Ligo Inc. ("Ligo", "we", "our", or "us") operates the Ligo people management platform, accessible at ligo.pieceworks.io and app.ligo.pieceworks.io (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. Please read it carefully.
By accessing or using the Service, you agree to this Privacy Policy. If you do not agree, please discontinue use immediately.
1. Information We Collect
1.1 Information You Provide
When you create an account, configure your workspace, or contact us, we may collect:
- Account data — name, work email address, password (hashed), company name, and role.
- Employee records — data that your organisation inputs into the platform, including employee names, job titles, departments, employment dates, salary bands, and contact details.
- Leave & attendance data — leave requests, approvals, leave balances, clock-in/clock-out records, and timesheets.
- Performance data — review cycles, goals, ratings, and written feedback submitted through the Performance module.
- Expense data — expense claims, receipts, amounts, and reimbursement statuses submitted through the Expenses add-on.
- Payment data — billing address and payment method (processed securely by our payment processor; we do not store full card numbers).
- Communications — messages or attachments you send us via support channels or contact forms.
1.2 Information Collected Automatically
When you use the Service, we automatically collect:
- Log data — IP address, browser type, operating system, referring URLs, pages visited, and timestamps.
- Device data — hardware model, unique device identifiers, and mobile network information.
- Usage data — feature interactions, session duration, and error events to help us improve the platform.
- Cookies & similar technologies — session cookies, persistent cookies, and local storage to maintain your login state and preferences. See Section 8 for more detail.
1.3 Information From Third Parties
We may receive limited information from third-party integrations you enable (e.g., calendar or single sign-on providers), consistent with those providers' privacy policies and your authorisation.
2. How We Use Your Information
We use the information we collect to:
- Provide, operate, and maintain the Service and all modules you have subscribed to.
- Process transactions and send billing receipts and invoices.
- Send onboarding emails, product updates, security alerts, and administrative notices.
- Respond to support tickets and other enquiries.
- Monitor and analyse usage trends to improve platform performance and user experience.
- Detect, investigate, and prevent fraudulent transactions, abuse, and other illegal activities.
- Comply with legal obligations.
- With your consent, send marketing communications about new features, plans, or Ligo events. You can opt out at any time via the unsubscribe link in any marketing email.
We do not sell your personal data, nor do we use employee records stored in your workspace for advertising purposes.
3. Sharing & Disclosure
We do not share, sell, or rent your personal information to third parties for their own marketing. We may share information in the following limited circumstances:
3.1 Service Providers
We engage trusted third-party vendors to help us operate the Service, including cloud hosting, payment processing, email delivery, error monitoring, and customer support tooling. These providers access data only as necessary to perform services on our behalf and are bound by confidentiality obligations.
3.2 Your Organisation
Ligo is a B2B platform. If you use Ligo through your employer or an organisation that has subscribed to Ligo, your employer (as the "Account Owner") may access data you input, including attendance records, leave history, and performance reviews, in accordance with their own policies. We are a data processor on behalf of that organisation for such data.
3.3 Legal Requirements
We may disclose your information if required to do so by law, court order, or regulatory authority, or if we believe in good faith that such disclosure is necessary to protect the rights, property, or safety of Ligo, our users, or the public.
3.4 Business Transfers
In the event of a merger, acquisition, or sale of all or a portion of our assets, personal data may be transferred as part of that transaction. We will notify you before your data becomes subject to a materially different privacy policy.
4. Data Security
We implement industry-standard safeguards to protect your information:
- Encryption at rest and in transit — all data is encrypted using AES-256 at rest and TLS 1.2+ in transit.
- Role-based access control (RBAC) — access to data is restricted to authorised personnel and role-scoped within your workspace.
- Regular security audits — we conduct periodic vulnerability assessments and penetration tests.
- Incident response — we maintain a documented incident response plan and will notify affected users within 72 hours of a confirmed data breach affecting their personal data.
No method of transmission or storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.
5. Data Retention
We retain your personal data for as long as your account is active or as needed to provide the Service. If you close your account, we will delete or anonymise your personal data within 90 days, except where we are required to retain it longer for legal or regulatory reasons. Employee records managed by your organisation are subject to that organisation's retention policy.
6. Your Rights
Depending on your location, you may have the following rights with respect to your personal data:
- Access — request a copy of the personal data we hold about you.
- Correction — ask us to correct inaccurate or incomplete data.
- Deletion — request erasure of your personal data ("right to be forgotten"), subject to legal retention obligations.
- Portability — receive your data in a structured, machine-readable format.
- Restriction — ask us to restrict processing of your data in certain circumstances.
- Objection — object to processing based on our legitimate interests.
- Withdrawal of consent — where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, email us at privacy@ligo.pieceworks.io. We will respond within 30 days. If you are an employee whose data is managed by your employer's Ligo workspace, please contact your employer first — they are the data controller for that data.
7. International Data Transfers
Ligo is operated from servers located in the United States and the European Union. If you access the Service from outside these regions, your information may be transferred to and processed in jurisdictions with different data protection laws. We implement appropriate safeguards (such as Standard Contractual Clauses) for any international transfers of personal data.
8. Cookies
We use the following types of cookies:
- Strictly necessary — required for the Service to function (e.g., authentication tokens).
- Analytical / performance — help us understand how users interact with the platform so we can improve it. Data is aggregated and anonymised where possible.
- Functional — remember your preferences (e.g., language, timezone).
You can control cookies through your browser settings. Disabling strictly necessary cookies will impair your ability to use the Service.
9. Children's Privacy
The Service is intended for business use by individuals aged 18 and over. We do not knowingly collect personal data from children under 13. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.
10. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a prominent notice in the Service at least 14 days before the change takes effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.
11. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact: