Effective Date: November 1, 2025  |  Last Updated: May 21, 2026

MyCo (operated in the United States by Communities Heritage Pvt. Ltd., DBA CHPL USA, with US correspondence at PO Box 2605, Fair Lawn, NJ 07410) ("MyCo," "we," "us," or "our") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and protect personal information when you visit us.my-co.app, install or use the MyCo mobile or web applications, or otherwise interact with our products and services (collectively, the "Services").

This Policy applies to visitors to our marketing website, customers and prospective customers of MyCo, and employees of our business customers whose data we process on their behalf.

If you do not agree with this Policy, please do not use our Services. By using the Services, you acknowledge that you have read and understood this Policy.

1. Information We Collect

We collect the following categories of personal information:

  • Account & contact data — name, business email, phone number, employer, job title, billing address.
  • Workforce data submitted by your employer (if you use MyCo as an employee of a MyCo customer) — identifiers, employment status, attendance records, GPS coordinates during work hours, photos for face-scan verification, leave balances, performance feedback, payroll data.
  • Biometric identifiers — facial geometry templates generated on-device for attendance verification. We do not store raw face images on our servers by default.
  • Payment information — processed by our payment processors (Stripe, ACH/wire). We do not store full card numbers on our servers.
  • Usage & device data — IP address, browser type, device identifiers, operating system, pages viewed, referring URL, timestamps, crash reports.
  • Cookies & similar technologies — see Section 11.
  • Communications — messages, support tickets, call recordings (with consent where required).
2. How We Use Personal Information

We use personal information to:

  • provide, operate, and improve the Services;
  • create and manage accounts;
  • process transactions and send billing communications;
  • authenticate users and protect against fraud, abuse, and security incidents;
  • respond to support requests;
  • send service notices, updates, and (with consent where required) marketing communications;
  • comply with legal obligations and enforce our agreements;
  • conduct internal research and analytics in aggregated/de-identified form.

Where we act as a service provider / processor for our business customers (for example, processing employee data submitted by an employer), we use that data only to provide the Services to the customer and on the customer's documented instructions.

3. Legal Bases (EEA, UK, and similar jurisdictions)

If you are in the EEA, UK, Switzerland, or similar jurisdictions, we rely on the following legal bases: (a) contract — to provide the Services you requested; (b) legitimate interests — to secure, improve, and market our Services; (c) consent — for cookies and marketing communications where required; (d) legal obligation — to comply with applicable law.

4. How We Share Personal Information

We do not sell your personal information. We share personal information only:

  • with service providers we engage to operate the Services (cloud hosting, email delivery, analytics, payment processing, customer support) under contracts requiring them to protect the data;
  • with integrations you or your employer authorize (e.g., accounting, communications platforms);
  • with your employer if you use MyCo as an employee of a MyCo customer;
  • to comply with law, respond to lawful requests, enforce our agreements, and protect rights, property, or safety;
  • in connection with a merger, acquisition, financing, or sale of all or a portion of our business; we will notify you of any change in ownership or uses.
5. International Transfers

MyCo operates primarily from the United States. If you access the Services from outside the US, your information will be transferred to and processed in the US and other countries that may not provide the same level of data protection as your home jurisdiction. Where required, we rely on appropriate transfer mechanisms such as the EU Standard Contractual Clauses or the UK International Data Transfer Addendum.

6. Data Retention

We retain personal information for as long as needed to provide the Services and for a reasonable period thereafter to comply with legal obligations, resolve disputes, and enforce our agreements. Customer-controlled data (e.g., employee records submitted by an employer) is retained according to the customer's contract and retention settings; on request, we will delete or return such data within 30 days of contract termination, subject to legal hold obligations.

7. Security

We use commercially reasonable administrative, technical, and physical safeguards to protect personal information, including TLS encryption in transit, encryption at rest for sensitive fields, role-based access control, audit logging, and SOC 2-aligned operational controls. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

8. Your Privacy Rights

Depending on where you live, you may have the following rights:

  • Access — request a copy of the personal information we hold about you;
  • Correction — request that we correct inaccurate information;
  • Deletion — request that we delete personal information, subject to legal exceptions;
  • Portability — request a portable copy of personal information you provided;
  • Opt-out of "sale" or "sharing" for cross-context behavioral advertising (we do not sell personal information, but you can still submit a request);
  • Limit the use of sensitive personal information (where applicable);
  • Non-discrimination — we will not discriminate against you for exercising your rights;
  • Withdraw consent (where processing is based on consent);
  • Lodge a complaint with a supervisory authority.

To exercise these rights, email [email protected]. We will verify your identity before responding. If MyCo processes your data on behalf of an employer, please direct your request to your employer first.

9. California Residents (CCPA / CPRA)

In the 12 months preceding the Effective Date, we collected the following categories of personal information from California residents: identifiers, contact information, commercial information, internet/network activity, geolocation (when explicitly enabled by employer), professional/employment information, and inferences. We do not sell personal information and have not sold it in the preceding 12 months. We do not knowingly share personal information for cross-context behavioral advertising. California residents may also request information under the "Shine the Light" law (CA Civil Code § 1798.83).

10. Other US State Privacy Rights

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas, Oregon, Montana, Iowa, Tennessee, Indiana, Florida, Delaware, New Jersey, New Hampshire, Maryland, Minnesota, and similar states have rights described in Section 8. To submit a request, email [email protected]. You may appeal a denial by replying to our response with "APPEAL" in the subject line.

11. Cookies & Tracking

We use cookies and similar technologies for essential site functionality, analytics (Google Analytics 4, Microsoft Clarity), advertising (Google Ads, LinkedIn Insight Tag), and personalization. You can manage cookies via your browser settings or our cookie banner. We honor the Global Privacy Control (GPC) signal as a valid opt-out request for cross-context behavioral advertising.

12. Children's Privacy

The Services are not directed to children under 16. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us and we will delete it.

13. Third-Party Links & Services

Our Services may link to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of those third parties. Please review their privacy policies before providing any personal information.

14. Changes to This Policy

We may update this Policy from time to time. The "Last Updated" date at the top reflects the latest revision. We will provide notice of material changes (for example, via email or in-product notice) before they take effect.

15. Contact Us

Questions or requests? Contact us at:

MyCo (CHPL USA)
PO Box 2605, Fair Lawn, NJ 07410, USA
Email: [email protected]
Phone: +1 (512) 954-4288