Privacy Policy

1. Introduction

Welcome to Klokin ("we," "our," or "us"). We operate the Klokin smart geofence attendance management system with facial recognition technology. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

2. Information We Collect

2.1 Personal Information

When your organization uses Klokin, we may collect:

• Staff Information: Name, employee ID, department, position
• Contact Information: Email address, phone number (for admin users)
• Biometric Data: Facial recognition data for attendance verification
• Location Data: GPS coordinates for geofence verification
• Attendance Records: Clock-in/out times, dates, and locations
• Device Information: Device type, operating system, IP address

2.2 How We Collect Information

We collect information through:

• Direct input by administrators when setting up accounts
• Mobile app usage for attendance recording
• Automated collection during service operation
• Integration with organizational systems (where applicable)

3. How We Use Your Information

We use the collected information for the following purposes:

• Attendance Management: To record and verify staff attendance using geofencing and facial recognition
• Service Operation: To provide, maintain, and improve our attendance management services
• Security & Authentication: To verify user identity and prevent fraudulent attendance
• Reporting & Analytics: To generate attendance reports and provide insights to organizations
• Technical Support: To troubleshoot issues and provide customer support
• Compliance: To comply with legal obligations and organizational requirements

4. Data Protection & Security

4.1 Security Measures

We implement robust security measures to protect your data:

• Encryption: All data transmissions are encrypted using TLS/SSL protocols
• Access Controls: Strict role-based access controls for system administrators
• Biometric Security: Facial recognition data is processed locally where possible and securely transmitted
• Regular Audits: Security audits and vulnerability assessments
• Data Minimization: We collect only necessary data for service operation

4.2 Data Storage

All data is stored on secure cloud servers with:

• Redundant backup systems
• Geographic distribution for disaster recovery
• Compliance with data protection regulations
• Regular security updates and patches

5. Data Sharing & Disclosure

We do not sell your personal information. We may share data in these circumstances:

5.1 With Your Organization

Attendance data and related information is shared with your employing organization as part of our service agreement.

5.2 Service Providers

We may share data with trusted third-party service providers who assist in:

• Cloud hosting and infrastructure
• Data analytics and reporting
• Customer support services
• Security monitoring and compliance

5.3 Legal Requirements

We may disclose information if required by law, such as:

• To comply with legal obligations
• To protect our rights and property
• To prevent fraud or security issues
• To protect the safety of our users

6. Data Retention

We retain data for as long as necessary to provide our services and comply with legal obligations:

• Active Accounts: Data is retained while the organization's account is active
• Account Termination: Data is deleted or anonymized within 90 days of account termination
• Backup Retention: Backups are retained for up to 12 months for disaster recovery
• Legal Requirements: Some data may be retained longer to comply with legal obligations

7. Your Rights

Depending on your location and applicable laws, you may have rights including:

7.1 Access & Correction

You may request access to your personal data and request corrections if inaccurate.

7.2 Deletion

You may request deletion of your data, subject to legal and contractual limitations.

7.3 Objection & Restriction

You may object to certain data processing or request restriction of processing.

7.4 Data Portability

You may request a copy of your data in a structured, machine-readable format.

Note: Since Klokin is an organizational tool, many data requests should be directed to your organization's administrator.

8. Facial Recognition & Biometric Data

8.1 How We Handle Biometric Data

• Facial recognition data is processed locally on the device when possible
• Biometric templates (not actual images) are stored for verification
• We do not share biometric data with third parties except as required by law
• Biometric data is encrypted both in transit and at rest
• Users can opt-out of facial recognition if alternative verification is available

8.2 Compliance with Biometric Laws

We comply with applicable biometric information privacy laws, including:

• Informing users about biometric data collection
• Stating the purpose and retention period
• Obtaining consent where required by law
• Implementing reasonable security measures

9. International Data Transfers

Klokin is a global service, and your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for international data transfers, including:

• Standard contractual clauses
• Adequacy decisions where applicable
• Other legally approved transfer mechanisms

10. Children's Privacy

Klokin is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information.

11. Changes to This Privacy Policy

We may update this Privacy Policy periodically. We will notify users of significant changes by:

• Posting the new Privacy Policy on our website
• Sending notifications to organizational administrators
• Updating the "Last Updated" date at the top of this policy

We encourage you to review this Privacy Policy periodically for any changes.

12. Contact Us