SmartFace Attendance

Data Retention Policy - SmartCarePlus

1. Introduction

This Data Retention Policy outlines how SmartFace Attendance collects, retains, and disposes of personal data, including biometric information. This policy ensures compliance with legal requirements, protects user privacy, and maintains operational efficiency.

2. Purpose and Scope

2.1 Purpose

This policy aims to:

• Define retention periods for different types of data
• Ensure compliance with employment, tax, and data protection laws
• Minimize data storage to reduce privacy risks
• Establish clear procedures for data deletion and archival
• Support audit and legal discovery requirements

2.2 Scope

This policy applies to:

• All personal data collected through SmartFace Attendance
• All users including administrators, employees, and system operators
• All data stored in MongoDB databases and file storage systems
• All components: Backend API, Face Recognition Service, and Mobile Application

3. Data Categories and Retention Periods

3.1 User Account Data

Company/Organization Administrator Accounts

• Data Types: Company name, administrator name, email, WhatsApp number, subscription details
• Retention Period: Duration of active subscription plus 3 years
• Deletion Trigger: 3 years after subscription cancellation or account closure
• Legal Basis: Contract performance, tax and audit requirements
• Notes: Financial records retained separately as per tax law (7 years)

Authentication Tokens

• Data Types: Laravel Sanctum tokens, device tokens
• Retention Period: Until token expiration or user logout
• Deletion Trigger: Immediate upon logout or 90 days of inactivity
• Legal Basis: Security and access control

3.2 Employee/Staff Data

Core Employee Information

• Data Types: Name, employee ID, email, phone, department, position, salary
• Retention Period: Duration of employment plus 7 years
• Deletion Trigger: 7 years after employment termination
• Legal Basis: Employment law, tax compliance (salary records), legal claims
• Notes: Aligns with statutory requirements for employment records in most jurisdictions

Employee Status Changes

• Data Types: Department transfers, shift changes, status updates
• Retention Period: Same as core employee information (7 years post-employment)
• Deletion Trigger: 7 years after employment termination

3.3 Biometric Data (Critical)

Facial Images (Enrollment Photos)

• Data Types: 3-10 facial photographs per employee
• Retention Period: Duration of employment only
• Deletion Trigger: 30 days after employment termination
• Legal Basis: Biometric consent, employment contract
• Notes: Subject to strict biometric privacy laws (e.g., BIPA, GDPR Article 9)
• Storage Location: Encrypted file storage with restricted access

Facial Recognition Embeddings

• Data Types: Mathematical facial feature vectors stored in MongoDB
• Retention Period: Duration of employment only
• Deletion Trigger: 30 days after employment termination
• Legal Basis: Biometric consent, employment contract
• Notes: Deleted from all databases including primary and backup systems

Face Recognition Logs

• Data Types: Recognition attempts, confidence scores, matched/unmatched events
• Retention Period: 90 days
• Deletion Trigger: Automatic deletion after 90 days
• Legal Basis: System security, troubleshooting, fraud prevention
• Notes: Contains only metadata, not biometric templates

3.4 Attendance Records

Daily Attendance Logs

• Data Types: Check-in/check-out timestamps, type (entry/exit), device ID, confidence scores
• Retention Period: Employment duration plus 7 years
• Deletion Trigger: 7 years after employment termination
• Legal Basis: Employment law, payroll compliance, tax audits, legal disputes
• Notes: Required for wage/hour law compliance and potential disputes

Attendance Summaries and Reports

• Data Types: Monthly calendars, working hours, overtime, late arrivals, salary estimations
• Retention Period: Employment duration plus 7 years
• Deletion Trigger: 7 years after employment termination
• Legal Basis: Payroll records, employment law compliance

Exported Attendance Data (Excel files)

• Data Types: User-generated exports of attendance records
• Retention Period: 30 days in system storage (user's local copy not controlled)
• Deletion Trigger: Automatic deletion 30 days after generation
• Notes: Users responsible for their downloaded copies

3.5 Subscription and Billing Data

Subscription Records

• Data Types: Plan details, pricing, start/end dates, status
• Retention Period: Subscription period plus 7 years
• Deletion Trigger: 7 years after subscription ends
• Legal Basis: Tax law, financial audits, contract disputes

Payment Transaction Records (if payment processing is added)

• Data Types: Transaction IDs, amounts, dates (no credit card details stored)
• Retention Period: 7 years
• Deletion Trigger: 7 years from transaction date
• Legal Basis: Tax compliance, financial regulations

3.6 Device and Terminal Data

Device Registration Information

• Data Types: Device name, location, device token, status
• Retention Period: Duration of device active status plus 1 year
• Deletion Trigger: 1 year after device deactivation
• Legal Basis: System operations, security audits

