Thank you for choosing to be part of our community at Unique Punch. We take your privacy very seriously and are committed to protecting it. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Unique Punch mobile application.
Collection of Information
Personal Data
When you use our app, we collect the following personal information:
- Identification: We capture a photograph at the start and end of your shift to verify your identity and location.
- Location Data: We continuously collect your location data during active work shifts (when punched in) on your mobile device (iOS and Android) to verify you are at the designated work location. We do not collect location data outside of work hours, including during breaks or between punch out and subsequent punch in.
Usage Data
We may collect data related to how you use the app, including how many hours you've worked, your role, and other operational data necessary for the functionality of the app.
Use of Information
We use the information we collect for various purposes, including to:
- Monitor the usage of the service.
- Assess the hours you've worked, your role, and calculate pay accordingly.
- Verify your identity and location for the shift you are working.
Legal Basis for Location Tracking
Our collection and use of location data during work hours is supported by various labor and employment laws that allow employers to verify employee location and work hours for legitimate business purposes:
- Fair Labor Standards Act (FLSA): Allows employers to track and verify work hours and location to ensure compliance with wage and hour requirements.
- State Employment Laws: The states we operate in permit reasonable workplace monitoring and location tracking during active work shifts for business necessity, including verification of work location.
- Privacy Laws (CCPA/GDPR): Allow processing of personal data, including location data, for legitimate business interests such as verifying work location and preventing time theft.
- Employment Contracts: Standard employment agreements typically include provisions allowing employers to monitor work activities and location during work hours.
Location tracking is limited to work hours only and ceases immediately upon punch out, including during breaks, to respect employee privacy outside of work time.
Retention of Data
Punch in/out pictures, location and usage data are stored securely and are only accessible by authorized personnel for auditing purposes. This allows verification of your presence at the work location if questions arise.
Disclosure of Data
We will not share your personal information with any third parties unless required by law or with your explicit consent.
Security of Data
We are committed to protecting your data and employ robust security measures, leveraging the capabilities of Firebase, our backend platform. These measures include:
- Secure Authentication: Firebase Authentication provides secure user authentication solutions, including email/password, with built-in protection against common vulnerabilities.
- Data Encryption in Transit and at Rest: Firebase uses industry-standard encryption protocols, such as TLS/SSL, to secure data transmitted between your device and our servers. Data stored in Firebase services, like Cloud Firestore and Realtime Database, is also encrypted at rest.
- Role-Based Access Control (RBAC): Firebase Security Rules allow us to define granular access control, ensuring that users can only access the data they are authorized to view or modify.
- Infrastructure Security: Firebase runs on Google Cloud Platform's secure infrastructure, which benefits from Google's extensive investments in security, including physical security, network security, and vulnerability management.
- Regular Security Updates and Patching: Firebase and Google Cloud Platform undergo continuous security monitoring and receive regular updates and patches to address potential vulnerabilities.
- Data Center Security: Google's data centers employ strict physical security measures, including biometric access controls, surveillance, and environmental safeguards.
- Compliance Certifications: Firebase and Google Cloud Platform adhere to numerous industry compliance certifications, demonstrating their commitment to security and privacy standards (e.g., ISO 27001, SOC 2).
- Secure Server Infrastructure: We utilize secure servers provided by Google Cloud Platform, which are designed to resist unauthorized access and maintain data integrity.
- Data Backup and Recovery: Firebase provides data backup and recovery capabilities, helping to protect against data loss.
Your Rights
You have the right to access, update, or delete your personal information at any time by contacting us.
Changes to this Privacy Policy
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.
Contact Us
If you have questions or comments about this Privacy Policy, please contact us at: