StaffSense - Employee Observation Platform

Publication date: 31 October 2025

1. Introduction

This Privacy Policy (“Policy”) explains what personal data is collected and processed by Webalize sp. z o.o, (further referred to as “StaffSense,” “we,” “us”), how we use it, with whom we share it and what rights users have. StaffSense provides a platform that monitors employee activity based on publicly available data, helping HR departments identify signals that may indicate an employee’s intent to leave.

By using our services, visiting our website or otherwise providing us with personal data, you accept the terms of this Policy and our Terms and Conditions. If you do not agree with this Policy, please do not use our services.

2. Scope of this Policy

This Policy applies to the processing of personal data of:

Platform users – individuals acting on behalf of their employers (organisations using the service).
Monitored employees – data relating to public activity (e.g., GitHub, portfolio pages) processed on behalf of our clients, who are responsible for compliance with data‑protection laws.
Visitors to staffsense.it – information collected via cookies and similar technologies.

3. Types of data collected

3.1 Customer account data

When an organisation creates an account with StaffSense, we collect basic data needed to manage the account, such as:

name and surname of the representative,
company details (name, registered address, VAT number),
contact details (email address, telephone number),
billing and payment information (stored by external payment processors),
login credentials and account settings.

3.2 Public employee data

Our services rely on monitoring publicly available information. We do not collect or analyse private accounts or content. Categories of monitored data include:

GitHub activity – information about the creation of new repositories, commits and profile updates.
Search results – detection of new pages or mentions in search engines, such as a new employee portfolio site or an appearance on another company’s team page.
Portfolio updates – modifications of textual content of publically accessible websites.

Collected data is limited to publicly available information and is used solely to inform the client of potential turnover signals. We do not analyse private messages or employee communications.

3.3 Telemetry and analytics data

When you use our website and application, we automatically collect information about your device and user behaviour, such as IP address, browser type, operating system, pages visited, timestamps and cookies. This data helps us maintain security, analyse performance and improve our services.

3.4 Communication data

If you contact us (via email, or telephone), we may process the content of those communications in order to respond to requests and provide support.

4. Purposes and legal bases of processing

We process personal data only when permitted by law. Depending on the context, we may rely on the following legal bases:

Contract performance – to provide the services (create accounts, monitor public data, send alerts, issue invoices).
Legitimate interests – to develop and secure the service, compile statistics and inform clients about new features. We balance our interests against the rights of monitored individuals.
Consent – for example, to send marketing communications or set cookies other than those strictly necessary. You can withdraw your consent at any time.
Legal obligation – when the law requires us to retain accounting records or respond to government requests.

5. Use of data

We use the collected data for the following purposes:

Providing services – monitoring public employee data, creating alerts and delivering an analytics dashboard.
Customer communication – notifying you about service changes, responding to queries and providing technical support.
Development and personalisation – analysing user behaviour to improve the platform, develop new features and tailor the interface.
Compliance – maintaining financial and tax records and ensuring compliance with data‑protection laws.
Marketing – sending updates about new features, promotions and blog posts. We require consent for electronic marketing.

6. Sharing and disclosure of data

We do not sell personal data. We may disclose data only in limited situations:

Sub‑processors and service providers – we use hosting providers, analytics vendors and payment processors. These entities process data under data‑processing agreements.
Legal obligations – we may disclose data to law‑enforcement, courts or regulators if required by law.
Corporate transactions – in the event of a merger, acquisition or sale, we may transfer data to a successor entity, subject to continued protection of the data.

7. Data transfers to third countries

Data may be transferred outside the European Economic Area if we use vendors located in such countries. We implement appropriate safeguards (e.g., standard contractual clauses, adequacy decisions) to ensure a high level of privacy protection.

8. Data security

We implement technical and organisational measures to protect data against unauthorised access, accidental loss or destruction. Despite our efforts, no system is completely immune to threats. If you suspect a breach, please contact us immediately.

9. Data retention

We retain personal data only for as long as necessary to fulfil the purposes of processing or to meet legal obligations. Customer account data is stored for the duration of the subscription and may be archived for the period required by accounting regulations. Data collected from monitoring public profiles is deleted or anonymised when it is no longer needed to provide the service or upon the client’s request.

10. Rights of data subjects

Depending on your jurisdiction, you may have the following rights:

Right of access – to obtain confirmation of whether we process your data and a copy of that data.
Right to rectification – to correct inaccurate or incomplete data.
Right to erasure (“right to be forgotten”) – to request deletion of data if we have no reason to continue processing it.
Right to restriction of processing – to limit processing in certain circumstances.
Right to object – to object to processing based on legitimate interests or for direct marketing.
Right to data portability – to receive data you provided to us in a structured format and transmit it to another controller.
Right to lodge a complaint – in the EU, you may lodge a complaint with the relevant supervisory authority (in Poland: the President of the Personal Data Protection Office).

To exercise your rights, contact us using the details provided in the “Contact” section. Requests concerning monitored data (e.g., modification or deletion of information from GitHub/portfolio) should be directed to the service where the content is published.

11. Cookies and similar technologies

Our website may use cookies and similar technologies (e.g., tracking pixels, local storage) to deliver and improve the services, analyse traffic and customise content. You can manage cookie settings in your browser. Detailed information is provided in the cookie banner on the website.

12. Children’s data

StaffSense’s services are not directed at children under 18 years of age. We do not knowingly collect data about children. If you learn that a child has provided us with data, please contact us and we will delete it without undue delay.

13. Changes to this Policy

This Policy may be updated periodically due to changes in laws, market practices or features of our services. We will notify you of significant changes via email or a banner on the website. Continued use of the services after the changes take effect constitutes acceptance of the updated Policy.

14. Contact

If you have any questions about this Policy or how we process data, please contact us:

Email: contact@staffsense.com
Telephone: +48 789 243 519
Postal address: Plac Bankowy 2, 00-095 Warsaw, Poland

The controller of your personal data is Webalize sp. z o.o. registered in Poland under VAT-ID number PL5252811769 and KRS 0000822439.