Privacy Policy

This Privacy Policy applies to all personal information that ClockTap collects, processes, and stores in connection with your use of the Service. It applies to account holders, authorized end users invited by an account holder (such as employees and store staff), and visitors to our website.

When you use the Service to process personal information about your employees or other individuals (for example, attendance records and schedules), you act as the Personal Information Controller and ClockTap acts as your Personal Information Processor. This Privacy Policy primarily describes how we handle personal information for which ClockTap is the Personal Information Controller. The processing of personal information that you upload to the Service is further governed by our Terms and Conditions.

The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact our Data Protection Officer so that we can take appropriate action.

We collect personal information that you provide directly to us, that we generate or infer through your use of the Service, and that we receive from third parties (such as our authentication and payment providers).

2.1 Account Information

When you register for or are invited to a ClockTap account, we collect your name, email address, mobile number (where provided), organization name, role, store or location assignment, and your account credentials. Account credentials are managed through our authentication provider and are stored in hashed form; we do not have access to your plain-text password.

2.2 Attendance and Operational Data

In the ordinary course of providing the Service, we process attendance and operational data, including clock-in and clock-out timestamps, scheduled shifts, breaks, leave and overtime requests, store or location assignments, and related notes. Where you enable optional features (for example, kiosk capture or geolocation tagging), we may also process device identifiers and approximate location at the time of the event.

2.3 Billing Information

For paid plans, we and our payment processors collect billing name, address, tax identification number where applicable, and payment instrument details. We do not store full payment card numbers on our servers; card data is handled by our PCI-DSS compliant payment processors.

2.4 Automatically Collected Information

When you access the Service, we automatically collect information about your device, browser, and use of the Service, including IP address, device identifiers, browser type and version, operating system, referring and exit pages, pages visited, features used, time zone, and approximate location derived from IP address. We use this information to operate, secure, analyze, and improve the Service.

2.5 Communications

When you contact us for support, feedback, or other inquiries, we collect the content of your communications and any information you choose to provide, together with our responses.

We collect, use, and process personal information only on lawful bases recognized under the Data Privacy Act, including: (a) your consent; (b) the necessity of the processing to fulfill our contract with you, including the provision of the Service; (c) compliance with a legal obligation to which ClockTap is subject; (d) the protection of vitally important interests; (e) the legitimate interests pursued by ClockTap or by a third party, except where such interests are overridden by your fundamental rights and freedoms; or (f) when otherwise permitted under the Data Privacy Act.

We use personal information to: (i) provide, operate, secure, and improve the Service; (ii) create, authenticate, and manage your account; (iii) process payments and send billing communications; (iv) provide customer support and respond to inquiries; (v) send service notices, security alerts, and administrative messages; (vi) with your consent where required, send marketing communications about our products and offerings; (vii) detect, prevent, and respond to fraud, abuse, and security incidents; (viii) conduct analytics, research, and product development; and (ix) comply with legal obligations and enforce our agreements.

We will not use your personal information for purposes that are incompatible with those described above without first obtaining your consent or otherwise providing notice as required by law.

ClockTap implements reasonable and appropriate organizational, physical, and technical security measures to protect personal information against accidental or unlawful destruction, alteration, unauthorized disclosure, or any other unlawful processing, as required by the Data Privacy Act and its Implementing Rules and Regulations.

These measures include role-based access controls, the principle of least privilege, encryption of personal information in transit, secure software development practices, vulnerability management, audit logging, regular backups, and a documented incident response program. Personnel with access to personal information are bound by confidentiality obligations and receive periodic training on data protection.

We retain personal information only for as long as necessary to provide the Service, comply with our legal obligations, resolve disputes, and enforce our agreements. Account information is generally retained for the duration of your account and for a reasonable period thereafter. After this period, personal information is deleted or de-identified, except where retention is required by law or for the establishment, exercise, or defense of legal claims.

No method of transmission over the internet or method of electronic storage is completely secure. While we work hard to protect your personal information, we cannot guarantee its absolute security.

We and our service providers use cookies, web beacons, local storage, and similar technologies to operate, secure, and analyze use of the Service. Essential cookies are strictly necessary for the Service to function, including for authentication, session management, and security. We use analytics cookies to understand how the Service is used so that we can improve it.

You can control non-essential cookies through your browser settings or, where available, through in-product preferences. Disabling certain cookies may affect the availability or functionality of the Service.

Some web browsers transmit "Do-Not-Track" signals. Because there is no consistent industry standard for how to respond to these signals, we do not currently respond to them.

We engage trusted third-party service providers to help us operate the Service, including providers of cloud hosting, database, authentication, payments, email delivery, customer support, and analytics. These providers process personal information on our behalf and on our documented instructions, and only as necessary to perform their services. They are bound by written agreements consistent with the Data Privacy Act.

Some of our service providers are located outside the Philippines. When personal information is transferred across borders, we apply appropriate safeguards consistent with the Data Privacy Act and NPC issuances, including contractual commitments by recipients to protect personal information at a standard substantially similar to that required under Philippine law.

In addition to our service providers, we may disclose personal information: (a) when required by law, regulation, court order, subpoena, or other valid legal process; (b) to government or regulatory authorities, including the NPC, where required or permitted by law; (c) to protect the rights, property, or safety of ClockTap, our users, or the public; (d) in connection with a merger, acquisition, financing, reorganization, sale of assets, or similar transaction, subject to standard confidentiality undertakings; and (e) with your consent or at your direction.

The Service may contain links to third-party websites or services that are not operated by ClockTap. This Privacy Policy does not apply to those websites or services, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party websites or services that you access.

Subject to the Data Privacy Act and applicable exceptions, you have the following rights with respect to your personal information:

(a) Right to be informed about whether personal information pertaining to you is being or has been processed, including the contents, purposes, recipients, methods, and scope of such processing.

(b) Right to access your personal information upon reasonable demand.

(c) Right to object to the processing of your personal information, including processing for direct marketing or automated processing.

(d) Right to dispute and rectify any inaccurate or erroneous personal information.

(e) Right to suspend, withdraw, or order the blocking, removal, or destruction of personal information that is incomplete, outdated, false, unlawfully obtained, used for unauthorized purposes, or no longer necessary for the purposes for which it was collected.

(f) Right to data portability, where applicable, to obtain a copy of your personal information in an electronic or structured format that is commonly used and allows for further use.

(g) Right to be indemnified for damages sustained due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of your personal information.

(h) Right to lodge a complaint with the National Privacy Commission. More information is available at https://www.privacy.gov.ph.

To exercise any of these rights, please contact our Data Protection Officer at privacy@avit.dev. We may need to verify your identity before responding to your request. Certain rights are subject to limitations and exceptions under the Data Privacy Act, and some rights may not be available where the processing is necessary for compliance with a legal obligation, the performance of a contract, or other lawful purposes.

We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable law. When we make material changes, we will post the updated Privacy Policy on this page, update the "Last updated" date above, and where appropriate notify you by email or through the Service. Your continued use of the Service after the effective date of the updated Privacy Policy constitutes your acceptance of the changes.

If you have any questions, comments, or concerns about this Privacy Policy or our handling of your personal information, or if you wish to exercise any of your rights under the Data Privacy Act, please contact our Data Protection Officer at privacy@avit.dev. For general inquiries, you may also reach us at support@avit.dev.

You may also contact the National Privacy Commission directly. More information about your rights and how to file a complaint is available at https://www.privacy.gov.ph.