Device Activity Logs

• Data Types: Last activity timestamps, authentication attempts
• Retention Period: 90 days
• Deletion Trigger: Automatic deletion after 90 days
• Legal Basis: Security monitoring, troubleshooting

3.7 System Logs and Technical Data

API Access Logs

• Data Types: API requests, response codes, timestamps, user agents
• Retention Period: 90 days
• Deletion Trigger: Automatic deletion after 90 days
• Legal Basis: Security monitoring, debugging, performance optimization

Error and Debug Logs

• Data Types: Application errors, stack traces, system events
• Retention Period: 90 days
• Deletion Trigger: Automatic deletion after 90 days
• Legal Basis: System maintenance, troubleshooting

Security Audit Logs

• Data Types: Authentication attempts, authorization failures, suspicious activities
• Retention Period: 2 years
• Deletion Trigger: 2 years from log creation
• Legal Basis: Security investigations, compliance audits, legal requirements

Database Backups

• Data Types: Complete system backups including all data
• Retention Period: 30 days (rolling backups)
• Deletion Trigger: Automatic deletion of backups older than 30 days
• Legal Basis: Disaster recovery, business continuity
• Notes: Biometric data in backups subject to special handling

3.8 Verification and Password Recovery Codes

WhatsApp Verification Codes

• Data Types: 6-digit verification codes for account registration
• Retention Period: 10 minutes
• Deletion Trigger: Immediate after verification or 10-minute expiration
• Legal Basis: Account security

Password Recovery Codes

• Data Types: 6-digit recovery codes for password reset
• Retention Period: 30 minutes
• Deletion Trigger: Immediate after use or 30-minute expiration
• Legal Basis: Account security

3.9 Shift and Department Data

Department and Shift Configurations

• Data Types: Department names, shift timings, weekly holidays, overtime rules
• Retention Period: Duration of use plus 3 years
• Deletion Trigger: 3 years after deletion from active system
• Legal Basis: Historical reference, payroll audits

4. Data Deletion Procedures

4.1 Automated Deletion

• Scheduled Jobs: Automated cron jobs run daily to delete expired data
• Token Cleanup: Authentication tokens purged upon logout or expiration
• Log Rotation: System logs automatically rotated and deleted per retention schedule
• Backup Rotation: Old backups automatically deleted after 30 days

4.2 Manual Deletion (User-Initiated)

• Employee Departure: HR/Admin triggers employee termination workflow
• 30-Day Grace Period: Biometric data retained for 30 days for potential disputes
• Confirmation Required: Two-step confirmation for biometric data deletion
• Audit Trail: All manual deletions logged with user ID and timestamp

4.3 Right to Deletion (GDPR/Privacy Laws)

• User Request: Users can request deletion of their personal data
• Identity Verification: Request authenticated via system login or identity verification
• Legal Exceptions: Data retained if required by law (e.g., payroll records)
• Response Time: Deletion completed within 30 days of verified request
• Confirmation Sent: User notified upon successful deletion

4.4 Biometric Data Deletion (Special Procedures)

Due to the sensitive nature of biometric data:

1. Primary Database: Facial embeddings deleted from MongoDB
2. File Storage: Facial images permanently deleted from storage
3. Backup Systems: All backups containing biometric data purged within 30 days
4. Cache and Logs: All cached biometric data cleared immediately
5. Verification: Deletion verified by automated script to ensure completeness
6. Documentation: Deletion logged with date, method, and verification checksum

5. Data Archival

5.1 Long-Term Retention Requirements

For data that must be retained beyond active use (e.g., employment records for 7 years):

Archival Process:

• Data moved from production database to secure archive storage
• Access restricted to authorized personnel only
• Archives encrypted with strong encryption keys
• Annual review to identify data eligible for deletion

Archive Access:

• Requires administrator approval and valid business reason
• All access logged and auditable
• Read-only access; no modifications allowed

5.2 Archival Storage

• Location: Separate secure storage infrastructure
• Encryption: AES-256 encryption at rest
• Access Controls: Multi-factor authentication required
• Audit Logs: All archive access logged for 7 years

6. Compliance with Legal Requirements

6.1 Regulatory Frameworks

This policy complies with:

• GDPR (EU): General Data Protection Regulation
• CCPA (California): California Consumer Privacy Act
• BIPA (Illinois): Biometric Information Privacy Act
• Employment Laws: Wage/hour record retention requirements
• Tax Laws: Financial and payroll record retention (7 years)
• SOX (if applicable): Sarbanes-Oxley Act for public companies

6.2 Jurisdiction-Specific Adjustments

Organizations operating in specific jurisdictions may need to adjust retention periods:

• Consult local employment and data protection laws
• Document any deviations from this policy
• Implement jurisdiction-specific retention schedules
• Notify users of applicable retention periods

