SmartFace Attendance

Privacy Policy - SmartFace Attendance

1. Introduction

SmartFace Attendance ("we," "our," or "us") is committed to protecting the privacy and security of personal information collected through our facial recognition-based attendance management system. This Privacy Policy explains how we collect, use, store, and protect your personal data.

By using the SmartFace Attendance system, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and processing of your personal information as described herein.

2. Information We Collect

2.1 Personal Information

We collect and process the following types of personal information:

Company/Organization Information:

Company name
Administrator name
Business email address
WhatsApp contact number
Subscription and billing information

Employee Information:

Full name
Employee ID
Email address
Phone number
Department and position
Shift timings
Basic salary information (for attendance-based salary calculations)
Allowed leave entitlements

Biometric Information:

Facial images (3-10 photos per person for enrollment)
Facial recognition embeddings (mathematical representations of facial features)
Face recognition confidence scores

Attendance Records:

Check-in and check-out timestamps
Attendance type (entry/exit)
Device identification (terminal location)
Attendance metadata (recognition method, confidence level)
Working hours, overtime, and late arrival records
Shift assignments and calendar data

Device Information:

Face recognition terminal identifiers
Device tokens for authentication
Device location information
Last activity timestamps

Technical Information:

IP addresses (for security purposes)
Authentication tokens
API access logs
System usage logs

2.2 Automatically Collected Information

Server logs and error reports
API request timestamps
Face recognition processing metrics
System performance data

3. How We Use Your Information

3.1 Primary Purposes

We use the collected information for the following purposes:

Attendance Management:

Recording employee attendance through facial recognition
Tracking working hours, overtime, and leave
Generating attendance reports and summaries
Calculating attendance-based salary components

Authentication and Security:

Verifying user identity for system access
Authenticating face recognition terminals
Preventing unauthorized access
Detecting and preventing duplicate attendance entries

System Operations:

Managing employee profiles and assignments
Organizing departments, shifts, and schedules
Maintaining device and terminal registrations
Providing subscription and account management

Analytics and Reporting:

Generating attendance statistics and trends
Creating monthly attendance calendars
Calculating salary estimations based on attendance
Providing dashboard analytics for administrators

Service Improvement:

Improving face recognition accuracy
Optimizing system performance
Enhancing user experience
Troubleshooting technical issues

3.2 Legal Basis for Processing

We process personal data based on:

Consent: You provide explicit consent for biometric data collection and processing
Contract Performance: Processing is necessary for employment and payroll management
Legitimate Interests: System security, fraud prevention, and service improvement
Legal Compliance: Meeting employment law and record-keeping requirements

4. Data Storage and Security

4.1 Storage Infrastructure

All data is stored in MongoDB databases with encryption at rest
Facial embeddings are stored as encrypted mathematical representations
Data is hosted on secure servers with restricted access
Regular backups are performed to prevent data loss

4.2 Data Location

Data is stored on servers located in secure data centers
We maintain data residency in accordance with applicable laws
Cross-border data transfers (if any) comply with relevant regulations

4.3 Access Controls

Multi-tenant architecture ensures data isolation between organizations
Role-based access control (RBAC) limits data access
Authentication required via Laravel Sanctum tokens
Device-specific tokens for face recognition terminals
All API access is logged and monitored

We do not share, sell, rent, or disclose your personal data to third parties. All data processing occurs within our secure infrastructure.

5.2 Service Providers

We use the following internal components (not third-party services):

MongoDB: For data storage (self-hosted)
InsightFace: For face recognition processing (self-hosted, no external API calls)
Internal Services: All processing occurs on our infrastructure

5.3 Legal Disclosures

We may disclose information only when:

Required by law, court order, or legal process
Necessary to protect our rights, property, or safety
Required to prevent fraud or security threats
Requested by law enforcement with proper authorization

6. Your Privacy Rights

You have the following rights regarding your personal data:

6.1 Access Rights

View your personal information stored in the system
Request copies of your attendance records
Access your facial recognition enrollment status

6.2 Correction Rights

Update your personal information (name, email, phone)
Correct inaccurate attendance records (subject to administrator approval)
Re-enroll facial data if recognition accuracy is poor

6.3 Deletion Rights

Request deletion of your facial recognition data
Request account deletion (subject to legal retention requirements)
Withdraw consent for biometric data processing

6.4 Portability Rights

Export your attendance records in standard formats (Excel)
Receive copies of your personal data in a structured format

6.5 Objection Rights

Object to certain data processing activities
Opt-out of non-essential data collection
Request human review of automated decisions

6.6 How to Exercise Rights

To exercise any of these rights, contact your organization's administrator or reach out to us at:

Email: support@smartcodejunctioninfinity.com
Support: Through the mobile application or system dashboard

7. Data Retention

We retain personal information only as long as necessary for the purposes outlined in this policy:

Attendance Records: Retained for employment duration plus statutory requirements (typically 3-7 years)
Biometric Data: Retained during active employment; deleted within 30 days of termination
Account Information: Retained during subscription period; deleted according to retention policy
Logs and Metadata: Retained for 90 days for security and troubleshooting purposes

For detailed retention periods, please refer to our separate Data Retention Policy.

