Frequently Asked Questions

As an admin, navigate to the Dashboard > Employees section. Click the 'Add Employee' button and fill in the required information. The employee will receive an email invitation to join your organization. You can add employees based on your current plan limits.

By default, employees must submit their time off reports by the 20th of each month. This deadline ensures timely processing for salary calculations by the 25th. As an admin, you can customize this deadline date for your organization in the Organization Settings.

Navigate to Dashboard > Reports to access comprehensive time off reports. You can filter by date range and specific employees, view visual charts of time off patterns, and export reports in CSV or PDF formats. All exports are logged for audit purposes and can be accessed in the Report History section.

Daybase offers four user roles: Global Admin (can manage all organizations), Admin (can manage their organization), Viewer (read-only access to organization data), and Employee (can submit their own time off). Each role has specific permissions aligned with their responsibilities in the system.

Daybase offers Free, Standard, Team, and Enterprise plans with different pricing and features. You can choose monthly or annual billing (with savings up to 17%). The Free plan supports up to 2 employees, Standard up to 5, Team up to 20, and Enterprise offers unlimited users. You can change your plan at any time from Dashboard > Billing > Change Plan.

Daybase implements comprehensive GDPR measures including secure data storage, Row Level Security (RLS) for data access control, data export functionality, and the right to be forgotten. All data processing activities are logged, and we provide tools for data portability and consent management.

Yes, admins and global admins can export organization data in JSON, CSV, or ZIP formats. Navigate to Dashboard > Organization > Export Data. The export includes all employee records, time off submissions, and organization settings. Rate limits apply to prevent system abuse.

Daybase automatically sends reminder notifications to employees as the monthly deadline approaches. Employees receive notifications at 10 days, 5 days, and 1 day before the deadline. Admins can customize notification settings in the Organization Settings.

Navigate to Dashboard > Submit Time Off. Enter the number of vacation and illness days taken for the current month, provide any necessary details, and click 'Submit'. You must submit your report by the organization's deadline (typically the 20th of each month).

If you miss the submission deadline (typically the 20th of each month), you'll need to contact your administrator to submit your time off report. The system prevents submissions after the deadline to ensure timely processing for payroll.

Go to Dashboard > History to view all your past time off submissions. You can filter by date range and export your history in CSV or PDF format for your records. The history shows both vacation and illness days taken each month.

No, once submitted, you cannot edit your time off report for the month. This ensures data integrity for payroll processing. If you need to make corrections, contact your administrator who can make adjustments on your behalf.

Your remaining vacation days are displayed on your Dashboard and in the Submit Time Off section. The system automatically calculates your balance based on your starting balance, annual entitlement, and days taken throughout the year.

Daybase is fully GDPR compliant. Your personal data is securely stored and only accessible to authorized personnel. You have the right to access, correct, or request deletion of your data. You can export your personal data in JSON or CSV format from your account settings.

Yes, Daybase automatically sends reminder notifications as the monthly deadline approaches. You'll receive notifications at 10 days, 5 days, and 1 day before the deadline to ensure you don't miss the submission window.

Daybase employs industry-standard encryption protocols at multiple levels: 1) All data in transit is protected using TLS 1.3 encryption, 2) Sensitive data at rest is encrypted using AES-256 encryption, 3) Database backups are encrypted before storage, and 4) Authentication credentials are hashed using bcrypt with appropriate salt rounds. Additionally, all API communications between the client and server are secured with HTTPS.

Daybase maintains a comprehensive backup strategy to ensure data integrity and availability: 1) Automated daily backups of all database content, 2) Point-in-time recovery capabilities allowing restoration to any moment within the past 7 days, 3) Weekly full backups retained for 90 days, 4) Monthly backups archived for 7 years for compliance purposes, and 5) Regular backup restoration tests to verify data integrity. All backups are encrypted and stored in geographically distributed locations.

In the event of a data breach, Daybase follows a strict notification protocol: 1) All affected users will be notified within 72 hours of breach confirmation, 2) Detailed information about the nature of the breach, data potentially affected, and steps taken to mitigate impact will be provided, 3) Relevant data protection authorities will be notified in accordance with GDPR and other applicable regulations, 4) Regular updates will be provided as the investigation progresses, and 5) Post-incident, a comprehensive report will be shared with affected organizations detailing preventive measures implemented.

Daybase implements multiple layers of authentication security: 1) Passwords are never stored in plaintext but are hashed using industry-standard algorithms, 2) Multi-factor authentication (MFA) is available and encouraged for all user accounts, 3) Automatic account lockout after multiple failed login attempts to prevent brute force attacks, 4) Session timeouts after periods of inactivity, 5) Secure password reset procedures with time-limited tokens, and 6) Regular security audits of authentication systems.

Daybase's infrastructure is hosted in enterprise-grade data centers with comprehensive physical security measures: 1) 24/7 on-site security personnel, 2) Biometric access controls and multi-factor authentication for facility access, 3) CCTV monitoring of all access points and server areas, 4) Environmental controls including fire suppression, flood protection, and climate control, 5) Redundant power supplies with UPS and generator backup, and 6) Regular third-party security audits and compliance certifications.

Daybase undergoes regular third-party security assessments to ensure robust protection: 1) Annual penetration testing by certified security professionals, 2) Quarterly vulnerability assessments of all systems and applications, 3) Regular code security reviews during the development process, 4) Compliance audits for relevant standards including SOC 2, ISO 27001, and GDPR, 5) Bug bounty program to encourage responsible disclosure of security vulnerabilities, and 6) Transparent sharing of security assessment summaries with enterprise customers upon request.

Daybase implements strict data retention policies: 1) Active account data is retained as long as the account remains active, 2) After account closure, personal data is retained for 90 days before being permanently deleted (unless otherwise requested), 3) Anonymized statistical data may be retained for longer periods for analytical purposes, 4) Financial records are retained for 7 years to comply with tax and financial regulations, 5) Audit logs are retained for 2 years to support security investigations, and 6) Customers can request immediate data deletion at any time in accordance with GDPR rights.

Daybase follows secure software development lifecycle (SDLC) practices: 1) Security requirements are defined at the project inception phase, 2) Regular security training for all development team members, 3) Static and dynamic code analysis tools integrated into the CI/CD pipeline, 4) Regular dependency scanning for known vulnerabilities, 5) Separation of development, testing, and production environments, 6) Principle of least privilege applied to all system access, and 7) Comprehensive code review process with security-focused checkpoints before deployment.