7. Exceptions to Retention Policy

7.1 Legal Hold

Data may be retained beyond normal retention periods if:

• Subject to litigation or legal discovery
• Part of ongoing investigation (internal or external)
• Required by court order or subpoena
• Subject to regulatory audit or inquiry

Process:

1. Legal hold notice issued by legal counsel
2. Data flagged in system to prevent deletion
3. Affected users notified (unless prohibited by law)
4. Data released from hold only after legal clearance

7.2 Security Incidents

Following a security breach or incident:

• Affected data retained for investigation
• Extended retention until incident fully resolved
• Logs and forensic data preserved as evidence
• Data retention extended as needed for legal proceedings

8. Backup and Disaster Recovery

8.1 Backup Retention

• Daily Backups: Retained for 7 days
• Weekly Backups: Retained for 4 weeks
• Monthly Backups: Retained for 3 months
• Quarterly Backups: Retained for 1 year (compliance only)

8.2 Biometric Data in Backups

Critical Consideration: Backups contain biometric data and must be handled accordingly:

• Backups containing terminated employees' biometric data deleted within 30 days
• Special backup rotation process for biometric-sensitive data
• Encrypted backup storage with restricted access
• Backup restoration requires approval for biometric data

8.3 Disaster Recovery

• In disaster recovery scenarios, only necessary data restored
• Expired data not restored even if present in backups
• Post-recovery cleanup to remove data beyond retention periods

9. Data Minimization

9.1 Principles

We adhere to data minimization principles:

• Collection Limitation: Collect only necessary data for attendance management
• Purpose Limitation: Use data only for specified purposes
• Storage Limitation: Retain data only as long as necessary
• Access Limitation: Restrict access to authorized personnel only

9.2 Ongoing Review

• Annual review of data retention needs
• Quarterly review of retention policy compliance
• Regular audits to identify unnecessary data collection
• User feedback on data practices

10. User Rights and Data Portability

10.1 Access to Retention Information

Users can request:

• What data is retained about them
• How long data will be retained
• When data will be deleted
• Copies of retained data

10.2 Data Portability

Users can export:

• Attendance records in Excel format
• Personal profile information
• Historical attendance summaries
• Available upon request within 30 days

11. Employee Training and Awareness

All personnel with access to personal data must:

• Complete annual data retention training
• Understand biometric data sensitivity
• Follow deletion procedures correctly
• Report retention policy violations

12. Policy Review and Updates

12.1 Review Schedule

• Annual policy review by legal and compliance teams
• Updates for changes in applicable laws
• Updates based on operational changes
• User notification of significant changes

12.2 Version Control

• All policy versions documented and retained
• Change log maintained for audit purposes
• Previous versions archived for 7 years

13. Accountability and Governance

13.1 Responsible Parties

• Data Protection Officer (DPO): Overall policy compliance
• System Administrators: Technical implementation of retention schedules
• HR/Management: Employee data lifecycle management
• Legal Counsel: Interpretation of legal requirements

13.2 Compliance Monitoring

• Monthly automated compliance reports
• Quarterly manual audits of data retention
• Annual third-party compliance assessment
• Incident reports for retention violations

14. Consequences of Non-Compliance

Failure to comply with this policy may result in:

• Disciplinary action for responsible personnel
• Legal liability for organization
• Regulatory fines and penalties
• Reputational damage
• Loss of user trust

15. Contact Information

For questions about data retention:

SmartFace Attendance - Data Protection

• Email: support@smartcodejunctioninfinity.in
• Website: https://smartfaceattendance.in

16. Acknowledgment

By using SmartFace Attendance, you acknowledge:

• You understand this Data Retention Policy
• You consent to the retention periods specified
• You understand your rights regarding data deletion
• You will comply with organizational policies on data retention

---

Note: This Data Retention Policy should be read in conjunction with our Privacy Policy, Security Policy, and Terms of Service. Organizations should consult legal counsel to ensure compliance with applicable local laws and regulations.

Appendix A: Quick Reference Table

Data Type	Retention Period	Deletion Trigger
Account Data	Active + 3 years	3 years post-cancellation
Employee Info	Employment + 7 years	7 years post-termination
Biometric Data (Photos & Embeddings)	Employment only	30 days post-termination
Attendance Logs	Employment + 7 years	7 years post-termination
Authentication Tokens	Until logout	90 days inactivity
API Logs	90 days	Auto-delete
Security Audit Logs	2 years	Auto-delete
Database Backups	30 days	Rolling deletion
Verification Codes	10-30 minutes	Immediate after use
Device Data	Active + 1 year	1 year post-deactivation

---

© Smart Code Junction Infinity Private Limited

All rights reserved. SmartFace Attendance is a registered platform of Smart Code Junction Infinity Pvt. Ltd. https://smartfaceattendance.in