This Privacy Policy explains how we collect, use, store, protect, and/or share your information when you use the BiPro application (“Application”). By using the Application, you agree to these privacy practices.
We comply with applicable laws and regulations, including Law No. 27 of 2022 on Personal Data Protection (PDP Law) and Apple platform guidelines.
1) Application Overview
BiPro is a cloud-based HR application designed to support employee needs, including attendance (with face photo verification), leave/permission requests, reimbursement claims, status notifications, performance monitoring, and scheduling. The app also supports QR code scanning for certain actions configured by your company.
2) Data We Process
- Identity & Account Data: name, email, phone number, employee ID, division, position.
- Face Data (Photos): a photo of your face captured at check-in/check-out to verify attendance. We do not sell or use face photos for marketing or advertising.
- Optional Biometric Representation: if enabled by your company, a mathematical representation (embedding/template) derived from your face photo for automated matching.
- Attendance & Location Data: clock-in/out time, device time zone, location (precise/approximate) for geofence validation.
- Request Data: leave/permission requests, reasons, attachments.
- Reimbursement Data: claim details, amounts, and supporting documents.
- Photos/Media & Camera: camera and photo library access for face photo, HR documents, QR codes, and profile updates.
- Push Notifications: device tokens to send request statuses and announcements.
- Device & Diagnostic Data: device model, OS version, crash logs, and performance data.
3) Purposes of Processing
- Provide core features: attendance (face photo verification), leave/permission requests, reimbursement, schedules, and performance display.
- Support QR-based flows.
- Employee account authentication and management.
- Send push notifications related to statuses and company announcements.
- Technical/diagnostic analytics and service quality improvement.
- Compliance with applicable laws and HR policies.
4) Legal Basis
We process data based on: (i) consent (e.g., camera/location access, biometric processing where applicable); (ii) performance of employment/service agreements with your company; (iii) legitimate interests to operate and secure the Application; and/or (iv) legal obligations.
5) Device Permissions & Explanations
- Camera — used to: take your face photo for attendance, capture HR documents (ID/receipts), scan QR codes, and update profile pictures. Example: face photo is captured at check-in, verified against registered template, stored securely in cloud, and displayed in HR dashboard.
- Photo Library (Read) — when selecting images for attachments or profile update.
- Photo Library (Add/Write) — only if you choose to save/export photos from the app.
- Location (When In Use) — verify presence inside office geofence at check-in/out.
- Location (Always/Background) — only if geofenced auto-logging is enabled.
- Notifications — to receive status updates and announcements.
6) Use of Face Data (Detailed)
What we collect: face photo at attendance. Optional biometric template for automated matching.
How we use it: verify correct employee performed attendance, attach proof in HR records, display securely in HR dashboard.
Sharing: not shared with third parties. Limited access to HR admins and contracted processors under strict agreements.
Storage: securely on AWS (ap-southeast-1) with encryption in transit/at rest, role-based access, audit logging.
Retention: photos/biometric templates retained up to 24 months, or 30 days after account deactivation—whichever is earlier, then permanently deleted.
Your choices: contact HR admin or us to request access, correction, or deletion.
7) Data Sharing
- Treffix (employer) as controller for HR operations.
- Service Providers (cloud hosting, database, APNs, crash reporting) under strict agreements.
8) Cross-Border Transfers
Data may be processed/transferred to other jurisdictions with adequate protection per PDP Law.
9) Retention & Security
- Data retained as long as account is active or per company/law requirements.
- Attendance photos/biometric templates follow Section 6 retention.
- Technical and organizational measures applied for security.
- No method is 100% secure; security is continuously improved.
10) Data Subject Rights
Access, correction, update, object, restrict, withdraw consent, transfer, or request deletion via HR admin or contact below.
11) Children
App intended for employee (adult) use; not for under 18.
12) Tracking & Advertising
No cross-app/website tracking, no IDFA, no ads. ATT framework will be followed if needed in future.
13) Changes to This Policy
Updates communicated via page/app. Effective date updated accordingly.
14) Contact
- Email: faizhal@treffix.id
- Address: Treffix
- Website: https://treffix.id
“When you check in or out using attendance, BiPro captures your face photo via camera. This photo is stored securely on AWS (ap-southeast-1) and displayed in HR dashboard to confirm correct employee attendance. If enabled, a biometric template may be created to support automated matching. These data are used only for attendance verification, not shared with third parties, and retained for up to 24 months or 30 days after account deactivation—whichever is earlier—then permanently deleted.”