Privacy Policy

Effective Date: April 5, 2025

This Privacy Policy describes how Time Punch ("we", "our", or "us") collects, uses, discloses, and safeguards your information when you use our mobile and web-based attendance platform, which uses facial recognition technology for employee time tracking and attendance purposes.

1. Introduction

Time Punch is committed to protecting the privacy of its users. This policy applies to all users of our services and outlines how we handle the personal and biometric data we collect. By using our app, you agree to the terms of this policy.

2. Information We Collect

We collect the following categories of information:

a. Personal Identifiable Information (PII)

• Full Name
• Email Address
• Employee ID
• Department and Organization Details

b. Biometric Information

• Facial recognition data used solely for the purpose of verifying identity during attendance check-in and check-out.

c. Technical and Usage Data

• IP Address
• Device Information (model, OS version, app version)
• Access logs and timestamps
• Crash logs and diagnostic data

d. Location Data

• Optional location data used to confirm whether attendance is marked from an authorized location. This may be collected via GPS, Wi-Fi, or IP-based geolocation.

3. How We Use Your Information

We use the collected data for the following purposes:

• To identify and authenticate users using facial recognition.
• To mark and record employee attendance with time stamps.
• To provide HR and admin departments with accurate attendance records.
• To maintain security and prevent unauthorized access or fraudulent check-ins.
• To enhance, troubleshoot, and improve the performance of our services.
• To comply with legal and regulatory obligations.

4. Legal Basis for Processing

We process your data under the following lawful bases:

• Consent: We require explicit consent for facial recognition features.
• Contractual Obligation: To provide attendance services as agreed with your employer.
• Legitimate Interest: For improving our services and ensuring secure usage.
• Legal Compliance: Where required by law enforcement or regulatory bodies.

5. Facial Recognition Technology

We use facial recognition only to verify identity for attendance logging. Facial templates or image data are:

• Encrypted and stored securely.
• Not shared with third parties without your employer’s permission.
• Deleted upon termination of employment or at the end of retention period defined by your employer.

6. Consent and User Control

Consent for facial recognition is collected when the user signs up or is onboarded by the employer. You may:

• Withdraw consent at any time by contacting your administrator or support team.
• Request to deactivate your biometric profile.

7. Data Sharing and Disclosure

Your data may be shared in the following cases:

• With your employer or HR department as per your employment agreement.
• With service providers (cloud, storage, analytics) under strict confidentiality agreements.
• With government agencies or law enforcement if required by law.

We do not sell or rent your personal or biometric data.

8. Data Retention

We retain data based on the following principles:

• Attendance records are stored as long as your employer requires for recordkeeping.
• Biometric templates are deleted after employee offboarding or user request, in accordance with local laws.
• Diagnostic logs are retained for no longer than 180 days unless required for auditing or legal purposes.

9. Data Security

We implement industry-standard security measures, including:

• End-to-end encryption of biometric and personal data.
• Role-based access control to restrict data access.
• Regular security audits and vulnerability testing.
• Secure cloud infrastructure with backup and disaster recovery protocols.

10. International Data Transfers

If you are using the app outside of our operating country, your data may be transferred to and processed in that country. We ensure such transfers are legally compliant using standard contractual clauses or data processing agreements.

11. Your Rights

You may have the following rights under applicable data protection laws (e.g., GDPR, CCPA):

• Right to access your data
• Right to rectify inaccurate data
• Right to erase your data (“right to be forgotten”)
• Right to data portability
• Right to restrict or object to processing
• Right to withdraw consent
• Right to lodge a complaint with a data protection authority

12. Third-Party Services

We may use trusted third-party tools for hosting, facial recognition processing, analytics, or crash reporting. These providers are bound by confidentiality and data protection obligations. Examples may include:

• Amazon Web Services (AWS)
• Google Firebase (if used)
• Custom in-house facial recognition engines

13. Cookies and Tracking

Our web platform may use cookies for session management and analytics. You can control cookie preferences through your browser settings.

14. Children’s Privacy

Time Punch is not intended for use by individuals under 16 years of age. We do not knowingly collect personal data from children.

15. Updates to this Privacy Policy

We may update this policy from time to time. Significant changes will be communicated via email, app notification, or through your employer. Your continued use of the app after changes indicates your acceptance.

16. Contact Us

If you have questions about this Privacy Policy or want to exercise your rights, please contact us:

Time Punch Support Team
Email: ammad.grami@artisticmilliners.com
Address: Artistic Milliners, Plot 4 & 8, Sector 25, Korangi Industrial Area, Karachi, Pk