Privacy Policy

Who we are & scope

The Services are provided by VNV Logixpace Private Limited for subscribing organisations and their authorised users. If you use the employee app or are listed in an organisation's account, your employer is usually the controller of your work-related personal data; we process that data on their behalf to deliver attendance, location tracking, and related workforce features.

The employee app is available as an Android application and as a browser-based PWA. Both connect to your organisation's dedicated backend. Features such as background GPS tracking are most reliable on the Android app.

Information we collect

From organisations & admins

May include company name, domain, subscription and billing contacts, business email, and content entered in the admin console (including employee roster fields your organisation chooses to store, such as employee ID, name, work email, phone, designation, shift timing, and profile photo URLs).

From employees & app users

• Account identifiers: company domain, username, employee ID, name, and organisation/tenant identifiers returned after login.
• Credentials & authentication: passwords (for login and password-change flows), MPIN (sent to the server for verification and creation — not stored locally in the app), one-time passwords and OTPs for account recovery, and session tokens (JWT) for authenticated API access.
• Attendance records: punch-in and punch-out timestamps, duration, status, overtime/shortfall, work-from-home flag, and login/logout IP addresses recorded by the backend.
• Location data: precise GPS coordinates (latitude, longitude, accuracy), and while punched in may also include speed, heading, timestamp, and whether the app is in the foreground or background (see Location & attendance).
• Leave & WFH requests: date ranges, reasons, status, and approver actions when you submit or manage requests through the app.
• Profile information: employee details and profile photos fetched from your employer's server for display. The app does not use your device camera to capture photos for attendance.

Technical & device data

• Device type, operating system, browser or app version, and a device information string (including browser user agent) submitted at punch-in.
• A generated device identifier and device fingerprint used for trusted-device registration and login checks. The app does not read your hardware MAC address; it uses a synthetic identifier instead.
• Push notification tokens (Firebase Cloud Messaging) and a device name label when your organisation enables push messaging.
• Battery optimisation status, location permission state, and tracking diagnostic events (for example permission denied, GPS unavailable, or upload failures) to help operate and troubleshoot the Services.
• IP addresses on server-side login and API requests, and standard web data (IP, browser type, pages viewed) when you browse our public website.

Data stored on your device

The app may store session tokens, optional "Remember Me" login credentials, punch history cache, notification read state, biometric unlock preferences, and device identifiers in your browser or app local storage. On Android, limited backup credentials may be stored to allow location uploads if the main app process is stopped while you remain punched in. See Security & retention for details.

How we use your information

We use personal data to:

• provide, host, and improve the Services (organisation registration, attendance, GPS walkpath tracking, live location maps, leave and WFH workflows, and reporting);
• authenticate users, verify devices, and protect accounts and infrastructure (password, MPIN, JWT);
• send operational push and in-app notifications when your organisation enables them (for example leave approvals or system alerts);
• record and display attendance history, tracking paths, and manager dashboards;
• diagnose tracking reliability issues and improve location capture on supported devices;
• communicate about the subscription, security, or support;
• comply with law and respond to lawful requests;
• analyse aggregate or de-identified usage to improve reliability and product experience where permitted.

We do not sell your personal information. We do not use employee location or attendance data for third-party advertising.

Sharing & subprocessors

We share data with service providers who assist us under contractual safeguards, including:

• Google Firebase / Firebase Cloud Messaging — push notifications to your device when enabled by your organisation.
• Firebase Realtime Database — live employee location and daily GPS trail data for real-time maps and admin visibility while you are punched in, when this feature is enabled for your tenant.
• Cloud hosting, email delivery, and infrastructure providers used to operate your organisation's backend and our platform services.

Attendance and location history are primarily stored on your organisation's backend servers. Your employer's administrators and authorised managers may access employee attendance, location trails, and related workforce data according to their role and your organisation's policies.

Location & attendance

Location collection is tied to your organisation's attendance configuration. When location is required, the app uses it only for workforce attendance purposes — not for advertising or unrelated profiling.

Punch-in and punch-out

Each punch action requires a current GPS reading. Readings with accuracy worse than approximately 80 metres are rejected. On the Android app, punch-in may also require you to grant background location ("Allow all the time") so your walkpath can be recorded while you remain on duty.

Continuous tracking while punched in

After punch-in, and until punch-out or the workday is completed, the app records your location at intervals configured by your organisation (typically every 1–60 minutes, default 5 minutes). Additional readings may be captured when you move a meaningful distance or when the app returns to the foreground.

• Android app: uses a foreground location service with a persistent notification ("VNV Attendance – On duty") while you are punched in, including when the screen is off. Backup location uploads may run periodically if the main app process is stopped.
• Browser / PWA: location is collected while the app is open and may be limited when the browser tab is in the background or the device screen is off. For reliable walkpath tracking, your organisation may require the Android app.

Location data is sent to your organisation's servers for permanent attendance path history and, when enabled, to Firebase for live location display and daily trail maps visible to authorised admins. Tracking stops when you punch out, complete your day, or log out; live location markers are cleared at that time.

Permissions the Android app may request

• Location (precise, approximate, and background)
• Notifications (for push alerts and the on-duty location service notification)
• Battery optimisation exemption (optional prompt to improve tracking reliability on some devices)

The app does not request camera, microphone, contacts, or SMS permissions. Profile photos are loaded from your employer's server only.

App access, MPIN & biometrics

After first login, employees set a password and a numeric MPIN. On subsequent app opens, MPIN verification unlocks the session. MPIN values are transmitted securely to the server for verification; they are not stored in plain text in app storage.

You may optionally enable biometric unlock (fingerprint or face on supported Android devices, or WebAuthn on supported browsers) as a shortcut to unlock the app after MPIN is configured. Biometric verification is performed by your device's operating system or browser; biometric templates are not collected or sent to our servers. A WebAuthn credential reference may be stored locally on your device if you enable this feature.

If you use "Remember Me" at login, your domain, username, and password may be stored in your browser's local storage on that device. We recommend using this only on devices you control.

Security & retention

We use commercially reasonable measures, including encryption in transit (HTTPS/TLS) for communication between apps, browsers, and our services. Please protect your credentials and report suspected incidents to your employer and, where appropriate, to us via Contact.

Session tokens and most local app data are cleared when you log out. Device identifiers and biometric unlock preferences may persist on your device until you disable them or clear app data. Push notification registration is removed on logout.

How long attendance, location history, and employee records are retained on servers is determined by your employer's policies and applicable law. Contact your organisation's administrator for employment-related data requests.

Your choices & rights

Depending on your jurisdiction, you may have rights to access, correct, delete, restrict, or object to certain processing, or to lodge a complaint with a supervisory authority. For workforce data, contact your employer first as they are typically the data controller.

You can also:

• decline optional features such as biometric unlock or "Remember Me";
• revoke location or notification permissions in your device or browser settings (this may prevent punch or tracking);
• log out to end your session and stop live location tracking;
• contact your organisation's administrator about attendance policy, location requirements, or data access.

For account deactivation or data removal after employment ends, see our Account & data deletion page.

Children's privacy

The Services are intended for workforce and business use and are not directed at children. We do not knowingly collect personal information from children.

Changes & contact

We may update this Privacy Policy from time to time. Questions: use our Contact page or reach your organisation's administrator for employment-related data.

Related: Terms of Service · Account & data deletion