8. Children's Privacy

SmartFace Attendance is designed for workplace use and is not intended for individuals under the age of 18. We do not knowingly collect personal information from minors without parental consent as required by law.

9. Biometric Information Notice

9.1 Special Notice for Biometric Data

Facial recognition data is considered sensitive biometric information in many jurisdictions. We take extra precautions:

Explicit Consent Required: Biometric enrollment requires explicit consent
Purpose Limitation: Used only for attendance management, not for other purposes
Secure Storage: Facial embeddings are encrypted and stored securely
No Retention After Employment: Deleted within 30 days of employment termination
No Sale or Trading: We never sell or trade biometric data

9.2 How Facial Recognition Works

3-10 facial photos are captured during enrollment
Photos are converted to mathematical embeddings (numerical representations)
Original photos are stored for re-enrollment purposes only
Embeddings are compared during recognition; no photos are analyzed in real-time
Recognition confidence scores determine match accuracy

10. Cookies and Tracking

The SmartFace Attendance mobile application does not use cookies. Our API uses:

Authentication Tokens: Session tokens for secure API access
Device Tokens: 8-character alphanumeric codes for terminal authentication
These tokens are stored locally on devices and are not used for tracking

11. International Data Transfers

If your organization operates across multiple countries, data may be transferred internationally. We ensure:

Compliance with applicable data protection laws (GDPR, CCPA, etc.)
Adequate safeguards for international transfers
Data processing agreements with all parties
Notification to users of cross-border transfers

12. Security Measures

We implement comprehensive security measures including:

Technical Measures:

Encryption in transit (HTTPS/TLS) and at rest
Secure authentication (Laravel Sanctum with tokens)
API rate limiting and request validation
Regular security audits and penetration testing
Intrusion detection and prevention systems

Organizational Measures:

Access controls and role-based permissions
Employee training on data protection
Incident response and breach notification procedures
Regular security policy reviews

Physical Measures:

Secure data center facilities
Restricted physical access to servers
Environmental controls and monitoring

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will:

Notify users of material changes via email or in-app notification
Post the updated policy with a revised "Last Updated" date
Provide at least 30 days' notice for significant changes
Obtain renewed consent if required by law

14. Data Breach Notification

In the unlikely event of a data breach that affects your personal information:

We will notify affected users within 72 hours of discovery
Notifications will include the nature of the breach and affected data
We will provide guidance on protective measures
Authorities will be notified as required by law

15. Contact Information

For questions, concerns, or requests regarding this Privacy Policy or your personal data:

SmartFace Attendance Support

Developer: Smart Code Junction Infinity
Email: support@smartcodejunctioninfinity.com
Website: https://smartfaceattendance.in

For data protection inquiries, contact your organization's Data Protection Officer or administrator.

By using SmartFace Attendance, you acknowledge:

You have read and understood this Privacy Policy
You consent to the collection and processing of your personal data as described
You consent to biometric data processing for attendance management
You understand your rights and how to exercise them
You agree to comply with your organization's policies regarding system use

Note: This Privacy Policy should be read in conjunction with our Terms of Service, Data Retention Policy, and Security Policy. For employees, please also refer to your organization's internal data protection and biometric consent policies.

© Smart Code Junction Infinity Private Limited

Last modified on December 13, 2025

SmartFace Attendance

Privacy Policy - SmartFace Attendance

1. Introduction

2. Information We Collect

2.1 Personal Information

We collect and process the following types of personal information:

Company/Organization Information:

Company name
Administrator name
Business email address
WhatsApp contact number
Subscription and billing information

Employee Information:

Full name
Employee ID
Email address
Phone number
Department and position
Shift timings
Basic salary information (for attendance-based salary calculations)
Allowed leave entitlements

Biometric Information:

Facial images (3-10 photos per person for enrollment)
Facial recognition embeddings (mathematical representations of facial features)
Face recognition confidence scores

Attendance Records:

