Smart Attendance App Privacy Policy

Effective Date: October 09, 2023

Your privacy is important to us. This Privacy Policy explains how we collect, use, disclose, and retain your information, including biometric data, when you use the Smart Attendance Application.

1. Introduction

We are committed to protecting your personal and biometric data in compliance with applicable laws, including the General Data Protection Regulation (GDPR) and Apple's App Store Review Guidelines.

2. Data We Collect

• Personal Information: Name, address, email and phone number
• Biometric Data: Facial recognition data in the form of facial embeddings derived from images submitted during enrollment.
• Attendance Data: Check-in and check-out timestamps, geolocation (if enabled), and device used to mark attendance.
• Device & Usage Information: Device type, OS version, browser details, IP address, and access logs.

3. How We Use Your Information

Facial data is used solely for biometric authentication during attendance logging. Specifically, it is used to:

• Enroll a user by converting a submitted image into a facial embedding.
• Match facial data during check-in with stored embeddings to verify identity.

Facial data is not used for marketing, analytics, or user profiling.

Other collected information is used to:

• Record and manage attendance.
• Monitor work hours and punctuality.
• Provide analytics to authorized personnel.
• Ensure system integrity and prevent misuse.
• Improve system performance and user experience.

4. Facial Data Usage Summary

4.1 What face data does the app collect?

We collect facial recognition data in the form of facial embeddings, which are mathematical representations of a user’s face created from images submitted during enrollment or check-in.

4.2 Planned uses of collected face data

Facial embeddings are used only for biometric authentication when logging attendance. They allow us to:

• Generate a facial embedding from a submitted image during user enrollment.
• Match a user’s face during check-in with their stored embedding to verify identity.

Facial data is not used for advertising, analytics, profiling, or AI model training.

4.3 Is face data shared with third parties?

No, we do not sell or share face data with advertisers or external data brokers. Face data is accessed only by:

• Authorized HR or system administrators within the organization.
• Third-party service providers (if any) who are contractually bound to use the data only for secure storage or matching, under strict confidentiality agreements.

4.4 Where is face data stored?

All facial data is stored on encrypted, access-controlled servers that comply with industry standards for security and privacy.

4.5 How long is face data retained?

• If an account is deleted, associated facial embeddings are permanently removed within 30 days.
• Users may request deletion of facial data at any time through support.

4.6 Where in this privacy policy is facial data explained?

• Section 2 – Data We Collect: describes biometric (facial) data.
• Section 3 – How We Use Your Information: explains authentication-related use.
• Section 5 – Data Sharing and Disclosure: outlines access restrictions and authorized use.
• Section 6 – Data Retention: details how long data is stored and when it's deleted.

5. Data Sharing and Disclosure

We do not sell or rent your personal or biometric data. Data may be shared with:

• Authorized personnel (e.g., HR, supervisors).
• Third-party service providers who help us operate the system (with strict confidentiality agreements).
• Law enforcement if required by law.

Data is stored securely on encrypted servers compliant with legal and industry standards. Access to biometric data is restricted to authorized personnel only.

6. Data Retention

Your facial and personal data will be retained only as long as necessary to provide our services:

• If your account is deleted, all associated facial data is deleted within 30 days.
• You may also request immediate deletion of your biometric data.

7. Data Security

We use industry-standard security practices, including:

• Encryption of sensitive data.
• Access control and user authentication.
• Regular system audits and vulnerability assessments.

8. Your Privacy Rights

You have the right to:

• Access, correct, or delete your personal and biometric data.
• Object to or limit certain data processing activities.
• Withdraw consent for biometric processing at any time.
• Lodge a complaint with a data protection authority.

To exercise these rights, contact us via the in-app support or at: sixpent@gmail.com

9. Business Model and User Access

9.1 Is your app restricted to users who are part of a single company?

The Smart Attendance App is designed primarily for organizations, including their employees, partners, and contractors. Access is restricted to members within each subscribing organization.

9.2 Is your app designed for use by a limited or specific group of companies?

Yes, the app is provided to organizations that subscribe to our service.

• Which companies use this app? Currently, organizations that have availed the Smart Attendance system and subscribed to our service.
• Can any company become a client? Yes, any organization can avail and onboard its members for attendance tracking.

9.3 What features are intended for use by the general public?

The app has no public-facing features. Only registered and authorized users within subscribing organizations have access to attendance logging and related functions.

9.4 How do users obtain an account?

Users cannot create accounts independently. Accounts are created and managed by the organization's system administrator or HR personnel, who enroll biometric data and assign credentials during onboarding.

9.5 How are users authenticated?

Authentication is performed using login credentials to ensure secure access.

10. Contact Us

Thank you for trusting Smart Attendance with your privacy.