privacy
# Akoto Verify Privacy Policy
**Last Updated:** December 2024
## 1. Introduction
Akoto Verify ("we", "our", "us") provides a facial recognition-based employee attendance and time tracking system. This Privacy Policy explains how we collect, use, store, and protect personal data when you use our services.
This policy applies to:
- Company administrators (HR/employers)
- Employees using the system for clock-in/clock-out
- Website visitors
## 2. Data Controller
For companies using Akoto Verify, the **employer (company)** is the Data Controller for employee data. Akoto Verify acts as a Data Processor on behalf of the employer.
## 3. Data We Collect
### 3.1 Employee Data
| Data Type | Purpose | Legal Basis |
|-----------|---------|-------------|
| First name, Last name | Employee identification | Legitimate interest / Contract |
| Employee photo | Facial recognition for authentication | Consent / Legitimate interest |
| Facial encoding (128D vector) | Biometric authentication | Explicit consent |
| User ID | System identification | Contract |
| Clock-in/Clock-out times | Attendance tracking | Contract / Legitimate interest |
| Hours worked | Payroll and compliance | Contract |
| Late arrival reasons | Attendance management | Legitimate interest |
### 3.2 Location Data (Optional)
When geolocation tracking is enabled by the employer:
| Data Type | Purpose | Legal Basis |
|-----------|---------|-------------|
| GPS coordinates (latitude/longitude) | Attendance verification | Employer consent + Legitimate interest |
| Street address | Location identification | Employer consent + Legitimate interest |
**Note:** Geolocation is disabled by default. Employers must provide GDPR consent when enabling this feature, confirming they have a lawful basis and have informed employees.
### 3.3 Security Data
| Data Type | Purpose | Legal Basis |
|-----------|---------|-------------|
| Spoofing attempt screenshots | Security and fraud prevention | Legitimate interest |
| Security incident logs | Audit trail and compliance | Legitimate interest |
### 3.4 Company/Administrator Data
| Data Type | Purpose | Legal Basis |
|-----------|---------|-------------|
| Company name | Account identification | Contract |
| HR email address | Communications and reports | Contract |
| HR password (hashed) | Authentication | Contract |
### 3.5 Technical Data
| Data Type | Purpose | Legal Basis |
|-----------|---------|-------------|
| Session tokens (encrypted) | Authentication | Legitimate interest |
| Browser type | Service delivery | Legitimate interest |
| Theme preference | User experience | Consent |
## 4. Special Category Data (Biometric)
Facial recognition data constitutes **special category data** under GDPR Article 9. We process this data based on:
- **Explicit consent** from employees (provided during onboarding)
- **Employment law obligations** (where applicable)
- **Legitimate interests** of the employer for workplace security
### Biometric Data Safeguards
- Facial encodings are stored as 128-dimensional numerical vectors, not images
- Original photos are stored securely and only accessible to authorized HR personnel
- Biometric matching occurs server-side with encrypted transmission
- Face matching threshold: 0.6 Euclidean distance (industry standard)
## 5. How We Use Data
### 5.1 Primary Purposes
- **Authentication**: Verify employee identity via facial recognition
- **Time Tracking**: Record clock-in/clock-out times and calculate hours worked
- **Attendance Management**: Track late arrivals, overtime, and undertime
- **Reporting**: Generate timesheet reports for HR/payroll
- **Security**: Detect and prevent spoofing/fraud attempts
### 5.2 Secondary Purposes
- **Colleague Visibility**: Show currently logged-in colleagues (configurable)
- **Inactive Tracking**: Monitor employees who haven't clocked in (configurable)
- **Location Verification**: Verify employee location at clock-in/out (optional)
## 6. Data Storage and Security
### 6.1 Database Security
- **Encryption**: All sensitive data encrypted at rest
- **Isolation**: Each company's data stored in separate database tables
- **Access Control**: Role-based access (HR can only access their company's data)
- **Password Hashing**: HR passwords hashed with SHA-256
### 6.2 Session Security
- **Memory-Only Sessions**: Sessions stored in RAM only, not persisted to disk
- **AES-256-GCM Encryption**: Session tokens encrypted with 256-bit keys
- **Automatic Expiry**: Admin sessions expire after 30 minutes; employee sessions after 12 hours
- **HTTP-Only Cookies**: Session cookies cannot be accessed via JavaScript
### 6.3 Data Transmission
- **HTTPS**: All data transmitted over encrypted connections
- **Secure Forms**: Form data submitted via POST requests
- **API Security**: Backend API calls authenticated and encrypted
## 7. Data Retention
| Data Type | Retention Period | Deletion Method |
|-----------|------------------|-----------------|
| Employee records | Until deleted by HR | Permanent deletion from database |
| Clock-in/out logs | Company policy (recommended: 2-7 years) | Bulk deletion available |
