Summary: AbsensiQR collects biometric (face), location, and account data solely for employee attendance verification. We do not sell your data to third parties. Biometric data is used exclusively for identity verification and is not shared outside your organization.
This Privacy Policy describes how AbsensiQR ("we", "us", or "our") collects, uses, and protects information when you use our employee attendance management platform, including our web application (app.absensiqr.xyz) and our Android face detector application (the "Face Detector App"). By using our services, you agree to the practices described in this policy.
1 Information We Collect
We collect the following categories of information depending on your role (Company Administrator or Employee):
| Category |
Data Collected |
Who It Applies To |
| Account Information |
Full name, email address, password (hashed) |
Admins & Employees |
| Biometric / Face Data |
Enrolled face photo (profile), face capture images taken at check-in |
Employees |
| Location Data |
GPS coordinates at the moment of check-in / check-out |
Employees |
| Attendance Records |
Check-in time, check-out time, attendance status, checkout notes |
Employees |
| Device Information |
Device token for Face Detector App authentication |
Face Detector App |
| Usage Data |
Login timestamps, session tokens (hashed), app interactions |
Admins & Employees |
2 How We Use Your Information
We use the information we collect for the following purposes:
- Attendance verification — to confirm that the correct employee is checking in at the correct location and time.
- Identity authentication — to verify your identity using face recognition before recording attendance.
- Location validation — to ensure check-ins occur within the designated office radius defined by your employer.
- Attendance reporting — to generate attendance summaries, daily records, and reports for company administrators and HR.
- Account management — to create and manage user accounts, send invitations, and process password resets via email.
- Service operation — to operate, maintain, and improve the platform.
- Security — to detect and prevent fraudulent attendance entries, unauthorized access, and abuse.
We do not use your data for advertising, profiling unrelated to attendance, or any purpose beyond operating the attendance management service.
3 Biometric Data & Face Recognition
Important — Biometric Data: Face images and biometric data are sensitive personal information. We treat this data with the highest level of care and use it exclusively for attendance identity verification within your organization.
What we collect:
- Enrolled photo: A reference photo of the employee uploaded at the time of registration. This is used as the baseline for identity comparison.
- Check-in face capture: A photo taken at the moment of each check-in attempt. This image is compared against the enrolled photo to verify identity.
How face recognition works:
- When an employee scans a QR code to check in, a photo is captured by the Face Detector App or the employee's device camera.
- The captured image is compared against the employee's enrolled photo using an AI-based face recognition model (DeepFace with ArcFace) to confirm identity.
- The comparison result (match / no match) is used to approve or flag the attendance entry.
- Face matching is performed server-side in an isolated processing environment.
Data handling:
- Face images are stored in a secure, access-controlled cloud storage environment.
- Only authorized company administrators and the automated verification system can access face images.
- Face images are not shared with third parties, used for any purpose other than attendance verification, or used to train external AI models.
- Face images associated with an employee are deleted when the employee account is removed from the system.
Consent: Employees are enrolled into the face recognition feature by their employer as part of the attendance management setup. By using the app and completing enrollment, employees acknowledge the collection and processing of their face data for attendance purposes. Employees should contact their company administrator if they have questions about their organization's use of this feature.
4 Location Data
The AbsensiQR employee app requests access to your device's GPS location only at the moment of check-in or check-out. Location data is used to verify that you are physically present within the designated office area before recording attendance.
- Location is collected as a single GPS coordinate at the time of the attendance event — we do not continuously track your location.
- Your location is compared against the office GPS coordinates and radius configured by your company administrator.
- GPS coordinates at the time of check-in are stored as part of the attendance record for audit purposes.
- We do not share location data with third parties or use it for any purpose beyond attendance validation.
Background location: We do not request background location access. Location is only accessed when you actively initiate a check-in or check-out action within the app.
5 Camera & Device Permissions
The AbsensiQR Face Detector App (Android) and the employee web app may request the following device permissions:
| Permission |
Purpose |
App |
| Camera |
Capture face images for identity verification at check-in; scan QR codes for attendance |
Face Detector App & Employee PWA |
| Location (Fine) |
Verify GPS position at the moment of check-in or check-out |
Employee PWA |
| Internet |
Communicate with the AbsensiQR server to submit attendance and receive real-time updates |
Both |
Permissions are used solely for the stated purposes. You can revoke permissions at any time through your device settings, though doing so may prevent the app from functioning as intended.
6 Data Sharing & Disclosure
We do not sell, rent, or trade your personal information. We may share data in the following limited circumstances:
- Within your organization: Attendance records are accessible to authorized company administrators and HR personnel within your employer's account.
- Service providers: We use trusted third-party cloud infrastructure providers to host and operate the platform. These providers process data only on our behalf and under strict data processing agreements.
- Legal requirements: We may disclose information if required to do so by law or in response to valid legal process (e.g., a court order or government request).
- Safety: We may disclose information when necessary to protect the rights, property, or safety of AbsensiQR, our users, or the public.
We do not share biometric or face recognition data with any third party under any circumstances, except as required by law.
7 Data Retention
We retain your data for as long as your account is active or as needed to provide the service:
- Attendance records: Retained for the duration of the employment relationship and for a reasonable period thereafter as required by your employer or applicable law.
- Face images (enrolled photo): Retained while the employee account is active. Deleted upon account deletion.
- Face images (check-in captures): Stored as part of the attendance record. Retained in line with the attendance record retention period.
- Account data: Retained while the account is active and for a reasonable period after account closure for legal and audit purposes.
- Authentication tokens: Refresh tokens expire after 7 days. Password reset tokens expire after 1 hour.
Company administrators may request deletion of employee data in accordance with their organization's data retention policies.
8 Data Security
We implement appropriate technical and organizational measures to protect your personal information:
- All data is transmitted over encrypted HTTPS/TLS connections.
- Passwords are never stored in plain text — they are stored using strong cryptographic hashing.
- Authentication uses short-lived JWT access tokens (15 minutes) and secure opaque refresh tokens (7 days, SHA-256 hashed in the database).
- Password reset tokens are single-use and expire after 1 hour; raw tokens are never stored server-side.
- Access to personal data is restricted on a role-based basis (system admin, company admin, employee).
- Biometric data is stored in access-controlled cloud storage separate from the main application database.
- Rate limiting is applied to sensitive operations (e.g., password reset requests are limited to once per 15 minutes per user).
While we take reasonable steps to protect your data, no system is completely secure. If you suspect a security breach, please contact us immediately at info@absensiqr.xyz.
9 Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Access: You may request a copy of the personal data we hold about you.
- Correction: You may request that inaccurate or incomplete data be corrected.
- Deletion: You may request deletion of your personal data, subject to legal and contractual obligations.
- Objection / Restriction: You may object to or request restriction of processing in certain circumstances.
- Data portability: You may request your attendance data in a commonly used, machine-readable format (CSV/Excel export).
- Withdraw consent: Where processing is based on consent (e.g., face recognition enrollment), you may withdraw consent at any time by contacting your company administrator.
To exercise these rights, contact your company administrator or reach us directly at info@absensiqr.xyz. We will respond within 30 days.
10 Children's Privacy
AbsensiQR is an enterprise employee attendance management service intended for use by adults in a professional employment context. Our services are not directed at children under the age of 13 (or the applicable age of digital consent in your jurisdiction).
We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will take steps to delete such data promptly. If you believe a child has submitted data to our service, please contact us at info@absensiqr.xyz.
11 Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will:
- Update the "Last updated" date at the top of this page.
- Notify company administrators via email when changes are significant.
We encourage you to review this policy periodically. Your continued use of AbsensiQR after changes are posted constitutes acceptance of the updated policy.
12 Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us: