Legal

Privacy policy

Last updated: 28 May 2026

T&C Technologies LTD ("we", "us", "our") respects your privacy. This Privacy Policy explains how we collect, use, share, and protect personal information when you use the Momentumpro platform ("Service"). It complements our Terms of service.

We are committed to processing personal data in a way that respects user privacy and complies with applicable data protection laws including the EU General Data Protection Regulation (GDPR) and Israeli Privacy Protection Law 5741-1981.

1. Roles

For the personal data of employees of our Customers, our Customers (the organizations subscribing to Momentumpro) are the data controllers and we act as the data processor. The Customer determines what data is collected, how long it's retained, and the lawful basis for processing.

For personal data we collect directly from website visitors and account administrators (e.g. through our marketing site, contact form, or billing portal), we are the data controller.

2. Information we collect

From visitors and prospective customers

  • Contact information you submit via our contact or trial signup form (name, email, company, phone, message);
  • Technical data automatically collected from your browser (IP address, user agent, page-view timestamps);
  • Cookie data as described in our Cookie policy.

From Customers and their Users

  • Account credentials (email, hashed password, two-factor secrets where enabled);
  • Profile data the User chooses to add (name, phone, avatar, language preference);
  • Authentication metadata (login timestamps, IP, device type, browser);
  • Audit-log data (records of changes Users make to data within the Service);
  • Content uploaded by the Customer (employee records, documents, vendor data, etc. — entirely controlled by the Customer);
  • Billing data for paying Customers (company name, billing address, tax ID, last 4 of payment card via our payment processor — we never store full card numbers).

3. How we use information

  • Provide the Service: authenticate Users, store and serve Customer Content, deliver notifications, process payments;
  • Communicate: respond to support requests, send service updates, security alerts, billing notices, and (with consent) product newsletters;
  • Improve the Service: analyze usage trends in aggregate (no individual profiling), debug, prevent fraud and abuse;
  • Improve the Mia assistant: conversations with the Mia AI assistant (including voice transcripts) are stored as part of the Service and may be reviewed by authorised Momentumpro staff to diagnose errors and improve answer quality — primarily conversations a User has flagged with the in-app feedback buttons. They are never used to train third-party AI models, never shared with advertisers, and are deleted per our retention schedule. Customers can request that their organisation's conversations be excluded from review via info@momentumpro.pro;
  • Comply with legal obligations: tax records, court orders, regulatory requirements.

We do not sell personal data, share it with advertisers, or use Customer Content to train machine-learning models.

4. Legal bases for processing (GDPR)

  • Contract: processing necessary to deliver the Service to which you've subscribed;
  • Legitimate interest: securing the Service, preventing abuse, improving features (balanced against your rights);
  • Consent: marketing communications, optional cookies, where required by law;
  • Legal obligation: tax records, anti-fraud measures, responding to lawful requests.

5. Sharing & disclosure

We share personal data only with:

  • Sub-processors who help us operate the Service: hosting (Hetzner Online GmbH, Germany), email delivery (Postmark / Amazon SES), payment processing (Lemon Squeezy), error tracking (Sentry). All sub-processors are bound by data-processing agreements and equivalent confidentiality obligations.
  • Customers — we share authentication metadata and User activity within the Customer's own tenant. Cross-tenant data is never shared.
  • Legal authorities when required by law, court order, or to protect rights, property, or safety. We notify the affected Customer unless legally prohibited.
  • Successor entities in the event of a merger, acquisition, or asset sale — your data will be subject to a privacy policy at least as protective as this one.

A current list of sub-processors is available on request from info@momentumpro.pro.

6. International transfers

Our primary servers are located in Germany (EU). For sub-processors located outside the EU/EEA, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, or other transfer mechanisms recognized under GDPR.

7. Data retention

  • Active subscription: we retain Customer Content for the duration of your subscription;
  • After cancellation: Customer Content is retained for 30 days (allowing recovery), then permanently deleted. Backups purged within 90 days;
  • Audit logs: retention varies by plan (90 days on Starter, 1 year on Professional, 7 years on Enterprise);
  • Billing records: retained for 7 years for tax and accounting compliance;
  • Support correspondence: 3 years.

8. Your rights

Under GDPR and Israeli law, you have the right to:

  • Access the personal data we hold about you;
  • Rectify inaccurate or incomplete data;
  • Erase your personal data ("right to be forgotten");
  • Restrict or object to certain processing;
  • Data portability — receive your data in a structured, commonly used format;
  • Withdraw consent at any time where processing is based on consent;
  • Lodge a complaint with your local supervisory authority (in Israel: PPA — Privacy Protection Authority).

For Customer Users: most of these rights are exercised through your Customer's HR or admin team, since they control your account. Use the in-app Privacy Centre to download your data or request deletion.

For account administrators and direct customers: contact info@momentumpro.pro and we'll respond within 30 days.

9. Security

We implement appropriate technical and organizational measures to protect personal data, including:

  • Encryption of data in transit (TLS 1.2+) and at rest;
  • Per-tenant database isolation;
  • Hashed and salted password storage (bcrypt);
  • Role-based access controls and least-privilege principles;
  • Regular automated backups;
  • Activity logging and security monitoring;
  • Annual security reviews.