Check-in and check-out timestamps
Attendance type (entry/exit)
Device identification (terminal location)
Attendance metadata (recognition method, confidence level)
Working hours, overtime, and late arrival records
Shift assignments and calendar data

Device Information:

Face recognition terminal identifiers
Device tokens for authentication
Device location information
Last activity timestamps

Technical Information:

IP addresses (for security purposes)
Authentication tokens
API access logs
System usage logs

2.2 Automatically Collected Information

Server logs and error reports
API request timestamps
Face recognition processing metrics
System performance data

3. How We Use Your Information

3.1 Primary Purposes

We use the collected information for the following purposes:

Attendance Management:

Recording employee attendance through facial recognition
Tracking working hours, overtime, and leave
Generating attendance reports and summaries
Calculating attendance-based salary components

Authentication and Security:

Verifying user identity for system access
Authenticating face recognition terminals
Preventing unauthorized access
Detecting and preventing duplicate attendance entries

System Operations:

Managing employee profiles and assignments
Organizing departments, shifts, and schedules
Maintaining device and terminal registrations
Providing subscription and account management

Analytics and Reporting:

Generating attendance statistics and trends
Creating monthly attendance calendars
Calculating salary estimations based on attendance
Providing dashboard analytics for administrators

Service Improvement:

Improving face recognition accuracy
Optimizing system performance
Enhancing user experience
Troubleshooting technical issues

3.2 Legal Basis for Processing

We process personal data based on:

Consent: You provide explicit consent for biometric data collection and processing
Contract Performance: Processing is necessary for employment and payroll management
Legitimate Interests: System security, fraud prevention, and service improvement
Legal Compliance: Meeting employment law and record-keeping requirements

4. Data Storage and Security

4.1 Storage Infrastructure

All data is stored in MongoDB databases with encryption at rest
Facial embeddings are stored as encrypted mathematical representations
Data is hosted on secure servers with restricted access
Regular backups are performed to prevent data loss

4.2 Data Location

Data is stored on servers located in secure data centers
We maintain data residency in accordance with applicable laws
Cross-border data transfers (if any) comply with relevant regulations

4.3 Access Controls

Multi-tenant architecture ensures data isolation between organizations
Role-based access control (RBAC) limits data access
Authentication required via Laravel Sanctum tokens
Device-specific tokens for face recognition terminals
All API access is logged and monitored

We do not share, sell, rent, or disclose your personal data to third parties. All data processing occurs within our secure infrastructure.

5.2 Service Providers

We use the following internal components (not third-party services):

MongoDB: For data storage (self-hosted)
InsightFace: For face recognition processing (self-hosted, no external API calls)
Internal Services: All processing occurs on our infrastructure

5.3 Legal Disclosures

We may disclose information only when:

Required by law, court order, or legal process
Necessary to protect our rights, property, or safety
Required to prevent fraud or security threats
Requested by law enforcement with proper authorization

6. Your Privacy Rights

You have the following rights regarding your personal data:

6.1 Access Rights

View your personal information stored in the system
Request copies of your attendance records
Access your facial recognition enrollment status

6.2 Correction Rights

Update your personal information (name, email, phone)
Correct inaccurate attendance records (subject to administrator approval)
Re-enroll facial data if recognition accuracy is poor

6.3 Deletion Rights

Request deletion of your facial recognition data
Request account deletion (subject to legal retention requirements)
Withdraw consent for biometric data processing

6.4 Portability Rights

Export your attendance records in standard formats (Excel)
Receive copies of your personal data in a structured format

6.5 Objection Rights

Object to certain data processing activities
Opt-out of non-essential data collection
Request human review of automated decisions

6.6 How to Exercise Rights

To exercise any of these rights, contact your organization's administrator or reach out to us at:

Email: support@smartcodejunctioninfinity.com
Support: Through the mobile application or system dashboard

7. Data Retention

We retain personal information only as long as necessary for the purposes outlined in this policy:

Attendance Records: Retained for employment duration plus statutory requirements (typically 3-7 years)
Biometric Data: Retained during active employment; deleted within 30 days of termination
Account Information: Retained during subscription period; deleted according to retention policy
Logs and Metadata: Retained for 90 days for security and troubleshooting purposes

For detailed retention periods, please refer to our separate Data Retention Policy.

