Privacy Policy

App: Clavis Transaction Login (Beta) • Effective Date: 2025-11-24

Overview

Clavis Transaction Login helps record employee check-in and check-out transactions with secure authentication, optional location stamping, and device-based identification. This beta release is for pre‑production testing in controlled environments.

We designed the app to minimize personal data collection and to use device capabilities only when needed for core functionality.

Data We Collect

Device UID: A cryptographic identifier derived from your device ID using a keyed hash (HMAC/SHA). The raw device ID is not stored in the backend; only the computed UID is used for secure mapping.
Personnel Mapping: When your device is registered, it links to a personnel record (name/surname) on the organization’s server. This mapping is controlled by your organization.
Attendance Events: Check‑in/out direction, timestamp, and optionally latitude/longitude at the moment of the action.
Configuration: Server API URL and basic app settings (e.g., onboarding completion, entry/exit cooldowns).
Technical Logs: Request/diagnostic logs may be kept by the server for operational and security purposes (typically daily log files retained up to ~30 days).
QR Content: QR codes are used to configure the app (e.g., API URL). They do not contain personal data beyond configuration values.

How We Use Your Data

Access Control: Verify device/personnel and record check‑in/out transactions.
Audit & Compliance: Maintain accurate attendance logs, optionally with location for proximity verification.
Operations: Improve reliability and security (e.g., troubleshoot network issues via technical logs).

Permissions & Sensors

Camera: Used only to scan QR codes for quick setup (API URL, configuration). The app does not capture or store photos/videos, and camera frames are not sent to third parties.
Biometrics (Face ID / Touch ID): Used for secure app access when supported by the device. Biometric verification is performed on‑device by the OS; the app does not collect, store, or transmit biometric data. If biometrics are unavailable, the prompt is skipped.
Location (Foreground‑Only): Requested at the moment of check‑in/out to attach latitude/longitude to that specific transaction. The app does not track location in the background or continuously.

Storage & Offline Behavior

On Device: Configuration, last status, and pending offline events are stored locally (encrypted storage where available). Offline events are sent automatically when connectivity is restored.
On Server: Attendance records (including optional location) are stored by your organization according to its policies.

Security

Transport: Data is transmitted over the network to your organization’s servers. Secure transport (HTTPS) is recommended and typically enforced in production environments.
Tokens: Time‑limited access tokens may be used to authenticate requests.
UID Design: UID is derived using cryptographic hashing to avoid storing raw device identifiers on the server.

Sharing & Transfers

No Sale: We do not sell personal data.
Internal Use: Attendance and configuration data are shared within the organization strictly for access control, audit, and operational purposes.
Third Parties: The app does not share camera frames, biometric data, or continuous location with third parties.

Retention

Attendance: Retained by your organization per HR/compliance policies.
Technical Logs: Daily server logs are typically retained for a limited period (e.g., ~30 days) for diagnostics and security.
Offline Events: Removed from the device after successful delivery.

Children’s Privacy

This app is intended for use by authorized employees/contractors of the organization. It is not directed to children.

Changes to This Policy

We may update this policy to reflect improvements or regulatory changes. The latest version and effective date will be provided with each release.

Contact

For questions or requests (access, correction, deletion), contact your organization’s IT/HR administrator or privacy office.

This beta release is for evaluation purposes. Production deployments should be accompanied by organization‑specific privacy notices and security controls.