Employee Management Application — How we collect, process, store, and protect your personal information within our organization.
This Privacy Policy ("Policy") governs how Citadel Net Inc. ("Company," "we," "us," or "our") collects, processes, stores, shares, and protects the personal information of authorized employees ("you," "user," or "employee") who access and use the internal Employee Management Application ("Application" or "App"). By accessing or using the Application, you acknowledge that you have read and understood this Policy. This document is intended to be transparent, comprehensive, and compliant with applicable data protection laws.
This Application is a closed, enterprise-only system. There is no public access, no self-registration, and no use of data for commercial purposes such as advertising. All data collection is strictly limited to what is necessary for the legitimate management of workforce operations.
This Policy applies to all individuals who are granted access to the Application, including:
This Policy governs the collection and processing of personal data by the Application across all supported platforms, including Android and iOS mobile applications, and any associated web interfaces or administrative dashboards. It covers data collected automatically (such as attendance records and device logs) as well as data submitted voluntarily by users (such as messages and uploaded images).
This Policy does not cover:
No Public Access: This Application is strictly for internal organizational use. There is no public sign-up, trial access, or guest login. All accounts are created solely by authorized HR or Admin personnel.
We collect only the minimum information necessary to operate the Application and manage workforce functions. Below is a detailed breakdown of each category of data collected, the specific fields involved, and the reasons for collection.
When an HR or Admin officer creates an employee account, the following data is entered into the system:
Attendance tracking is a core function of this Application. The following data is collected to record, validate, and audit attendance:
The Application includes internal messaging and module-based communication features. The following data may be collected:
To ensure Application stability and compatibility, the following technical information is collected:
What We Do Not Collect: We do not collect contact lists, SMS history, browsing history, call logs, microphone audio, or any data unrelated to the Application's core workforce management functions. We do not use your data for advertising, profiling, or resale.
Location data is one of the more sensitive categories of personal data we collect. This section provides a complete and transparent explanation of how, when, and why location access is used.
Location data is accessed only during the following defined scenarios:
Location is not accessed continuously, is not tracked in real time throughout the workday, and is not accessed outside the above-defined attendance windows.
Geofencing is a virtual geographic boundary defined around a designated office or site location. When an attendance event is triggered, the Application compares the employee's current GPS coordinates to the defined geofence boundary:
Background location access is required because automated attendance attempts are designed to occur even when the Application is running in the background or has not been manually opened by the employee. Without background location access, the automatic attendance feature cannot function — requiring employees to manually open the Application at precise times to mark attendance, which is operationally impractical.
This permission is used narrowly and only during the scheduled windows described in Section 3.2. It is not used for live tracking, surveillance, or any purpose beyond automated attendance validation.
We explicitly confirm: No live tracking is performed. The Application does not monitor or record the employee's movements throughout the day. Location is captured as a point-in-time reading during attendance events only, not as a continuous stream.
| Scenario | Data Stored | Retention |
|---|---|---|
| Employee within geofence | Attendance status only; coordinates not retained | Indefinite (attendance record) |
| Employee outside geofence | GPS coordinates, timestamp, validation status | 2 years |
| Failed attendance attempt | Timestamp, error status, optional coordinates | 2 years |
The Application supports biometric authentication as a convenient and secure method for employees to log in. This section explains exactly how biometric data is handled.
The Application uses the device-native biometric authentication APIs provided by iOS (Face ID / Touch ID via LocalAuthentication framework) and Android (BiometricPrompt API). These APIs work entirely within the operating system's secure enclave:
Your biometric data never leaves your device. Our servers have no capability to store, access, or process fingerprint or facial recognition data. Authentication happens entirely between you and your device's operating system.
Biometric authentication is optional. Employees can choose to enable or disable this feature within the Application's settings at any time. Disabling biometric login does not affect access to the Application — employees can continue to log in using their email and password credentials.
Camera access is requested exclusively for the following purposes:
The camera is not used for attendance verification, facial recognition, or any form of biometric identification. There is no "selfie check-in" or photo-based attendance feature.
By uploading an image through the Application, the employee acknowledges that the image will be stored and may be viewed by authorized personnel in connection with the relevant work activity. Employees should not upload images containing sensitive personal information unrelated to their work duties.
