WORKINVIGILATORWORKINVIGILATOR

Acceptable Use Policy

Effective Date: 12-03-2025

Last Updated: 30-07-2025

1. Purpose and Scope

This Acceptable Use Policy ("AUP") defines permitted and prohibited uses of the Work Invigilator employee monitoring platform ("Services"). This AUP applies to all Clients (organizational administrators), authorized users, and End Users (monitored employees) who access or interact with the Services.

By using the Services, you agree to comply with this AUP. Violations may result in immediate suspension or termination of your account without refund.

This AUP supplements and is incorporated into the Terms of Service. In case of conflict, this AUP prevails regarding usage restrictions.

2. Permitted Uses

The Services are designed exclusively for legitimate business purposes including:

  • Verifying employee presence and work activity during scheduled working hours
  • Measuring workforce productivity and performance metrics
  • Ensuring compliance with company policies and employment agreements
  • Protecting company assets, intellectual property, and confidential information
  • Conducting internal audits and investigations of suspected policy violations
  • Time tracking and attendance verification for payroll purposes
  • Quality assurance and training evaluation

Legal Compliance Required: All monitoring must comply with applicable employment laws, privacy regulations, and surveillance statutes in jurisdictions where End Users are located.

3. Prohibited Uses

3.1 Illegal or Unlawful Activities

Clients shall NOT use the Services to:

  • Violate any local, state, national, or international law or regulation
  • Monitor employees in jurisdictions where such monitoring is illegal without proper authorization
  • Record audio without required consent in all-party or two-party consent jurisdictions
  • Engage in wiretapping, illegal eavesdropping, or unauthorized surveillance
  • Facilitate employment discrimination based on protected characteristics (race, religion, gender, age, disability, etc.)
  • Conduct surveillance in areas where individuals have reasonable expectation of privacy (bathrooms, changing rooms, designated private areas)
  • Retaliate against employees for protected activities (union organizing, whistleblowing, filing complaints)

3.2 Unauthorized Monitoring

Clients shall NOT:

  • Monitor individuals who are not employees, contractors, or workers under Client's authority
  • Monitor employees without providing required notice and obtaining necessary consents
  • Monitor personal devices without explicit informed consent (BYOD scenarios)
  • Continue monitoring after employment termination or contract expiration
  • Monitor employees outside working hours unless explicitly authorized in employment agreements
  • Use monitoring to track employee location beyond IP-based timezone information
  • Monitor legally protected communications (attorney-client privileged, union communications, etc.)

3.3 Privacy Violations

Clients shall NOT use the Services to:

  • Intentionally capture sensitive personal information unrelated to work (medical records, financial data, intimate communications)
  • Share or disclose Monitoring Data to unauthorized third parties
  • Use Monitoring Data for purposes beyond legitimate business interests documented in privacy notices
  • Sell, rent, or monetize employee Monitoring Data
  • Use monitoring to harass, intimidate, or stalk employees
  • Create hostile work environments through excessive or invasive surveillance
  • Bypass or disable employee notification indicators showing monitoring is active

3.4 Misuse of Platform and Infrastructure

Clients shall NOT:

  • Attempt to reverse engineer, decompile, or disassemble the Software
  • Modify, adapt, hack, or create derivative works of the Services
  • Bypass security measures, authentication systems, or access controls
  • Introduce viruses, malware, worms, Trojan horses, or other malicious code
  • Conduct denial-of-service (DoS) attacks or otherwise interfere with Service availability
  • Use automated bots, scrapers, or scripts to access the Services beyond intended functionality
  • Attempt to gain unauthorized access to Company systems, other Client accounts, or backend infrastructure
  • Exceed purchased user licenses or usage limits without upgrading subscription
  • Probe, scan, or test vulnerabilities in the Services without written authorization

3.5 Intellectual Property Infringement

Clients shall NOT:

  • Use the Services to infringe copyrights, trademarks, patents, or trade secrets
  • Remove or alter proprietary notices, watermarks, or branding from the Software
  • Copy, reproduce, or distribute the Services or Documentation to third parties
  • Use captured screenshots containing copyrighted materials in ways that violate copyright law
  • Reverse engineer Company's AI algorithms or productivity scoring methodologies

3.6 Resale and Unauthorized Commercial Use

Clients shall NOT:

  • Resell, sublicense, or redistribute the Services to third parties without written authorization
  • Provide time-sharing or service bureau access to the Services
  • Use the Services to build competing employee monitoring products
  • White-label or rebrand the Services as Client's own product
  • Offer monitoring-as-a-service using Work Invigilator infrastructure

3.7 Discriminatory or Harmful Use

Clients shall NOT use Monitoring Data to:

  • Make employment decisions based solely on automated processing without human review
  • Discriminate against employees based on protected characteristics
  • Create biased productivity benchmarks that disproportionately impact protected groups
  • Punish employees for lawful activities captured during monitoring (protected speech, medical conditions)
  • Target specific employees for heightened surveillance based on discriminatory criteria

3.8 Data Abuse and Misrepresentation

Clients shall NOT:

  • Falsify, manipulate, or tamper with Monitoring Data or timestamps
  • Misrepresent monitoring capabilities to employees or use deceptive practices
  • Use fake or misleading consent forms that don't accurately describe monitoring scope
  • Claim monitoring is "anonymous" when it clearly identifies individual employees
  • Store Monitoring Data in violation of stated retention policies

4. Consent and Notice Requirements

4.1 Mandatory Disclosures

Before deploying the Services, Clients MUST:

Provide clear, written notice to all End Users describing:

  • Types of monitoring conducted (screenshots, audio presence, productivity scoring)
  • Purpose and business justification for monitoring
  • Frequency and duration of monitoring activities
  • Data retention periods and deletion practices
  • How Monitoring Data will be used and who has access
  • End User rights regarding their personal data
  • Obtain explicit written consent for audio monitoring where legally required
  • Display visible on-screen indicators when monitoring is active
  • Allow End Users reasonable opportunity to review and ask questions about monitoring policies
  • Document all consent collection and maintain records for compliance audits

4.2 Prohibited Consent Practices

Clients shall NOT:

  • Obtain consent through coercion, threats, or adverse employment consequences
  • Bury monitoring disclosures in lengthy employment contracts without prominent notice
  • Use pre-checked consent boxes or implied consent for audio surveillance
  • Continue monitoring after consent is withdrawn (unless employment relationship ends)
  • Misrepresent the scope or invasiveness of monitoring in consent forms

5. Data Security and Protection

5.1 Client Obligations

Clients must:

  • Implement strong authentication for admin accounts (multi-factor authentication recommended)
  • Limit admin dashboard access to authorized personnel only (role-based access control)
  • Protect admin credentials and immediately report unauthorized access
  • Regularly review access logs and user permissions
  • Comply with all security recommendations in Documentation
  • Promptly apply software updates and security patches
  • Report suspected security vulnerabilities to security@workinvigilator.com

5.2 Prohibited Security Practices

Clients shall NOT:

  • Share admin credentials across multiple users or store them insecurely
  • Access the Services from compromised or malware-infected devices
  • Use unsecured networks (public Wi-Fi) to access sensitive Monitoring Data without VPN
  • Screenshot or export Monitoring Data to unencrypted storage locations
  • Forward or share Monitoring Data via unencrypted email or messaging platforms

6. Compliance with Laws and Regulations

6.1 Employment and Labor Laws

Clients are solely responsible for compliance with:

  • Fair Labor Standards Act (FLSA) and wage-hour laws
  • National Labor Relations Act (NLRA) protections for concerted activity
  • Occupational Safety and Health Act (OSHA) requirements
  • Americans with Disabilities Act (ADA) reasonable accommodation obligations
  • Equal Employment Opportunity (EEO) and anti-discrimination laws

6.2 Privacy and Surveillance Laws

Clients must comply with:

  • GDPR (EU/EEA): Lawful basis, transparency, data minimization, purpose limitation
  • DPDP Act (India): Valid consent, legitimate purposes, data retention limits
  • ECPA/SCA (USA): Electronic Communications Privacy Act, Stored Communications Act
  • State Wiretapping Laws: California (two-party consent), Connecticut (one-party), etc.
  • State Privacy Laws: CPRA (California), CDPA (Virginia), CPA (Colorado), UCPA (Utah)

Audio Recording Compliance: Many jurisdictions require all-party consent for audio recording. Client must verify legal requirements before enabling microphone monitoring.

