Terms and Conditions of Use

Acceptance & scope

By accessing or using the StaffTrakr website, admin console, or employee mobile application (Android APK or browser/PWA) — together, the "Services" — you agree to these Terms. If you accept on behalf of an organisation, you represent that you have authority to bind that organisation.

Subscribing organisations ("Customers" or "Employers") contract with VNV Logixpace for workforce attendance features. Employees and authorised managers use the Services under their employer's subscription and policies. Your employer is typically the data controller of workforce personal data; VNV Logixpace processes that data as a service provider on the employer's instructions.

The Services

StaffTrakr provides workforce attendance and related operations, including:

• Admin console (web): employee registration, attendance records, reports, leave and WFH request management, organisation settings, and manager dashboards including GPS walkpath and live location views where enabled.
• Employee app (Android APK or browser/PWA): domain-based login, password and MPIN authentication, punch-in/out with GPS, attendance history, leave and WFH requests, notifications, optional biometric unlock, and manager approval queues for authorised roles.

We grant subscribing organisations a limited, non-exclusive, non-transferable right to use the Services for internal workforce management, subject to these Terms, the applicable subscription plan, and fair use. Features available to your organisation depend on how your tenant is configured.

Privacy & information we process

Our Privacy Policy describes in detail what information we collect and how we use it. In summary, depending on your role and your organisation's configuration, the Services may process:

• organisation and subscription data (company name, domain, billing contacts, admin-entered employee records);
• credentials and session data (username, password, MPIN verification events, JWT session tokens, device identifiers);
• attendance data (punch times, duration, status, WFH flag, login/logout IP addresses);
• location data (precise GPS at punch-in/out and, while punched in, periodic location readings for walkpath and live tracking);
• leave and WFH request content, push notification tokens, and technical/diagnostic data needed to operate the Services.

We do not sell personal information and do not use employee location or attendance data for third-party advertising.

Employer responsibilities

Organisations that enable GPS attendance and location tracking are solely responsible for:

• complying with applicable labour, privacy, and employment laws in each jurisdiction where employees use the Services;
• providing employees with appropriate notice that location will be collected at punch-in/out and, while punched in, on a continuing basis for attendance verification and walkpath recording;
• obtaining any employee consents or authorisations required before requiring use of the employee app or background location on Android;
• configuring attendance rules, tracking intervals, and access controls appropriately for their workforce;
• ensuring only authorised administrators and managers can access employee attendance, location trails, and personal data through the admin console;
• maintaining accurate employee records and promptly removing or deactivating access when employment ends.

VNV Logixpace acts as a data processor for employee workforce data. The Customer (Employer) is the data controller. We process employee information strictly according to the Customer's instructions, these Terms, and our Privacy Policy.

Employee responsibilities

If you use the employee app under your employer's account, you agree to:

• use the Services only for legitimate work attendance and related requests as directed by your employer;
• provide accurate punch-in and punch-out actions and not misrepresent your attendance, location, or work status;
• keep your password and MPIN confidential and not share credentials with others;
• grant location and notification permissions when required by your employer's attendance policy, understanding that declining permissions may prevent punch or tracking;
• not attempt to spoof GPS data, manipulate attendance logs, use unauthorised third-party tools to circumvent tracking, or otherwise interfere with the integrity of the Services;
• comply with your employer's workplace policies and applicable law.

Fraudulent attendance or location manipulation may result in disciplinary action by your employer and suspension of your access to the Services.

Location & attendance features

When your organisation's attendance configuration requires location, the employee app collects precise GPS data for workforce purposes only.

Punch-in and punch-out

Each punch requires a current GPS reading. Readings with accuracy worse than approximately 80 metres are rejected by the app. Punch-in on the Android app may require background location permission ("Allow all the time") so walkpath recording can continue while you remain on duty.

Tracking while punched in

After punch-in, and until punch-out or the workday is completed, the app records location at intervals set by your organisation (typically every 1–60 minutes). Additional readings may be captured on movement or when the app returns to the foreground.

• Android app: uses a foreground location service with a persistent on-duty notification while punched in, including when the screen is off. Backup location uploads may run if the main app process is stopped.
• Browser / PWA: location collection is limited when the browser tab is backgrounded or the device screen is off. Your employer may require the Android app for reliable walkpath tracking.

