Skip to main content

Documentation Index

Fetch the complete documentation index at: https://empuls.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

Empuls (operated by Nreach Online Services Private Limited) is committed to protecting the privacy of every person whose data passes through the platform — whether that is an HR administrator, a manager, or a frontline employee participating in a recognition program. This page summarizes the key practices described in the full Empuls Privacy Policy and explains what they mean for your organization in plain terms.

Who this applies to

The Empuls Privacy Policy covers three groups of people:
  • Customer Companies — organizations that subscribe to Empuls and configure the platform for their workforce
  • Employee Users — individual employees of Customer Companies who use the app, website, or service
  • Potential Customers — individuals visiting the Empuls website or requesting information about the service

What data Empuls collects

From Customer Companies

When your organization signs up or requests information, Empuls collects the contact details provided during that process: full name, email address, company name, and phone number.

From Employee Users

Empuls collects HR information that your organization’s HR department provides, which may include:
  • Full name, email address, and phone number
  • Department, reporting structure, and employment start date
  • Birthday and active/inactive status
When employees use the platform, Empuls also collects activity data: survey responses, recognition actions, peer votes, and comments. Empuls uses Google Analytics and Freshdesk for tracking information such as email address, device ID, and IP address.

Payment information

Payment and billing details are collected when your organization subscribes. Empuls does not store raw credit card numbers — all card payments are handled by PCI-compliant third-party payment processors such as Stripe.

Technical and usage data

When anyone accesses Empuls, the platform automatically collects IP addresses, device identifiers, and usage statistics via server log files and cookies. Cookies are used to analyze usage patterns, personalize the experience, and manage service delivery.

How Empuls uses your data

Empuls uses collected data to:
  • Deliver, maintain, and improve the service your organization has configured
  • Process recognition transactions and send related notifications
  • Respond to support requests and resolve technical issues
  • Send security alerts, product updates, and administrative messages
  • Analyze engagement trends and personalize the employee experience
Empuls does not sell or rent personal data to third parties for their direct marketing purposes.

Data sharing

Empuls may share data with:
  • Service vendors and contractors (such as data hosting providers and email delivery services) — governed by Data Processing Addendums and, where applicable, EU Standard Contractual Clauses
  • Law enforcement or courts — only when legally required or in good faith to protect legal rights and safety
  • Acquirers in a business transaction — if Empuls is involved in a merger or acquisition, users are notified if their data will be subject to a different privacy policy

Multi-tenant isolation

Empuls operates a multi-tenant architecture in which each Customer Company’s data is isolated from all other tenants. Client-level encryption keys ensure that your organization’s recognition data, employee records, and survey responses are never accessible to other organizations on the platform.

Data retention

Empuls retains personal data only for as long as necessary to fulfill the purpose for which it was collected, or as required by applicable law. Once data is no longer needed, it is securely deleted or anonymized. Your organization’s contract terms and the applicable retention policy govern specific timeframes.

The Right to Be Forgotten

Employees have the right to request deletion of their personal data. To make a request, email legal-empuls@empuls.io from the account in question. Upon verification, Empuls will process valid deletion requests in accordance with applicable data privacy laws. Employees may also request:
  • Access to their personal data
  • Correction or rectification of inaccurate data
  • Portability of their data
  • Restriction of processing
  • Objection to processing based on legitimate interests

Children’s data

Empuls services are not intended for anyone under 18. Empuls does not knowingly collect data from minors. If you believe a minor’s data has been collected, contact legal-empuls@empuls.io immediately.

Compliance with global privacy regulations

Empuls’s privacy practices are aligned with:
  • GDPR (EU General Data Protection Regulation)
  • CCPA (California Consumer Privacy Act)
  • UK Data Protection Act 2018
  • Australia’s Privacy Act 1988
  • India’s Digital Personal Data Protection Act 2023 (DPDP Act)
California residents have specific rights under CCPA, including the right to know what categories of data have been collected, the right to request deletion, and the right to non-discrimination for exercising these rights.

Policy updates

Empuls may update this privacy policy to reflect changes in legal requirements or business operations. Material changes are communicated by email (where applicable) or via a prominent notice on the platform.
For privacy questions, data subject requests, or to reach the Data Protection Officer, email cs@xoxoday.com. For grievances under India’s DPDP Act, contact the designated Grievance Officer at the same address — complaints will be addressed within legally prescribed timelines.