Regulatory Frameworks
1. Compliance Overview
Tracknesty is built with compliance in mind. This page outlines our stance on key regulatory frameworks and helps you understand your obligations when using employee monitoring software. Compliance is a shared responsibility. Tracknesty provides the tools and infrastructure — you are responsible for ensuring your specific use of the platform complies with the laws applicable to your jurisdiction and industry.
2. Employer Compliance Obligations
When deploying employee monitoring software, employers typically must: • Notify employees of monitoring before it begins (required in most jurisdictions) • Establish a lawful basis for monitoring (GDPR, employment law) • Have a written workplace monitoring policy • Only monitor company-owned or company-managed devices • Limit monitoring to what is proportionate and necessary • Respond to employee data subject requests within required timeframes • Maintain records of processing activities (GDPR Article 30) The specific requirements vary by country, state, and industry. We strongly recommend consulting an employment lawyer or HR specialist familiar with monitoring laws in your jurisdiction before deploying Tracknesty.
3. Jurisdiction-Specific Notes
Different regions have different rules for employee monitoring: 🇪🇺 European Union / EEA — GDPR applies. Monitoring must have a lawful basis, employees must be notified, and data minimisation principles must be followed. 🇬🇧 United Kingdom — UK GDPR and the Data Protection Act 2018. The ICO has published specific guidance on monitoring at work. 🇺🇸 United States — No single federal law, but state laws vary significantly. Some states (e.g., Connecticut, Delaware, New York) require advance written notice of electronic monitoring. 🇦🇺 Australia — Privacy Act 1988 applies. Employee monitoring is generally permitted on company equipment with adequate disclosure. 🇵🇰 Pakistan / 🇮🇳 India / 🇵🇭 Philippines — BPO sector-specific rules apply. Generally more permissive than EU law but employer policies and employee contracts should document monitoring. This list is not exhaustive. Always verify local requirements.
4. Recommended Monitoring Policy
We recommend that every organisation using Tracknesty establishes a written Employee Monitoring Policy that covers: • Purpose of monitoring (productivity, security, fraud prevention) • Types of data collected (screenshots, activity logs, attendance, browser URLs) • Devices monitored (company-owned Windows devices only) • Data access controls (who can view monitoring data and at what level) • Retention schedule (how long monitoring data is kept) • Employee rights and how to exercise them • Consequences of disabling or circumventing monitoring The policy should be signed by each employee before monitoring begins and reviewed annually.
5. Data Residency
Because Tracknesty is a self-hosted platform, you choose where your data is stored. Your monitoring data (screenshots, logs, attendance) is stored on your own server or VPS — Tracknesty does not host it. This gives you full control over data residency. If your employees are in the EU and you need to maintain data within the EU, simply host your backend on an EU-based server. We do not mandate a specific hosting provider or region.
6. Incident Response
In the event of a data breach or security incident affecting your Tracknesty deployment: • Immediately revoke compromised credentials via the admin dashboard • Notify affected employees as required by applicable law (GDPR requires notification within 72 hours if there is a risk to data subjects) • Contact support@tracknesty.com for technical assistance • Document the incident and your response for compliance records GDPR breach notification requirements: if you experience a personal data breach, you may be required to notify your supervisory authority within 72 hours of becoming aware of it.
7. Compliance Questions
For compliance inquiries, DPA requests, or regulatory assistance: Email: support@tracknesty.com Response time: within 3 business days