The Application requests certain device permissions to function correctly. Each permission is described below along with a clear justification for its necessity.
| Permission | Purpose | Required? |
|---|---|---|
| Foreground Service | Runs a persistent process during attendance validation windows to ensure reliable geofencing and check-in processing even if the device's OS attempts to suspend background tasks | Required |
| Post Notifications | Sends attendance reminders, module updates, and internal message alerts to the employee's device | Required |
| Vibration | Provides haptic feedback for incoming notifications and alerts, complementing visual and audio indicators | Optional |
| Internet Access | Required for all communication between the Application and backend servers, including login, attendance syncing, messaging, and data retrieval | Required |
| Network State Access | Allows the Application to check network connectivity before attempting data sync, preventing failed requests and unnecessary battery usage | Required |
| Ignore Battery Optimizations | Prevents the Android OS from suspending geofencing and attendance services during battery-saving modes, which would prevent automatic attendance marking from functioning reliably | Required |
| Wake Lock | Temporarily prevents the device CPU from sleeping during critical operations such as processing a scheduled notification or completing an attendance sync request; released immediately after the task completes | Required |
| Camera | Used to capture images for upload within messaging and module documentation features (see Section 5) | On Use |
| Fine Location | Provides high-accuracy GPS coordinates for geofence validation during attendance events (see Section 3) | Required |
| Background Location | Enables automatic attendance attempts during scheduled windows when the App is not in the foreground (see Section 3) | Required |
No permissions are requested beyond those listed above. The Application does not request access to contacts, microphone, call logs, calendar, storage outside of image uploads, or any other system resource not directly related to its workforce management functions.
All data collected through the Application is used exclusively for the following organizational purposes:
We do not use your personal data for: advertising or marketing to third parties, selling or renting data to external organizations, building behavioral profiles for commercial use, or any purpose unrelated to legitimate workforce management.
We do not sell, rent, or trade employee personal data. Sharing is limited to the following circumstances:
We engage third-party service providers who process data on our behalf under strict contractual obligations. These providers include:
We may disclose personal data if required to do so by applicable law, court order, regulatory requirement, or to protect the Company's legal rights. In such cases, we will disclose only the minimum information necessary to satisfy the legal obligation.
In the event of a merger, acquisition, or transfer of Company assets, employee data may be transferred to the successor entity, subject to equivalent or stronger privacy protections as outlined in this Policy.
We retain personal data only for as long as is necessary for the purposes described in this Policy, or as required by law. The following retention schedules apply:
| Data Category | Retention Period | Reason |
|---|---|---|
| Attendance Records | Indefinitely, unless Company policy is revised | Payroll compliance, labor law obligations, and historical workforce management |
| Messages & Uploaded Images | 7 years | Operational and legal record-keeping requirements |
| Location Data (outside geofence) | 2 years | Audit trail for attendance disputes and compliance verification |
| Device & System Logs | Based on operational necessity (typically 90–180 days) | Technical troubleshooting and security monitoring |
| Account Information | Duration of employment + offboarding period | Active workforce management; archived per HR policy after separation |
| Session Tokens | Duration of active session; expire upon logout or inactivity | Secure authentication; not retained after expiry |
When retention periods expire, data is securely deleted or anonymized in a manner that prevents reconstruction of personal information. Deletion schedules are reviewed periodically and may be adjusted to reflect changes in applicable law or Company policy.
When an employee separates from the Company — whether through resignation, termination, retirement, or contract completion — the following process is followed:
Following offboarding, historical records — including attendance logs, messages, and activity data — are retained in accordance with the Data Retention Policy in Section 9. This data may be required for payroll reconciliation, legal proceedings, compliance audits, or statutory labor record-keeping obligations.
Employees who wish to request deletion of their personal data upon separation may contact HR or the Application Administrator. Deletion requests will be honored to the extent permissible under applicable law; certain records may be required to be retained regardless of deletion request (e.g., attendance records required by labor law).
We take the security of employee personal data seriously. Our infrastructure and practices are designed to protect data against unauthorized access, alteration, disclosure, or destruction.
Our backend infrastructure is hosted on Amazon Web Services (AWS), one of the world's leading cloud platforms with extensive security certifications. Services used include:
No system is entirely immune to security risks. While we implement industry-standard safeguards, employees are also responsible for protecting their login credentials, not sharing account access, and logging out of the Application when using shared devices.
The Application integrates with a limited number of third-party services necessary for its operation. These integrations are listed below along with a description of how each service interacts with employee data.
| Service | Purpose | Data Shared |
|---|---|---|
| Firebase Cloud Messaging (FCM) | Delivers push notifications (attendance reminders, message alerts, module updates) to Android and iOS devices | Device push token only; no personal data or message content |
| Expo Notification Services | Cross-platform notification delivery layer used with Expo-based builds | Device push token only |
| Google Maps (future integration) | Will be used to render geofence zones on the administrative setup interface for office location configuration | Anonymized map data and coordinates; no employee personal data |
| Amazon Web Services (AWS) | Cloud infrastructure hosting for compute, database, and file storage | All application data as described in Section 2; governed by AWS Data Processing Agreements |
No analytics SDKs, behavioral tracking tools, or advertising networks are integrated into this Application. We do not use any service whose business model depends on monetizing user data.
