This Privacy Statement explains how TinyMIS ("we", "us", or "the Platform") collects, uses and protects information when you use our website and mobile application. The Platform is a human resources and workforce management tool provided to organisations ("Organisations") for their internal HR operations. By using the Platform, you agree to the practices described below.
1. Information We Collect
To deliver HR, attendance and payroll services, the Platform may process the following categories of information, supplied by the Organisation or generated through usage:
- Account & identity: name, employee ID, email, phone, designation, department, photograph and login credentials.
- Attendance data: clock-in/out timestamps, shifts, attendance records, overtime and leave requests.
- Device information: device model, operating system version, unique device identifiers and app version — used to bind a device to an account and prevent misuse.
- Location: approximate or precise location at the time of clock-in/out, when permitted and configured by the Organisation.
- Biometric data: where enabled, fingerprint or facial data used only for attendance verification (see Section 4).
- Payroll & documents: salary details, payslips, tax records, uploaded documents and loan/advance information.
- Communications: notices, messages and task updates exchanged through the Platform.
2. How We Use Information
- Authenticate users and maintain a secure device binding per account.
- Record attendance, manage shifts and calculate working hours.
- Process payroll, leave, reimbursements and statutory compliance.
- Deliver push notifications for approvals, notices and reminders.
- Allow secure communication between employees, managers and HR.
- Maintain audit logs and protect against fraud or unauthorised access.
- Comply with the Organisation's legal, regulatory and reporting obligations.
3. Location & Geofencing
If an Organisation enables location-based attendance, the Platform requests access to the device's location only at the time of clocking in or out. Location is used to confirm the employee is within an authorised work area (geofence). When the feature is enabled, the user is asked to grant location permission and may decline; in that case location-based clocking is unavailable.
4. Biometric Data
Where biometric attendance is enabled, biometric templates (such as a fingerprint or face pattern) may be used to verify identity at clock-in. Biometric data is stored in an encrypted form, is used solely for attendance verification, and is never sold or used for any other purpose. Participation is governed by the Organisation's policy and applicable local law.
5. Sharing & Disclosure
We do not sell personal information. Data is shared only:
- Within the Platform with the employer and authorised HR/manager roles as needed for HR administration;
- With trusted service providers (cloud hosting, push notification, SMS gateways) who process data on our behalf under strict confidentiality;
- When required by law, regulation or legal process.
6. Data Security
We use industry-standard safeguards including encryption in transit (TLS) and at rest, secure authentication, role-based access control, per-tenant database isolation and regular security reviews. No method of transmission or storage is completely secure, but we work to protect data using reasonable measures appropriate to the risk.
7. Data Retention
Data is retained for as long as an account is active or as needed to provide the HR services, comply with legal obligations, resolve disputes and enforce agreements. When data is no longer required, it is deleted or anonymised in accordance with the Organisation's retention policy.
8. Your Rights
Depending on your jurisdiction, you may have the right to access, correct, export or request deletion of your personal data. To exercise these rights, contact your Organisation's HR department or the email below. We respond within the timeframe required by applicable law.
9. Children's Privacy
The Platform is a workplace tool and is not directed at children under 16. We do not knowingly collect personal information from children. If you believe a child has provided data to the Platform, please contact us so it can be removed.
10. Changes to This Statement
We may update this Privacy Statement from time to time to reflect changes in the Platform, legal requirements or our practices. The "Last updated" date above indicates when the statement was last revised. Continued use of the Platform after changes take effect constitutes acceptance of the updated statement.
11. Contact Us
Questions about this Privacy Statement or how data is handled can be sent to:
TinyMIS
Email: info@tinymis.cloud
Website: www.tinymis.cloud