8. Children's Privacy

9. Biometric Information Notice

9.1 Special Notice for Biometric Data

Facial recognition data is considered sensitive biometric information in many jurisdictions. We take extra precautions:

Explicit Consent Required: Biometric enrollment requires explicit consent
Purpose Limitation: Used only for attendance management, not for other purposes
Secure Storage: Facial embeddings are encrypted and stored securely
No Retention After Employment: Deleted within 30 days of employment termination
No Sale or Trading: We never sell or trade biometric data

9.2 How Facial Recognition Works

3-10 facial photos are captured during enrollment
Photos are converted to mathematical embeddings (numerical representations)
Original photos are stored for re-enrollment purposes only
Embeddings are compared during recognition; no photos are analyzed in real-time
Recognition confidence scores determine match accuracy

10. Cookies and Tracking

The SmartFace Attendance mobile application does not use cookies. Our API uses:

Authentication Tokens: Session tokens for secure API access
Device Tokens: 8-character alphanumeric codes for terminal authentication
These tokens are stored locally on devices and are not used for tracking

11. International Data Transfers

If your organization operates across multiple countries, data may be transferred internationally. We ensure:

Compliance with applicable data protection laws (GDPR, CCPA, etc.)
Adequate safeguards for international transfers
Data processing agreements with all parties
Notification to users of cross-border transfers

12. Security Measures

We implement comprehensive security measures including:

Technical Measures:

Encryption in transit (HTTPS/TLS) and at rest
Secure authentication (Laravel Sanctum with tokens)
API rate limiting and request validation
Regular security audits and penetration testing
Intrusion detection and prevention systems

Organizational Measures:

Access controls and role-based permissions
Employee training on data protection
Incident response and breach notification procedures
Regular security policy reviews

Physical Measures:

Secure data center facilities
Restricted physical access to servers
Environmental controls and monitoring

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will:

Notify users of material changes via email or in-app notification
Post the updated policy with a revised "Last Updated" date
Provide at least 30 days' notice for significant changes
Obtain renewed consent if required by law

14. Data Breach Notification

In the unlikely event of a data breach that affects your personal information:

We will notify affected users within 72 hours of discovery
Notifications will include the nature of the breach and affected data
We will provide guidance on protective measures
Authorities will be notified as required by law

15. Contact Information

For questions, concerns, or requests regarding this Privacy Policy or your personal data:

SmartFace Attendance Support

Developer: Smart Code Junction Infinity
Email: support@smartcodejunctioninfinity.com
Website: https://smartfaceattendance.in

For data protection inquiries, contact your organization's Data Protection Officer or administrator.

By using SmartFace Attendance, you acknowledge:

You have read and understood this Privacy Policy
You consent to the collection and processing of your personal data as described
You consent to biometric data processing for attendance management
You understand your rights and how to exercise them
You agree to comply with your organization's policies regarding system use

Last modified on December 13, 2025

1. Introduction

2. Information We Collect

2.1 Personal Information

2.2 Automatically Collected Information

3. How We Use Your Information

3.1 Primary Purposes

3.2 Legal Basis for Processing

4. Data Storage and Security

4.1 Storage Infrastructure

4.2 Data Location

4.3 Access Controls

5. Data Sharing and Disclosure

5.1 Third-Party Sharing

5.2 Service Providers

5.3 Legal Disclosures

6. Your Privacy Rights

6.1 Access Rights

6.2 Correction Rights

6.3 Deletion Rights

6.4 Portability Rights

6.5 Objection Rights

6.6 How to Exercise Rights

7. Data Retention

8. Children's Privacy

9. Biometric Information Notice

9.1 Special Notice for Biometric Data

9.2 How Facial Recognition Works

10. Cookies and Tracking

11. International Data Transfers

12. Security Measures

13. Changes to This Privacy Policy

14. Data Breach Notification

15. Contact Information

16. Consent and Acknowledgment

© Smart Code Junction Infinity Private Limited

1. Introduction

2. Information We Collect

2.1 Personal Information

2.2 Automatically Collected Information

3. How We Use Your Information

3.1 Primary Purposes

3.2 Legal Basis for Processing

4. Data Storage and Security

4.1 Storage Infrastructure

4.2 Data Location

4.3 Access Controls

5. Data Sharing and Disclosure

5.1 Third-Party Sharing

5.2 Service Providers

5.3 Legal Disclosures

6. Your Privacy Rights

6.1 Access Rights

6.2 Correction Rights

6.3 Deletion Rights

6.4 Portability Rights

6.5 Objection Rights

6.6 How to Exercise Rights

7. Data Retention

8. Children's Privacy

9. Biometric Information Notice

9.1 Special Notice for Biometric Data

9.2 How Facial Recognition Works

10. Cookies and Tracking

11. International Data Transfers

12. Security Measures

13. Changes to This Privacy Policy

14. Data Breach Notification

15. Contact Information

16. Consent and Acknowledgment

© Smart Code Junction Infinity Private Limited