Employees have specific rights with respect to their personal data processed by the Application. The availability and scope of these rights may vary based on applicable law and your jurisdiction.
You have the right to request a summary of the personal data we hold about you, including your attendance history, account information, and any stored location data. Requests can be directed to HR or the Application Administrator.
If you believe your data is inaccurate or incomplete (e.g., an attendance record is incorrectly marked), you may request a correction. HR will review and update records as appropriate after verification.
You may request deletion of your personal data. We will honor deletion requests to the extent permitted by law. Certain data — such as attendance records required for payroll or statutory compliance — may be exempt from deletion under applicable labor law.
You may object to certain types of data processing if you believe we are processing your data in a manner inconsistent with this Policy or your legal rights. Please raise any objections in writing to HR or the Application Administrator.
Under GDPR and certain other data protection frameworks, you may have the right to receive a copy of your personal data in a structured, machine-readable format. Contact the Application Administrator to make such a request.
To exercise any of the rights described above, please contact:
We will acknowledge your request within 5 business days and aim to fulfill it within 30 days. Complex requests or large volumes may take up to 60 days, in which case we will notify you of the expected timeline.
All personal data processing activities carried out through the Application are grounded in one or more of the following legal bases:
Processing of attendance data, account information, and employee records is necessary for the performance of the employment contract between the Company and the employee. Attendance tracking, role assignment, and communication tools are integral to the employment relationship.
The Company has a legitimate interest in managing its workforce effectively, ensuring operational compliance, verifying attendance through geofencing, and maintaining secure and functional internal communication tools. These interests are balanced against the employee's right to privacy and are proportionate to the purposes described in this Policy.
Certain data processing activities — such as maintaining attendance records, retaining financial and operational documentation, and cooperating with lawful regulatory requests — are required to comply with applicable labor, tax, and corporate governance laws.
For certain features — such as biometric authentication and optional notification preferences — processing is based on the employee's voluntary consent. Consent can be withdrawn at any time without affecting the legality of processing prior to withdrawal.
The Company is committed to aligning its data practices with applicable legal frameworks:
As an Indian enterprise, we align our data processing practices with the DPDP Act. Key obligations include:
Where employees are based in or data is transferred to regions subject to the GDPR, we follow its core principles: lawfulness, fairness and transparency; purpose limitation; data minimization; accuracy; storage limitation; integrity and confidentiality; and accountability.
We periodically review our data practices against evolving legal requirements and will update this Policy as necessary to reflect changes in applicable law or organizational practices.
This Application is designed and intended exclusively for use by authorized adult employees of the Company. We do not knowingly collect, store, or process personal data from individuals under the age of 18. Accounts are created only by HR or Admin personnel in the context of a formal employment relationship, which by law requires that the individual be of legal working age in their jurisdiction.
If it is ever discovered that personal data has been inadvertently collected from a minor, we will take immediate steps to delete such data and review how the situation arose to prevent recurrence.
Despite our security measures, no system is entirely free from risk. In the event of a data security incident, the following process will be followed:
Upon detection of a suspected or confirmed data breach, the responsible technical and administrative personnel will take immediate steps to contain the breach, prevent further unauthorized access, and preserve evidence for investigation.
The nature and scope of the breach will be assessed to determine: what data was affected, how many individuals are impacted, the likely consequences for those individuals, and the root cause of the incident.
Following the incident, we will implement corrective measures to address the root cause, improve security controls, and update policies and procedures as necessary to reduce the risk of recurrence.
Our backend infrastructure is hosted on Amazon Web Services (AWS). AWS data centers are located across multiple regions globally. Data may be processed or stored in regions outside India, including in countries within the United States or European Union, depending on the AWS region configured for our services.
Where data is transferred across borders, we ensure that adequate safeguards are in place, including reliance on AWS's standard contractual clauses and compliance certifications. We will update this Policy if significant changes are made to the regions in which data is processed.
Employees who have questions about where their specific data is stored may contact the Application Administrator.
We reserve the right to update or amend this Privacy Policy at any time to reflect changes in our data practices, applicable laws, or organizational operations. When material changes are made:
We encourage employees to review this Policy periodically. Continued use of the Application following notification of changes constitutes acknowledgment of the updated Policy.
For any questions, concerns, or requests related to this Privacy Policy or the handling of your personal data, please contact:
Application Administrator / Data Contact
Email: prasanna@citadelnetinc.com
Organization: Citadel Net Inc.
Response Time: Within 5 business days
For internal HR-related concerns regarding your employment records, please contact your designated HR representative directly.