No system is perfectly secure. In the unlikely event of a breach affecting your personal data, we will notify you and the relevant supervisory authorities within 72 hours of becoming aware, as required by law.

10. Children's privacy

The Service is not directed to children under 16. We do not knowingly collect personal data from children. If you believe we've inadvertently collected such data, please contact us and we'll delete it.

11. Cookies & tracking

See our separate Cookie policy.

12. Momentumpro mobile app

The Momentumpro mobile app for Android and iOS (package pro.momentumpro.app) is an additional way for Users to access their organization's Momentumpro tenant. The data practices described above apply to the mobile app, with the following mobile-specific clarifications.

12.1 Data the mobile app collects

  • Account credentials & session tokens. Email and password are submitted only to your organization's Momentumpro server over TLS. We store the resulting session token in the device's secure storage (Android Keystore / iOS Keychain). Passwords are never stored on the device.
  • Profile information you choose to provide in the in-app profile editor (display name, phone, address). Sent to your organization's server.
  • Approximate and precise location, only when you tap "Clock in" or "Clock out", and only if your organization has enabled location-stamped attendance. The single GPS reading is attached to the punch record and sent to your organization's server. The app does not collect background location and does not track movement between punches.
  • Camera and photo library access, only when you tap a feature that uses the camera (e.g. "Snap receipt" for expenses, "Upload document"). Captured images are uploaded to your organization's server. No images are sent anywhere else.
  • Biometric authentication data (fingerprint or FaceID). Biometric matching happens entirely on your device's secure enclave; biometric templates never leave the device and are never transmitted to us or to any third party. The app receives only a yes/no result.
  • Push notification token (Firebase Cloud Messaging). Registered with Google's FCM service and stored on your organization's server so we can deliver notifications about approvals, tickets, attendance reminders, and announcements. You can revoke this at any time by signing out or disabling notifications in your device settings.
  • Device and app metadata sent with each request: app version, OS version, device model, language preference. Used for compatibility and debugging.
  • Crash and error reports via Sentry. Includes the stack trace, breadcrumbs (in-app navigation events), and device model. We strip identifiers and access tokens from these reports before transmission.
  • Locally cached data: a copy of recently viewed items (announcements, tickets, payslips, documents you've opened) is kept on the device to speed up subsequent opens and to support offline read. The offline clock-in queue stores pending punches until network is available. All of this is removed when you sign out, uninstall the app, or clear app data.

12.2 Data the mobile app does NOT collect

  • Contacts, call logs, SMS, calendar, microphone audio, photos beyond what you explicitly capture or pick.
  • Advertising identifiers — the app contains no third-party advertising SDKs and shows no ads.
  • Browsing history outside the app.
  • Background location, step count, or any continuous sensor data.

12.3 Third parties the app talks to

  • Your organization's Momentumpro server (typically {your-org}.momentumpro.pro) — for all business data.
  • Google Firebase Cloud Messaging — to deliver push notifications. Subject to Google's privacy policy.
  • Sentry (Functional Software, Inc.) — for crash and error reporting only. We have a data-processing agreement in place.

The mobile app does not share data with advertisers, data brokers, or analytics vendors beyond crash reporting.

12.4 Permissions and how to revoke them

The app requests Android and iOS runtime permissions only when a feature that requires them is used. You can revoke any permission at any time from your device settings (Android: Settings → Apps → Momentumpro → Permissions; iOS: Settings → Momentumpro). Revoking a permission disables the matching feature but does not delete already-stored data.

12.5 Account & data deletion from the mobile app

You can sign out at any time from the in-app profile sheet. Signing out clears the session token, the offline punch queue, and locally cached data from the device.

To delete your account and associated personal data: open the in-app profile sheet → "Privacy & data" → "Request account deletion". This sends a request to your organization's administrator (your employer controls the account). If you no longer have access to the app, you can also email info@momentumpro.pro with your organization's name and registered email, and we will forward your request to the organization's administrator and confirm completion within 30 days.

Note: because the Service is operated for organizations (your employer), individual account deletion typically requires the organization's confirmation. Tax, audit, and legal-hold records may be retained after deletion as described in section 7 above.

12.6 Children

The mobile app is intended for use by employees, contractors, and authorized personnel of organizations that have subscribed to the Service. It is not directed to and is not intended for use by children under 16.

13. Updates to this policy

We may update this Privacy Policy occasionally. Material changes will be communicated via email and an in-app notice at least 30 days before taking effect.

14. Contact

Privacy questions or requests: info@momentumpro.pro
Postal: T&C Technologies LTD · Hizma Street 7, Beit Hanina, Jerusalem, Israel


If anything in this document is unclear, email us at info@momentumpro.pro and we'll explain.

Operated by T&C Technologies LTD · Hizma Street 7, Beit Hanina, Jerusalem, Israel · Company Reg. 516092582

Cookies & analytics

We use essential cookies to keep you signed in, plus optional analytics (Microsoft Clarity) to see how the site is used and improve it. No advertising trackers. Cookie policy.