Privacy Policy
This policy explains how Nasaf Systems collects, uses, stores, shares, and protects personal data in the Nasaf Attendance mobile application.
Introduction
Nasaf Systems ("we," "our," or "us") operates the Nasaf Attendance mobile application (the "App"). This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use our workforce attendance management application.
This is a private enterprise application. The App is not intended for the general public. It is distributed exclusively to authorized employees, workers, and site managers of organizations that have contracted with Nasaf Systems for workforce management services. Access to the App requires employer-provisioned credentials and is limited to individuals whose employment has been verified by their organization.
All users of this App are employees or contractors of our client organizations. Your employer has authorized the use of this application as part of your workplace attendance and workforce management processes. By using the App as part of your employment, you consent to the practices described in this Privacy Policy. If you have questions about how your employer uses attendance data, please contact your employer's HR department or site manager directly.
Information We Collect
2.1 Account Information
When your employer registers you in our system, we receive and store:
- Full name
- Email address
- Employee/Worker ID
- Assigned project and role (manager or worker)
2.2 Biometric Data
Our App uses facial recognition technology for secure attendance verification:
- Face Embeddings: We generate mathematical representations (embeddings) of your face using on-device machine learning. These are numerical vectors, not photographs.
- Proof Photos: A photo is captured at each check-in and check-out event for verification and audit purposes.
- Liveness Scores: We compute liveness detection scores to prevent spoofing.
- Match Confidence Scores: The similarity score between your enrolled face and the detected face at check-in/check-out.
2.3 Location Data
When you perform a check-in or check-out, we collect:
- GPS coordinates (latitude and longitude) at the time of the attendance event.
- This data is used solely to verify you are within the designated work site geofence.
We do not track your location continuously or in the background. Location is only captured at the moment of a check-in or check-out action.
2.4 Device Information
We collect limited device information for security and troubleshooting:
- Device model and manufacturer
- Operating system version
- A unique, anonymous device identifier (generated locally)
- App version
2.5 Usage & Crash Data
We use Firebase Analytics and Firebase Crashlytics to collect:
- Anonymous usage patterns (screen views, feature usage)
- Crash reports and diagnostic logs
This data does not contain personally identifiable information and is used exclusively to improve app stability and performance.
How We Use Your Information
We use the information we collect for the following purposes:
| Purpose | Data Used |
|---|---|
| Attendance verification | Face embeddings, proof photos, location, timestamps |
| Identity authentication | Face embeddings, liveness scores, match confidence |
| Work site compliance | GPS coordinates, geofence verification |
| Payroll calculation | Attendance records, timestamps, working hours |
| App security | Device ID, authentication tokens |
| App improvement | Anonymous analytics, crash reports |
| Audit & compliance | Proof photos, attendance logs |
We do not use your data for:
- Advertising or marketing profiles
- Sale to third parties
- Surveillance beyond attendance verification
- Any purpose unrelated to workforce management
Data Storage & Security
4.1 On-Device Storage
- All biometric data stored on your device is encrypted using SQLCipher (AES-256 encryption).
- Authentication tokens are stored in platform-secure storage (Android Keystore / iOS Keychain).
- Biometric embeddings and attendance records are excluded from cloud backups.
4.2 Server Storage
- Data transmitted to our servers uses HTTPS/TLS encryption.
- Server-side data is stored in encrypted databases with access controls.
- Proof photos are stored on secure cloud storage with restricted access.
4.3 Data Retention
- Attendance records: Retained for the duration of your employment and for a period required by applicable labor laws (typically up to 5 years).
- Biometric embeddings: Retained while your account is active. Deleted within 30 days of account deactivation or upon written request.
- Proof photos: Retained for up to 12 months for audit purposes, then automatically deleted.
- Crash logs and analytics: Retained for up to 90 days.
Data Sharing
We do not sell your personal information. We may share data with:
| Recipient | Data Shared | Purpose |
|---|---|---|
| Your employer | Attendance records, timestamps, proof photos | Workforce management, payroll |
| Project managers | Check-in/check-out records for assigned workers | Site management |
| Firebase (Google) | Anonymous crash data, usage analytics | App stability |
| Law enforcement | As required by valid legal process | Legal compliance |
Your Rights
Depending on your jurisdiction, you may have the following rights:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate personal data.
- Deletion: Request deletion of your biometric data and personal information, subject to legal retention requirements.
- Portability: Request a machine-readable copy of your attendance data.
- Withdraw Consent: You may withdraw consent for biometric processing at any time by contacting your employer or us directly. Note that this may affect your ability to use the App for attendance.
To exercise any of these rights, contact us at the address provided in Section 10.
Biometric Data Consent (Specific Jurisdictions)
In jurisdictions with specific biometric privacy laws (including but not limited to the Illinois Biometric Information Privacy Act - BIPA, the EU General Data Protection Regulation - GDPR, and similar regulations):
- We collect facial geometry data solely for workforce attendance verification.
- Your biometric data will not be sold, leased, or traded.
- Your biometric data will be permanently destroyed when the initial purpose for collection has been satisfied, or within 3 years of your last interaction with the App, whichever occurs first (unless a longer retention period is required by law).
- By using the App, you acknowledge and consent to the collection and use of your biometric data as described in this policy.
Children's Privacy
The App is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 18, we will delete it promptly.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by:
- Displaying a notice within the App
- Updating the "Last Updated" date at the top of this document
Your continued use of the App after any changes constitutes acceptance of the updated Privacy Policy.
Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Nasaf Systems
Email: muhamadyusuf@nasaf.com.uz, jahongirmirzotolqinov62gmail.com
Address: Karshi, Qashqadaryo Region, Uzbekistan
Data Protection Officer
For data protection inquiries in accordance with GDPR or equivalent legislation, contact:
Data Protection Officer
Email: muhamadyusuf@nasaf.com.uz, jahongirmirzotolqinov62gmail.com
This Privacy Policy is available in Uzbek (Latin), Uzbek (Cyrillic), Russian, and English within the application.