Your Privacy Matters: AttendUX is committed to protecting your privacy and ensuring the security of your personal and biometric data. This policy explains how we collect, use, and protect your information.
1. Information We Collect
1.1 Biometric Data
Face Recognition Data:
- Facial geometry measurements for attendance verification
- Biometric templates (mathematical representations, not actual photos)
- Face detection confidence scores
Military-Grade Encryption
Local Device Storage
No Cloud Backup
1.2 Location Data
GPS Information:
- Check-in/check-out location coordinates
- Geofencing verification data
- Location accuracy measurements
- Time zone information
1.3 Personal Information
- Employee name and ID
- Work schedule information
- Attendance records and timestamps
- Payroll calculation data
- Company and branch assignments
1.4 Technical Data
- Device information (model, OS version)
- App usage analytics
- Error logs and crash reports
- Network connectivity status
2. How We Use Your Information
2.1 Primary Business Purposes
- Attendance Tracking: Record employee check-in/check-out times
- Identity Verification: Prevent buddy punching and time theft
- Payroll Processing: Calculate wages, overtime, and deductions
- Location Verification: Ensure employees are at designated work locations
- Reporting: Generate attendance and productivity reports
2.2 Operational Purposes
- App functionality and performance optimization
- Technical support and customer service
- Security monitoring and fraud prevention
- Compliance with labor laws and regulations
3. Data Storage and Security
3.1 Biometric Data Protection
Maximum Security Standards:
- AES-256 Encryption: All biometric data is encrypted using military-grade encryption
- Local Storage Only: Face recognition data never leaves your device
- No Cloud Backup: Biometric templates are not stored in cloud servers
- Automatic Deletion: Data is deleted when employee account is removed
3.2 Server Data Security
- SSL/TLS encryption for all data transmission
- Regular security audits and penetration testing
- Access controls and user authentication
- Automated backup systems with encryption
- SOC 2 Type II compliance standards
4. Data Sharing and Disclosure
4.1 We DO NOT Share Your Data With:
- Third-party advertisers
- Social media platforms
- Data brokers or marketing companies
- Government agencies (except as legally required)
4.2 Limited Sharing for Business Operations:
- Authorized HR Personnel: Access to attendance and payroll data
- Payroll Processors: Salary calculation data (encrypted)
- Legal Compliance: When required by court order or legal process
- Service Providers: Vetted partners with strict confidentiality agreements
5. Your Rights and Choices
5.1 Employee Rights
- Access: View all your personal data we have collected
- Correction: Update incorrect or incomplete information
- Deletion: Request removal of your data (subject to legal retention requirements)
- Portability: Receive your data in a standard format
- Opt-out: Disable certain features (may affect app functionality)
5.2 Biometric Consent
Important: You must provide explicit consent before using face recognition features. You can withdraw consent at any time, though this may affect attendance tracking functionality.
6. Data Retention
6.1 Retention Periods
- Biometric Data: Deleted immediately upon employee termination
- Attendance Records: Retained for 7 years for payroll compliance
- Location Data: Retained for 3 years for verification purposes
- Personal Information: Retained as required by local labor laws
7. International Data Transfers
If your company operates internationally, we may transfer data across borders using:
- Standard Contractual Clauses (SCCs)
- Adequacy decisions by data protection authorities
- Your explicit consent for specific transfers
- Encryption and security safeguards during transfer
8. Children's Privacy
AttendUX is designed for workplace use by employees 18 years and older. We do not knowingly collect personal information from children under 18. If you become aware that a child has provided us with personal information, please contact us immediately.
9. Third-Party Services
AttendUX may integrate with:
- Payroll Systems: For salary processing
- HR Management Platforms: For employee data synchronization
- Analytics Services: For app performance monitoring
- Cloud Storage: For non-biometric data backup
Each integration follows strict data protection agreements and privacy standards.
10. Updates to Privacy Policy
We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will:
- Notify you via app notification for significant changes
- Email administrators for policy updates
- Post updates on our website
- Require re-consent for material changes affecting biometric data
11. Legal Basis for Processing
We process your personal data based on:
- Employment Contract: Attendance tracking for payroll
- Legitimate Interest: Preventing time theft and ensuring workplace security
- Explicit Consent: Biometric data processing
- Legal Obligation: Compliance with labor laws and tax regulations
12. Data Breach Response
In the unlikely event of a data breach, we will:
- Notify affected users within 72 hours
- Report to relevant data protection authorities
- Provide detailed information about the breach
- Implement additional security measures
- Offer identity protection services if needed
13. Compliance Certifications
GDPR Compliant
CCPA Compliant
SOC 2 Type II
ISO 27001
BIPA Compliant
Last Updated: October 28, 2025
Effective Date: November 1, 2025
Version: 2.0