Privacy Policy

Veda App is built and operated by Wonkrew (Satz Venture Nurturers Pvt Ltd), registered in Chennai, India. The first tenant in production is Veda Pile Foundation. The same app codebase serves additional pile-foundation contractors on a per-tenant basis.

Each contractor (your employer) is the data controller for the information you enter in the app under their tenant. Wonkrew is the data processor running the app on the contractor's behalf.

We only collect what is needed for the specific feature you use:

• Account. Your name, employee code, email, phone, role assignment, and a hashed password. Created by your administrator; you cannot self-register.
• Attendance. Check-in / check-out timestamp, shift, GPS coordinates and a Plus Code at the moment you tapped check-in, and a selfie taken with the front camera at that exact moment (no gallery uploads). The selfie is for background verification - we do not run face recognition.
• Pile logs / site activity. Pile numbers, machine status, materials consumed, and any photos you take of the activity.
• Expenses + fuel. Receipts and amounts you submit for approval, including the bill image.
• Device + app diagnostics. When you sign in on the mobile app, we record a non-resettable device identifier (generated and stored in your device's secure keystore), device model name, OS platform, app version, and IP address. This is used to enforce the one-active-device login rule and to debug crashes.
• Crash + analytics. Anonymised crash reports (Sentry) and product-analytics events (PostHog) that help us fix bugs and improve the app. These do not capture your password or payment information.

We do not read your contacts, SMS, call logs, photo library (we use the live camera only), or any unrelated on-device data. We do not access IMEI or SIM card details - modern mobile OS versions disallow this for apps like ours.

• To verify that the person checking in is the same employee (the selfie + GPS at the moment of check-in).
• To produce attendance, productivity, payroll, and project reports for your employer.
• To enforce security: one active mobile session per user, forced app updates, and admin approval for device changes.
• To deliver push notifications about approvals you are waiting on, with a fallback to email and in-app polling so you do not depend on push being reliable.
• To respond to support requests and debug problems.

• Database. Self-hosted Postgres on Hetzner (Germany / Helsinki) running in our private VPC. Encrypted at rest by the host's disk encryption and protected by row-level security so one tenant cannot see another tenant's data.
• Photos + receipts. Cloudflare R2 (object storage). Files are retrieved via short-lived signed URLs issued by our API after permission checks.
• Backups. Daily Postgres dumps to Cloudflare R2 (14-day hot retention) and Backblaze B2 (cold archive, 12-month retention).
• Push tokens. Stored on our database; the push payload itself is delivered by Apple (APNs) and Google (FCM) to your device. We never send sensitive content in push - just a short notification title.

• You. Your own attendance, expenses, and activity.
• Your administrators / HR. Their tenant's data, scoped by role.
• Wonkrew engineers. Only when troubleshooting an issue you or your administrator has raised, and under a confidentiality agreement.
• Sub-processors. Hetzner (hosting), Cloudflare (R2, CDN, DNS), Backblaze (B2 archive), ZeptoMail (email), Sentry (crash reports), PostHog (product analytics), Apple APNs, Google FCM, and Google Maps (geocoding). They never receive marketing access to your data.

• Operational records (attendance, piles, expenses, audit log): kept as long as your employer's contract with Wonkrew is active. Audit log rows are append-only.
• Backups: 14 days hot (R2) + 12 months cold (B2).
• Crash + analytics: 30 days raw, then aggregated.
• Inactive accounts: deactivated by your administrator; permanent deletion on contract termination unless local labour law requires longer retention.

You can ask your administrator to export, correct, or delete your records. If your administrator is unresponsive, write to satish@wonkrew.com and we will respond within 30 days. Indian residents have the additional rights granted by the Digital Personal Data Protection Act, 2023.

The app is a workplace tool and is not intended for anyone under 18. Accounts are issued only by your employer's administrator.

We will update this page when material changes happen. The "Last updated" date at the top reflects the latest revision. We will notify administrators of significant changes by email.

Wonkrew, Chennai, India.
Email: satish@wonkrew.com