Haajri (“we”, “us”, “our”) provides workforce attendance, shift management and compliance tools for employers. We are committed to protecting personal data and handling it in accordance with applicable laws, including the Digital Personal Data Protection Act, 2023 (India) and, where relevant, the GDPR.
Scope & Roles
This policy applies to data processed through our websites, mobile apps, kiosks and dashboards. For employee/worker data handled on behalf of your employer or contracting agency, your employer is typically the data controller and Haajri is a data processor. For website visitors and our own business contacts, Haajri acts as a controller.
Data We Collect
- Account & Contact: name, email, phone, company/agency, role.
- Employment/Workforce: worker ID, contractor/agency mapping, site assignments, shift, leave and policy settings.
- Attendance: clock-in/out records, device identifiers, timestamps, audit logs.
- Facial Verification (where enabled): a face capture and/or derived biometric template used solely to verify identity and prevent fraud. Templates are encrypted at rest and in transit. Raw captures, if taken, are retained only for short troubleshooting windows or as instructed by the employer.
- Location (geofence): device location at the moment of punch-in/out (and optional movement events if configured) to verify on-site presence; continuous background tracking is not performed unless explicitly enabled by the employer.
- Compliance & Payroll: policy outcomes (late marks, OT, half-day, etc.), wage calculations and reports generated for payroll and statutory filings.
- Device & Usage: app and OS version, IP address, performance metrics, crash and diagnostic logs, cookies/SDK events on web and app.
- Optional Docs: documents your employer requires (e.g., IDs, forms) for onboarding or compliance.
How We Use Data
- Provide attendance, shift, leave and site management features.
- Prevent fraud and ensure on-site presence using face verification and geofencing.
- Generate payroll-ready, statutory and management reports.
- Support onboarding, transfers and contractor management.
- Secure, monitor and improve our services (analytics, troubleshooting, product R&D).
- Communicate about service changes, incidents and support.
- Comply with legal obligations and enforce terms.
Lawful Bases / Consent
Depending on jurisdiction, we process data based on one or more of: performance of a contract, legitimate interests (e.g., fraud prevention, service security), legal obligation, and consent (e.g., camera/location permissions, certain biometric uses). Where consent is the basis, it can be withdrawn at any time via device settings or through your employer’s administrator, without affecting prior processing.
Facial Verification & Geolocation Safeguards
- Purpose limitation: used only for identity verification and attendance integrity.
- Data minimisation: templates, not full images, are stored whenever possible.
- Short retention: raw images (if captured) are deleted after verification/troubleshooting; templates are retained only while needed for attendance and fraud prevention or as instructed by the employer.
- Granular collection: location captured at punch events to validate geofence; continuous tracking is off by default.
Sharing & Transfers
- Service providers: secure hosting, communications, analytics, and support vendors under written contracts.
- Integrations: HRMS/ERP, payroll, and data hubs as configured by your employer (data flows are controlled by the employer’s settings).
- Legal: law-enforcement or regulators when required by applicable law.
- Corporate events: business transfers subject to continued protection of personal data.
Where data is transferred across borders, we use appropriate safeguards (e.g., contractual clauses or DPDP/GDPR-compatible mechanisms) and assess vendor practices.
Retention
We retain personal data only for as long as necessary to provide the services and meet legal, accounting or reporting requirements. Typical operational retention: attendance/shift records and audit logs are retained for the period directed by the employer (commonly 12–36 months) or as required by labour/compliance laws. Employer administrators can request export or deletion pursuant to policy and law.
Security
- Encryption in transit (TLS) and at rest for sensitive data (including biometric templates).
- Role-based access controls, least privilege and multi-factor protection for admin users.
- Network segmentation, monitoring, logging and incident response procedures.
- Vendor due diligence and contractual security obligations.
Your Choices & Rights
- Device permissions: you can manage camera and location permissions in your device settings; some app features may require these to function.
- Access, correction, deletion: for employee data, contact your employer’s administrator; we will support the controller in fulfilling requests. For website/controller data, contact us directly.
- Objections & restrictions: where applicable by law, you may object to or restrict certain processing.
- Data portability: we will assist the controller with exports where required.
Children’s Data
Our services are intended for use by organisations for their workforce and are not directed to children. We do not knowingly collect personal data from children without appropriate authorisation.
Contact & Grievance
For privacy queries or to exercise your rights (as applicable), please contact:
- Email: Dashrat@haajri.in • Chirag@haajri.in
- Phone: +91 77159 69921
Grievance Officer (India): For complaints under applicable Indian law, write to the Grievance Officer at Dashrat@haajri.in. We aim to acknowledge complaints within 72 hours and resolve them within 30 days.
Changes to This Policy
We may update this policy to reflect changes in our practices or legal requirements. Material updates will be notified via the product or by email to administrators. Please review this page periodically for the latest information.