Privacy Policy

1. Who we are

ClockMate is a face-recognition attendance platform operated by an individual developer in Australia. We act as a data processoron behalf of the companies that subscribe to ClockMate (the “data controllers”), and as data controller for our own platform-level accounts (administrators).

2. Data we collect

For employees enrolled by a customer company:

• Identification: full name, email, role, department, employer (companyId)
• Biometric data: a single facial image captured at enrollment, plus the facial-feature vector extracted from it by Amazon Rekognition. Biometric data is classified as “sensitive personal data” under LGPD art. 5 II and as “sensitive information” under the Australian Privacy Act (APP 3.3).
• Attendance records: clock-in and clock-out timestamps, match confidence score, device ID
• Portal access (optional): a Cognito user account linked to the employee record

For administrators (you):

• Account: email, hashed password, group memberships (role)
• Action audit log: every administrative action you take (creating companies, enrolling faces, exporting reports, etc.) along with timestamp, source IP, and user agent
• System logs: Lambda execution logs in CloudWatch (no PII beyond what you submit in requests)

3. Why we collect it

• Operate the attendance tracking service requested by your employer
• Identify employees clocking in and out via facial match
• Generate payroll-period reports for your employer
• Protect the platform against abuse (rate limiting, anomaly alerts)
• Comply with our legal obligations (audit log retention)

4. Legal basis

• LGPD (Brazil): consent under art. 11 §1 for biometric data; legitimate interest of the employer (art. 7 IX) for non-sensitive payroll-related data.
• Privacy Act (Australia): consent under APP 3.3 for sensitive (biometric) information; employer’s legitimate purpose for non-sensitive information.

By signing in to ClockMate or having your face enrolled by your employer, you acknowledge this policy and consent to the processing described here.

5. How long we keep it

• Enrollment face images (S3): 30 days after upload (auto-deleted by lifecycle policy)
• Face feature vectors (Rekognition): retained for as long as the employee is active
• Attendance records: 2 years after the event (auto-deleted by table TTL)
• Administrative audit log: 5 years after the event
• Account credentials: until the account is deleted

6. Where it’s stored

All data is processed and stored on Amazon Web Services in the ap-southeast-2 (Sydney, Australia) region. Storage at rest is encrypted (S3 SSE, DynamoDB SSE, Cognito-managed).

• Privacy Act (Australia): data is stored within Australia. No cross-border disclosure of personal information takes place.
• LGPD (Brazil): for Brazilian users this constitutes an international transfer, justified under art. 33 V (consent) and AWS’s contractual safeguards.

AWS is our sole sub-processor. We do not sell, rent, or share your data with any other third party.

7. Your rights

You have the right to:

• Confirm whether we hold data about you and request a copy
• Have inaccurate data corrected
• Request deletion (we will remove face images, attendance records, and your account; legally-required audit entries are retained per section 5)
• Withdraw your consent at any time (results in deletion as above)
• Request your data in a portable format
• Lodge a complaint with a supervisory authority:
  • Brazil: ANPD (Autoridade Nacional de Proteção de Dados)
  • Australia: OAIC (Office of the Australian Information Commissioner)

To exercise any of these rights, email privacy@clockmate.example. We aim to respond within 15 days (LGPD) and 30 days (Privacy Act). If you ask us to delete data, we will confirm completion in writing.

8. Security

We follow these technical measures (mapped against the ACSC Essential 8 and APP 11 “reasonable steps”):

• TLS in transit (CloudFront-issued certificate)
• AES-256 encryption at rest on all object and database stores
• Per-tenant Rekognition collections (face data from one company cannot match against another’s)
• Versioning + 30-day rollback window on the storage bucket
• DynamoDB point-in-time recovery on all tables (35-day window)
• Least-privilege IAM roles; append-only audit log permissions
• Email alerts on Lambda errors and API 5xx spikes
• Account-level Lambda concurrency cap as DoS guardrail

MFA on administrator accounts is on our short-term roadmap.

9. Data breach notification

If a security incident affects your personal data and is likely to result in risk to your rights, we will notify you and the relevant supervisory authority (ANPD or OAIC) without undue delay, per LGPD art. 48 and the Australian Notifiable Data Breaches scheme.

10. Changes to this policy

We may update this policy as the platform evolves. Material changes will bump the version string (shown at the top of this page). The version current at the time of your face enrollment is recorded against your record so we can prove which text you agreed to.

11. Contact

For any privacy question, request, or complaint, email privacy@clockmate.example.