Privacy Policy
Phoenician Technical Services LLC
Phoenician HR Application - Attendance
Last updated: October 14, 2025
This Privacy Policy describes Our policies and procedures on the collection, use and disclosure of Your information when You use the Service and tells You about Your privacy rights and how the law protects You.
We use Your Personal Data to provide and improve the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy.
Interpretation and Definitions
Interpretation
The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.
Definitions
For the purposes of this Privacy Policy:
- Account means a unique account created for You to access our Service or parts of our Service.
- Affiliate means an entity that controls, is controlled by or is under common control with a party, where "control" means ownership of 50% or more of the shares, equity interest or other securities entitled to vote for election of directors or other managing authority.
- Application refers to Phoenician HR Application - Attendance, the software program provided by the Company.
- Company (referred to as either "the Company", "We", "Us" or "Our" in this Agreement) refers to Phoenician Technical Services LLC, Central Plaza Dubai DIP 1, Office No 399, Dubai, United Arab Emirates.
- Country refers to: United Arab Emirates
- Device means any device that can access the Service such as a computer, a cellphone or a digital tablet.
- Personal Data is any information that relates to an identified or identifiable individual.
- Service refers to the Application.
- Service Provider means any natural or legal person who processes the data on behalf of the Company.
- Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself.
- You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.
Collecting and Using Your Personal Data
Types of Data Collected
Personal Data
While using Our Service, We may ask You to provide Us with certain personally identifiable information that can be used to contact or identify You. Personally identifiable information may include, but is not limited to:
- Employee ID and login credentials
- Email address
- First name and last name
- Phone number
- Department and job title
- Employment details
- Usage Data
Usage Data
Usage Data is collected automatically when using the Service.
Usage Data may include information such as Your Device's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
Information Collected While Using the Application
While using Our Application, in order to provide features of Our Application, We may collect, with Your prior permission:
- Location Information: Your GPS coordinates and geofencing data to verify attendance at authorized work locations
- Biometric Data: Device biometric authentication (Face ID/Touch ID) and custom facial recognition data for employee authentication
- Attendance Data: Clock-in/clock-out times, break durations, work hours, and attendance patterns
🔒 Facial Recognition and Biometric Data Collection
Important Notice: Our Application uses TWO TYPES of biometric authentication:
1️⃣ DEVICE BIOMETRIC AUTHENTICATION (Face ID/Touch ID)
What It Is: When you open the app, it uses your iPhone or iPad's built-in Face ID or Touch ID to verify you are the authorized device owner.
How It Works:
- Automatic Authentication: Face ID/Touch ID triggers automatically when you launch the app
- Device Security: Verifies you are the owner of the device before allowing app access
- Apple-Managed: All Face ID/Touch ID data is processed and stored entirely by Apple in your device's Secure Enclave
Our Access to Face ID/Touch ID Data:
- ZERO Data Collection: We NEVER access, collect, or store your Face ID/Touch ID data
- Authentication Result Only: We only receive a YES/NO result from Apple
- No Transmission: Face ID/Touch ID data never leaves your device
- Apple's Control: All biometric data is controlled entirely by iOS
Purpose of Device Biometric Authentication:
- Secure app entry and device ownership verification
- Compliance with Apple security requirements
- Fast and convenient authentication
- Prevention of unauthorized access to the app
2️⃣ CUSTOM FACE RECOGNITION (Attendance Verification)
What It Is: Separate facial scanning technology used to verify employee identity during attendance check-in and check-out.
Key Distinction: This is NOT used for app login - it's used ONLY for attendance verification after you're already logged in.
What We Collect (Custom Face Recognition Only):
- Facial Images: High-resolution photographs of your face taken during attendance registration
- Biometric Templates: Mathematical representations of your facial features converted into encrypted data
- Facial Landmarks: Unique facial geometry points (distance between eyes, nose shape, jawline, etc.)
- Recognition Patterns: Digital signatures created from your facial characteristics
- Authentication Attempts: Records of successful and failed attendance verification attempts
How Custom Facial Data is Processed:
- Initial Registration: During first-time setup, the app captures multiple facial images from different angles
- Template Creation: Your facial images are converted into encrypted biometric templates that cannot be reverse-engineered into photos
- Secure Storage: Biometric templates are stored on Firebase Cloud Firestore (UAE region) with enterprise-grade encryption
- Real-time Matching: During attendance marking, your live facial scan is compared against your stored template
- Liveness Detection: System verifies you are physically present (not a photo or video)
Purpose of Custom Face Recognition:
- Verify employee identity during check-in/check-out
- Prevent attendance fraud (buddy punching)
- Ensure workplace security compliance
- Maintain accurate attendance records
- NOT used for app login or account authentication
Security Measures for Custom Facial Data:
- End-to-End AES-256 Encryption: All biometric data is encrypted during transmission and storage
- Zero Image Storage: Original facial photographs are deleted immediately after template creation
- Access Control: Biometric data is accessible only to authorized system administrators with audit trails
- Secure Infrastructure: Data stored on Firebase Cloud Firestore (Google Cloud Platform - UAE region)
- Regular Security Audits: Third-party security assessments and vulnerability testing
- Immediate Deletion: Upon employment termination, all biometric data is permanently deleted within 30 days
Third-Party Sharing Policy:
- NO Third-Party Sharing: Face ID/Touch ID data is controlled entirely by Apple and never shared
- NO External Access: Custom face data is NEVER sold, rented, or shared with:
- External parties or companies
- Advertisers or marketing companies
- Data brokers or analytics providers
- Other applications or services
- Internal Access Only: Custom face data is accessible only to:
- The employee themselves
- Company HR administrators (encrypted, audited access)
Data Storage Locations:
- Face ID/Touch ID: Stored in your device's Secure Enclave (Apple-managed, never transmitted)
- Custom Face Templates: Firebase Cloud Firestore (encrypted, UAE region, Google Cloud Platform)
- Local Device Cache: Encrypted local storage (temporary, for offline mode support)
- Encryption Standards: AES-256 encryption at rest, TLS 1.3 encryption in transit
Data Retention Periods:
- Face ID/Touch ID: Managed entirely by iOS, never accessible to our app
- Custom Face Data - During Employment: Retained for authentication purposes throughout employment
- Custom Face Data - After Termination: Automatically deleted within 30 days of employment termination
- Attendance Records (Non-Biometric): Timestamp and employee ID retained for 7 years per UAE Labor Law
- Deletion Process: Irreversible deletion from all systems including backups
Your Rights Regarding Biometric Data:
- Consent Withdrawal: You may withdraw consent for custom facial recognition at any time with 30-day notice period
- Data Access: You can request information about your stored biometric data at any time
- Data Portability: Request your biometric data in machine-readable format
- Data Deletion: Request immediate deletion of your custom face data (triggered automatically upon termination)
- Alternative Authentication: Alternative login methods available upon request for accessibility needs
- Breach Notification: You will be immediately notified within 72 hours of any biometric data security incidents
- Appeal Process: Escalation path available for privacy concerns
How to Exercise Your Rights:
- Email: privacy@phoenician-uae.com
- Phone: +971 4 882 9484
- In-App: Settings → Privacy → Data Rights
- Response Time: Within 15 business days
⚠️ Important Distinction:
Face ID/Touch ID (Device Authentication): Used for app access, controlled by Apple, ZERO data collection by our app
Custom Face Recognition (Attendance Verification): Used for attendance check-in/check-out, controlled by our app, data stored securely with strict privacy protections
Use of Your Personal Data
The Company may use Personal Data for the following purposes:
- To Provide and Maintain Our Service: Including monitoring the usage of our Service and ensuring accurate attendance tracking
- To Manage Your Account: To manage Your registration as a user of the Service
- For Device Authentication: To verify device ownership using Face ID/Touch ID at app launch
- For Employee Authentication: To verify your identity through custom facial recognition during attendance marking
- For Attendance Management: To accurately record work hours, overtime, breaks, and generate attendance reports for payroll processing
- For Workplace Security: To ensure only authorized employees access company premises and sensitive areas
- To Contact You: To contact You regarding work schedules, policy changes, or system updates
- For Compliance: To meet UAE labor law requirements and company policy enforcement
Retention of Your Personal Data
The Company will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy.
Specific Retention Periods:
- Face ID/Touch ID Data: Managed by iOS, never stored by our app
- Custom Biometric Data: Retained during employment and deleted within 30 days of termination
- Attendance Records: Retained for 7 years as required by UAE labor law (non-biometric data only)
- Personal Information: Maintained during employment and archived according to legal requirements
- Usage Data: Generally retained for shorter periods unless required for security or legal purposes
Security of Your Personal Data
The security of Your Personal Data is important to Us. We implement comprehensive security measures including:
- AES-256 encryption for all data transmission and storage
- TLS 1.3 encryption for data in transit
- Multi-factor authentication for administrative access
- Regular security audits and vulnerability assessments
- Secure cloud infrastructure (Firebase Cloud Firestore - UAE region)
- Role-based access control with comprehensive audit logs
- Staff training on data privacy and security protocols
- SOC 2 Type II compliance procedures
Children's Privacy
Our Service does not address anyone under the age of 18. We do not knowingly collect personally identifiable information from anyone under the age of 18.
Changes to this Privacy Policy
We may update Our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date at the top of this Privacy Policy.
You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.