentials (name, email address, password) when registering
  • Profile details such as role, department, and communication preferences
  • Messages, files, and notifications sent through the platform
  • Information submitted when contacting our support team

Information Collected Automatically

  • Log data including IP address, browser type, device information, and pages visited
  • Time zone and general usage patterns
  • Cookies and similar technologies (see Section 9)

3. How We Use Personal Information

We use personal information to:

  • Provide, operate, and maintain the Services
  • Facilitate absence reporting, scheduling, and workforce communication within your organization
  • Respond to support requests and service inquiries
  • Send service updates, security alerts, and administrative notices
  • Improve platform performance and user experience
  • Detect and prevent unauthorized access or fraudulent activity
  • Comply with applicable legal and regulatory obligations

We may also use anonymized or aggregated data – from which no individual can be identified – for analytics and product improvement. This data is not subject to privacy legislation.

4. How We Share Personal Information

We do not sell, rent, or trade personal information. We share information only in the following circumstances:

  • With your Organization: To support team communication, absence records, and permissions management within your organization
  • With Service Providers: Trusted third-party vendors that help us operate Frekyl, such as cloud hosting and analytics providers. These providers are contractually bound to protect personal information and may not use it for their own purposes.
  • For Legal Reasons: When required by applicable law, court order, or to protect the rights, safety, or property of Frekyl, our clients, or the public.
  • Business Transfers: If Frekyl is involved in a merger, acquisition, or sale of assets, personal information may be transferred as part of that transaction. We will provide reasonable notice and ensure that appropriate protections are maintained.

5. Data Retention

We retain personal information only for as long as necessary to provide our Services, fulfill the purposes described in this policy, or as required by law.

  • Active employee records are retained for the duration of the Employer’s subscription and as required by applicable employment legislation
  • Following account termination, data is held for a reasonable period to meet legal obligations and then securely deleted or irreversibly anonymized
  • Employers may request deletion or anonymization of specific employee records at any time by contacting privacy@frekyl.com

When personal information is no longer required and the applicable retention period has passed, it is securely deleted or irreversibly anonymized. Anonymized data – which cannot be linked back to any individual – is no longer subject to privacy legislation.

6. Anonymization and the Right to Erasure

Where an Employer requests deletion of an employee’s personal information, Frekyl satisfies this by irreversibly anonymizing the individual’s record. This means:

  • Name, email address, phone number, and employee ID are replaced with anonymized placeholders
  • Absence history is retained in anonymized form to preserve operational continuity and record integrity
  • The anonymization process is permanent and cannot be undone

This approach preserves system integrity while fully satisfying the individual’s privacy rights. Note that anonymization of active employee records may be limited where continued processing is required to fulfill an employment contract or legal obligation.

7. Your Privacy Rights

Subject to applicable law, individuals may have the right to:

  • Request access to the personal information we hold about you
  • Request correction of inaccurate or incomplete information
  • Request deletion of your personal information
  • Withdraw consent where processing is based on consent
  • Ask questions about how your information is being used

To exercise any of these rights, contact us at privacy@frekyl.com. We will respond within a reasonable timeframe and no later than 30 days. Where Frekyl is processing your information on behalf of an Employer, we may need to direct your request to that Employer as the party responsible for that data.

8. Security

We use industry-standard technical and organizational measures to protect personal information against unauthorized access, loss, misuse, or disclosure. These include:

  • Encryption of data in transit and at rest
  • Role-based access controls and least-privilege permissions
  • Regular security assessments and monitoring
  • Staff training on privacy and data protection obligations

In the event of a privacy breach that poses a real risk of significant harm, we will notify affected individuals and, where required, applicable regulatory authorities in accordance with our legal obligations. No online system is completely immune to risk, and we cannot guarantee absolute security.

9. Cookies and Tracking Technologies

We use cookies and similar technologies to operate and improve our Services. These fall into two categories:

  • Strictly necessary: Essential for core platform functionality such as authentication and session management. These are required for the Services to work and cannot be disabled.
  • Analytics: Used to understand how users interact with the platform so we can improve performance and usability. These are only placed with your consent.

You can manage your cookie preferences through your browser settings or your account preferences at any time.

10. International Data Transfers

Frekyl is based in Canada, which the European Commission has recognized as providing an adequate level of data protection for commercial organizations subject to PIPEDA.

If you access our Services from outside Canada, your information may be transferred to and processed in Canada or other countries where our service providers operate. We take steps to ensure that appropriate protections are in place for any such transfers, including contractual safeguards with our service providers.

11. Additional Rights for EEA and UK Users

This section applies only to organizations and individuals located in the European Economic Area (EEA) or the United Kingdom where Frekyl’s GDPR compliance features have been enabled by the Employer. It supplements the general rights described in Section 7 and takes precedence where there is any conflict.

Lawful Basis for Processing

Where GDPR applies, we process personal data only where we have a valid lawful basis:

  • Performance of a contract: To deliver the Services your organization has contracted for
  • Legal obligation: To comply with applicable employment, tax, and regulatory obligations
  • Legitimate interests: To operate, secure, and improve our platform where our interests do not override individual rights
  • Consent: For specific processing activities not covered by the above

Extended Rights Under GDPR In addition to the general rights in Section 7, EEA and UK users have the following rights under the GDPR:

  • Right to Data Portability (Art. 20): Receive your personal data in a structured, machine-readable format.

  • Right to Restriction (Art. 18): Request restriction of processing in certain circumstances.

  • Right to Object (Art. 21): Object to processing based on legitimate interests.

EU and UK Representation (Art. 27) Individuals and data protection supervisory authorities in the UK and EEA may contact our local representatives regarding any processing of personal data:

  • UK Representative: [Frekyl is currently appointing a UK representative. In the interim, please direct all inquiries to privacy@frekyl.com]

  • EEA Representative: [Frekyl is currently appointing an EEA representative. In the interim, please direct all inquiries to privacy@frekyl.com]

Controller and Processor Roles

Under the GDPR, Employers using Frekyl act as the data controller for their employees’ personal data. Frekyl acts as the data processor, processing data only on the Employer’s documented instructions. Frekyl offers a Data Processing Agreement (DPA) to all Employers as required under Art. 28 GDPR. To request a DPA, contact privacy@frekyl.com.

International Transfers from the EEA/UK

For transfers of personal data from the EEA or UK to Canada or other countries, we rely on appropriate safeguards including Standard Contractual Clauses (SCCs) approved by the European Commission, or other lawful transfer mechanisms under Chapter V GDPR.

Supervisory Authority

If you are located in the EEA or UK and are not satisfied with how we have handled a privacy concern, you have the right to lodge a complaint with your national data protection supervisory authority (for example, the ICO in the UK, or your relevant EU member state authority).

12. Children’s Privacy

Frekyl is designed for organizational and workforce use and is not directed to individuals under the age of 16. We do not knowingly collect personal information from minors. If we become aware that we have inadvertently done so, we will delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or applicable law. The latest version will always be available on our website with the updated effective date. Where changes are material, we will provide notice through the platform or by email at least 14 days before they take effect.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please reach out:

  • Email: privacy@frekyl.com

We take privacy concerns seriously and will respond promptly. If you are not satisfied with our response, you may have the right to escalate your concern to the appropriate regulatory authority in your jurisdiction.