6.3 International Data Transfers

For cross-border monitoring, Clients must ensure:

  • Compliance with data localization and transfer restrictions
  • Adequate safeguards for transfers outside EEA (Standard Contractual Clauses)
  • Notification to employees when data is transferred internationally
  • Compliance with blacklist countries under DPDP Act (India)

7. Reporting Violations

7.1 Company Monitoring of Compliance

Company reserves the right to:

  • Monitor Client usage patterns to detect violations of this AUP
  • Investigate suspected AUP violations through account audits
  • Access Client's configuration settings and usage logs
  • Respond to third-party complaints about Client misconduct

8. Enforcement and Consequences

8.1 Investigation Process

Upon detecting or receiving reports of AUP violations, Company may:

  • Suspend access to Services immediately (if imminent harm or legal risk exists)
  • Request clarification and documentation from Client
  • Conduct investigation reviewing usage logs and configuration
  • Provide Client opportunity to respond (except in emergencies)

8.2 Progressive Discipline

Enforcement actions depend on violation severity:

Minor/First Offense:

  • Written warning with requirement to cease violating activity
  • Mandatory review of AUP and compliance obligations
  • 7-day cure period to remediate violations

Moderate/Repeat Offense:

  • Temporary account suspension (7-30 days)
  • No refund for suspended period
  • Mandatory compliance certification before reinstatement
  • Enhanced monitoring of account activity

Severe/Egregious Violation:

  • Immediate permanent account termination
  • No refund of prepaid fees
  • Reporting to law enforcement (if criminal activity suspected)
  • Ban from creating new accounts

8.3 Examples of Severe Violations

Actions warranting immediate termination include:

  • Monitoring employees in violation of court orders or restraining orders
  • Using Services to facilitate stalking, harassment, or abuse
  • Intentionally recording audio in all-party consent states without consent
  • Monitoring individuals outside employment relationship (family members, neighbors, etc.)
  • Selling or publicly disclosing employee Monitoring Data
  • Hacking, exploiting vulnerabilities, or launching attacks against Company infrastructure
  • Using Services for illegal surveillance-for-hire operations

8.4 No Liability for Enforcement

Company is not liable for:

  • Damages resulting from account suspension or termination for AUP violations
  • Loss of Monitoring Data due to enforcement actions
  • Business interruption caused by suspension
  • Third-party claims arising from Client's AUP violations

9. Client Indemnification

Client agrees to indemnify, defend, and hold Company harmless from all claims, damages, losses, and expenses (including attorneys' fees) arising from:

  • Client's violation of this AUP
  • Client's illegal or unauthorized monitoring activities
  • Employment claims or regulatory penalties resulting from Client's misuse
  • Third-party lawsuits based on Client's monitoring practices
  • Data breaches caused by Client's security negligence

10. Updates to This Policy

Company may modify this AUP at any time to:

  • Address new legal requirements or regulatory guidance
  • Respond to emerging misuse patterns
  • Clarify ambiguous provisions
  • Add prohibited uses based on abuse reports

Notice of Material Changes: Company will provide 15 days' advance notice of material changes via email and dashboard notification. Continued use after changes constitutes acceptance.

Non-Material Changes: Minor clarifications, formatting, or examples may be updated without notice. Check this page regularly for updates.

11. Severability

If any provision of this AUP is found invalid or unenforceable, the remaining provisions continue in full effect.

12. No Waiver

Company's failure to enforce any provision of this AUP does not constitute a waiver of that provision or Company's right to enforce it in the future.