Location data is stored on your organisation's servers for attendance path history and, when enabled, transmitted to Firebase Realtime Database for live maps and daily trail views accessible to authorised admins. Tracking stops on punch-out, day completion, or logout.

Service limitations

GPS accuracy and continuity depend on device hardware, network conditions, battery optimisation settings, and permission grants. We do not guarantee uninterrupted or error-free location capture in all environments. The app may record diagnostic events (such as permission denials or GPS failures) to help operate and troubleshoot the Services.

App access, MPIN & biometrics

Employees authenticate with their organisation's domain, username, and password. After first login, they set a password and numeric MPIN. Subsequent app opens require MPIN verification to unlock the session. MPIN values are verified by the server and are not stored in plain text in app storage.

Optional biometric unlock (fingerprint, face, or WebAuthn on supported browsers) may be enabled as a local shortcut after MPIN is configured. Biometric verification is performed by the device operating system or browser; biometric templates are not collected or transmitted to our servers.

The app may register a device identifier for trusted-device login checks. If "Remember Me" is enabled at login, credentials may be stored locally on that device — use only on devices you control.

The employee app does not use the device camera for attendance verification. Profile photos displayed in the app are fetched from your employer's server.

Accounts, acceptable use & subscriptions

Organisations subscribe by plan (for example, headcount band). Commercial terms are agreed between the organisation and VNV Logixpace. Employees generally access the mobile app under their employer's subscription; access may end if employment ends, credentials are revoked, or the subscription lapses.

You agree not to misuse the Services, including by:

• attempting unauthorised access, probing, scraping, or disrupting systems;
• submitting false attendance, spoofing location, or impersonating others;
• sharing credentials, MPINs, or circumventing authentication;
• reverse engineering or interfering with app security or tracking mechanisms;
• using the Services in violation of law or your organisation's policies.

We may suspend or terminate access for breach of these Terms, non-payment by a subscribing organisation, or conduct that risks the security or integrity of the Services.

Third-party services

The Services may depend on third-party providers, including:

• Google Firebase / Firebase Cloud Messaging for push notifications when enabled;
• Firebase Realtime Database for live employee location and daily GPS trails when enabled for your tenant;
• cloud hosting, email, and infrastructure providers used to operate the platform.

Your use of those features may be subject to the third party's terms and policies. We are not responsible for third-party services outside our reasonable control.

Security & disclosure

We use commercially reasonable safeguards, including encryption in transit (HTTPS/TLS) between apps, browsers, and our services. No method of transmission or storage is completely secure. Subscribing organisations must protect admin credentials. Employees should protect passwords and MPINs and report suspected unauthorised access to their employer and, where appropriate, to us via Contact.

We may disclose information where we believe in good faith that disclosure is necessary to:

• comply with a legal obligation, court order, or regulatory request;
• protect the rights, property, or safety of VNV Logixpace, our users, or the public;
• investigate possible wrongdoing in connection with the Services;
• enforce these Terms or agreements with subscribing organisations.

We may share data with vendors who perform services on our behalf (hosting, support, infrastructure). They may access personal data only to perform those services and are expected to protect it appropriately.

Disclaimers, liability & governing law

The Services are provided "as is" and "as available" to the fullest extent permitted by law. We do not warrant uninterrupted, timely, or error-free operation, including uninterrupted GPS capture on all devices or networks.

To the maximum extent permitted by law, VNV Logixpace shall not be liable for any indirect, incidental, special, consequential, or punitive damages, including loss of profits, data, use, or goodwill, arising from your access to or use of the Services.

These Terms are governed by the laws of India. Courts at Hyderabad, Telangana shall have jurisdiction, subject to mandatory protections in your jurisdiction.

Changes & contact

We may update these Terms from time to time. Material changes may be communicated to subscribing organisations. Continued use of the Services after changes take effect constitutes acceptance of the revised Terms.

Questions about these Terms or the Services: contact your organisation's administrator, or reach us via our Contact page.

By using StaffTrakr, you acknowledge that you have read and understood these Terms and our Privacy Policy.

Employee accounts are managed by your organisation's administrator. For account deactivation or data removal after employment ends, see Account & data deletion.