ClockFace (“we,” “us,” or “our”) is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, store, and safeguard your information when you use our time-tracking platform, including our facial recognition and biometric features.

1. Information We Collect

We collect the following categories of information:

• Account Information: Name, email address, organization name, role, and login credentials provided during registration.
• Biometric Data: Facial geometry data captured during the face enrollment and clock-in process. This data is converted into encrypted numerical vectors (face encodings) and is never stored as raw photographs.
• Time Tracking Data: Clock-in and clock-out timestamps, break records, shift assignments, overtime calculations, and payroll export history.
• Device and Usage Data: Browser type, IP address, device identifiers, and interaction logs collected automatically when you access the platform.
• Organization Data: Company structure, location information, department assignments, and shift configuration settings.

2. How We Use Your Information

We use the information we collect to:

• Verify employee identity through facial recognition during clock-in and clock-out.
• Record and calculate work hours, overtime, and meal break compliance.
• Generate payroll reports and CSV exports for integration with third-party payroll systems.
• Provide real-time dashboards and attendance reports to authorized administrators.
• Maintain audit trails for compliance and dispute resolution.
• Improve the accuracy and performance of our facial recognition system.
• Communicate product updates, security alerts, and support responses.

3. Biometric Data

We take the handling of biometric data extremely seriously. Our practices comply with applicable biometric privacy laws, including the Illinois Biometric Information Privacy Act (BIPA), the California Consumer Privacy Act (CCPA), and the General Data Protection Regulation (GDPR).

• Collection: Biometric data is collected only with informed, written consent from the individual prior to enrollment. Employees must actively opt in to face recognition.
• Storage: Face data is stored as encrypted numerical vectors using AES-256 encryption at rest. Raw facial images used during enrollment are discarded after encoding and are never permanently stored.
• Purpose Limitation: Biometric data is used solely for the purpose of verifying employee identity during clock-in and clock-out. It is never used for surveillance, marketing, or any other purpose.
• Sharing: Biometric data is never sold, leased, traded, or otherwise disclosed to third parties. It is accessible only to authorized system processes required for identity verification.
• Deletion: Biometric data is permanently destroyed within 30 days of an employee's termination or upon the employee's written request, whichever occurs first.

4. Data Security

We implement industry-standard security measures to protect your information:

• AES-256 encryption for all biometric data and sensitive records at rest.
• TLS 1.3 encryption for all data transmitted between clients and our servers.
• Role-based access controls ensuring only authorized personnel can access employee data.
• Multi-tenant data isolation ensuring each organization's data is logically separated.
• Regular security audits, penetration testing, and vulnerability assessments.
• Automated audit logging of all administrative actions and data access events.

5. Data Retention

We retain your data for as long as your organization maintains an active account with us, plus the following periods after account termination:

• Biometric data: Deleted within 30 days of employee termination or written request.
• Time tracking records: Retained for 7 years to comply with federal and state labor record-keeping requirements.
• Account information: Retained for 90 days after account closure to facilitate reactivation, then permanently deleted.
• Audit logs: Retained for 3 years for compliance and security purposes.

6. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your personal data, including biometric data, subject to legal retention requirements.
• Portability: Request an export of your data in a machine-readable format.
• Opt-Out: Withdraw consent for biometric data collection at any time. Employees who opt out may use PIN-based clock-in as an alternative.
• Non-Discrimination: Exercise any of these rights without receiving discriminatory treatment.

To exercise any of these rights, contact your organization's administrator or reach out to us directly using the contact information below.

7. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us:

• Email: [email protected]
• Mail: ClockFace, Attn: Privacy Team, 123 Main Street, Suite 400, San Francisco, CA 94105

We will respond to all verified requests within 30 days, or sooner where required by applicable law.