| Security incidents | 90 days (recommended) | Manual deletion by HR |
| Session data | Until logout or expiry | Automatic memory cleanup |
| Facial encodings | Until employee deleted | Deleted with employee record |
**Note:** Employers are responsible for setting appropriate retention periods in compliance with local employment laws.
## 8. Data Sharing
### 8.1 We Do NOT Share Data With:
- Third-party advertisers
- Marketing companies
- Data brokers
- Social media platforms
### 8.2 Limited Data Sharing:
| Recipient | Data Shared | Purpose |
|-----------|-------------|---------|
| OpenStreetMap Nominatim | GPS coordinates | Address resolution (geolocation only) |
| Stripe | Payment information | Subscription processing |
| SMTP Provider | Email addresses | Report delivery |
### 8.3 Legal Disclosure
We may disclose data if required by law, court order, or to protect our legal rights.
## 9. Data Subject Rights (GDPR)
Employees have the following rights:
### 9.1 Right of Access
- Employees can view their own work logs via the self-service portal
- HR can provide full data export upon request
### 9.2 Right to Rectification
- HR can update employee information
- Employees can request corrections through HR
### 9.3 Right to Erasure ("Right to be Forgotten")
- HR can permanently delete employee records
- Deletion removes all associated data including facial encodings and logs
### 9.4 Right to Restrict Processing
- Employers can disable specific features (geolocation, anti-spoofing, etc.)
- Employees can request HR to restrict certain processing
### 9.5 Right to Data Portability
- Timesheet reports available in Excel and CSV formats
- Data can be exported for transfer to other systems
### 9.6 Right to Object
- Employees can object to processing through their employer
- Employers handle objections as Data Controllers
### 9.7 Rights Related to Automated Decision-Making
- Facial recognition is used for authentication only
- No automated decisions with legal effects are made
## 10. Employer Responsibilities
As Data Controllers, employers using Akoto Verify must:
1. **Inform Employees**: Provide privacy notices about the system
2. **Obtain Consent**: Ensure appropriate consent for biometric processing
3. **Handle Requests**: Respond to employee data subject requests
4. **Set Retention**: Establish appropriate data retention periods
5. **Geolocation Consent**: Confirm lawful basis before enabling location tracking
6. **Security Incidents**: Report breaches to relevant authorities if required
## 11. Cookies and Local Storage
### 11.1 Essential Cookies
| Cookie | Purpose | Duration |
|--------|---------|----------|
| admin_session_{company} | Admin authentication | 30 minutes |
| employee_session_{company} | Employee authentication | 12 hours |
### 11.2 Local Storage
| Key | Purpose | Duration |
|-----|---------|----------|
| theme | Dark/light mode preference | Persistent |
## 12. International Data Transfers
- Primary data storage: [Your hosting region]
- Address resolution: OpenStreetMap servers (global)
- Payment processing: Stripe (US/EU)
Where data is transferred outside the EEA, appropriate safeguards are in place (Standard Contractual Clauses or adequacy decisions).
## 13. Children's Privacy
Akoto Verify is designed for workplace use and is not intended for children under 16. We do not knowingly collect data from children.
## 14. Changes to This Policy
We may update this Privacy Policy periodically. Material changes will be communicated via:
- Email notification to registered HR contacts
- Notice on the application dashboard
## 15. Contact Information
For privacy inquiries or data subject requests:
- **Email**: [Your privacy email]
- **Address**: [Your business address]
For complaints, you may also contact your local Data Protection Authority.
## 16. Technical and Organizational Measures
### 16.1 Security Measures
- ✅ AES-256 encryption for sessions
- ✅ SHA-256 password hashing
- ✅ Memory-only session storage
- ✅ Multi-tenant data isolation
- ✅ Role-based access control
- ✅ Anti-spoofing detection
- ✅ Secure cookie configuration
- ✅ HTTPS enforcement (production)
### 16.2 Organizational Measures
- ✅ Company-specific admin access
- ✅ HR-only employee management
- ✅ Audit trails for security incidents
- ✅ Configurable feature toggles
- ✅ Employee self-service access
## 17. Lawful Basis Summary
| Processing Activity | Lawful Basis | GDPR Article |
|--------------------|--------------|--------------|
| Employee authentication | Legitimate interest | 6(1)(f) |
| Biometric processing | Explicit consent | 9(2)(a) |
| Time tracking | Contract performance | 6(1)(b) |
| Security monitoring | Legitimate interest | 6(1)(f) |
| Geolocation tracking | Employer consent + Legitimate interest | 6(1)(f) |
| Report generation | Contract performance | 6(1)(b) |
| Payment processing | Contract performance | 6(1)(b) |
---
**Akoto Verify** - Secure Employee Attendance Management
*This privacy policy is provided as a template. Employers should customize it according to their specific jurisdiction and legal requirements.*