Clock-Me Data Safety Summary

Owner: A & C Service Group
Document Type: Google Play & Apple App Store Data Safety
Effective Date: March 7, 2026
Version: 3.0

Clock-Me collects and processes only the information necessary to provide secure, compliant, and accurate time-tracking services. This summary aligns with our Privacy Policy and Terms of Use.

📌 Data Collected & Purpose

1. Personal Information

Collected

Data Types: Name, Email Address, User ID, Role, Address.
Purpose: Account management, authentication, and linking records to your employer.

2. Location Data

Collected Updated

Data Type: Precise Location (GPS Coordinates).
Collection Methods:
- Punch Snapshot: Point-in-time capture at the moment of "Punch In" or "Punch Out"
- Foreground Heartbeat: Periodic location updates while punched in and app is open (foreground only)
Heartbeat Frequency: Every 2-5 minutes while actively punched in with app open.
Purpose: Geofence validation (verifying you are at the correct worksite) and attendance verification.
Background Tracking: NO. We do not track location when the app is closed or in the background.

3. California Compliance Data

California Only New

Meal Break Records: Start time, end time, duration of 30-minute unpaid meal breaks.
Rest Break Records: Start time, end time, duration of 10-minute paid rest breaks.
Meal Break Waivers: Digital waivers for shifts ≤6 hours, including:
- Employee signature (typed name)
- Date and timestamp
- Waiver acknowledgment text
Overtime Calculations: Daily overtime (>8h), double-time (>12h), 7th day overtime.
Compliance Violations: Records of missed/late meal breaks, missed rest breaks, split shift occurrences.
Purpose: California Labor Code compliance, penalty calculations, employer reporting.

4. Timecard Attestation Data

Collected New

Data Types: Attestation acceptance, digital signature, timestamp, submission source.
Purpose: Legal compliance, payroll accuracy, audit trail.
Attestation Text Stored:

"I certify that this timecard is complete and accurate. I confirm that I have recorded all hours worked and that I have not performed any work before my scheduled start time, after clocking out, or while off the clock during meal or rest breaks. I also confirm that all meal periods and rest breaks have been accurately recorded and provided in accordance with company policy and applicable law. I have not worked any unrecorded or 'off-the-clock' time."

5. Device & Identifiers (Fraud Prevention)

Collected

Data Types: Device ID, Browser ID (UUID), Push Token, Screen Resolution, Timezone.
Purpose: Fraud prevention (detecting "buddy punching" via device sharing) and sending notifications.
Note: We do NOT collect browsing history, contacts, or biometric data.

6. App Activity

Collected

Data Types: Punch logs, timestamps, timesheet actions, break start/end times.
Purpose: Calculating work hours, payroll accuracy, compliance reporting, and employment history.

7. Error & Performance Data

Collected New

Service: Sentry.io
Data Types: Error logs, stack traces, device type, app version.
Purpose: Application debugging, performance monitoring, crash reporting.
Note: No personal data (names, emails) is sent to Sentry.

🔒 Data Sharing

Clock-Me does NOT sell user data. Data is shared only with:

Your Employer: To facilitate payroll, attendance management, and compliance reporting.
Service Providers:
- Google Places API: For address autocomplete when creating or editing accounts.
- LocationIQ: For address validation (Geocoding).
- Expo: For sending push notifications.
- Brevo: For email alerts.
- Sentry.io: For error monitoring and crash reporting.

🛡 Security Practices

Encryption Data is encrypted in transit (HTTPS/TLS) and at rest.
Authentication Secure token-based session management (JWT).
Data Minimization We collect only data necessary for time tracking and compliance.
No Biometrics We do not collect or upload biometric data (FaceID/Fingerprint).
Audit Trail All timecard attestations and compliance records are securely stored.

⚙️ Permissions & User Controls

Based on our Privacy Policy, the app requires the following permissions:

Location Access

Required Setting: "While Using the App" (Foreground).
When Used:
- At the moment of punch in/out (snapshot)
- Periodically while punched in and app is open (heartbeat)
"Always Allow": NOT Required. We do not track you when the app is closed.

Other Permissions

Notifications: Optional (used for shift reminders, break notifications).
Camera/Photos: Not Collected. We do not store or process employee photos or facial recognition data.

🏛 California-Specific Features

For employees at California locations, the app includes additional features to comply with California Labor Code:

Meal Break Button: Record 30-minute unpaid meal breaks (no location validation required)
Rest Break Button: Record 10-minute paid rest breaks
Meal Break Waiver: Digital waiver form for shifts ≤6 hours
Daily Overtime Display: Shows regular, 1.5x, and 2x overtime hours
Compliance Alerts: Notifications for upcoming required breaks
Penalty Tracking: Automatic calculation of meal/rest break violation penalties

📁 Retention & Deletion

Time Records: 7 years (compliance requirement)
Timecard Attestations: 7 years (compliance requirement)
Meal Break Waivers: 7 years (California compliance)
Meal/Rest Break Records: 7 years (California compliance)
Compliance Violation Records: 7 years (California compliance)
GPS Heartbeat Data: 30 days
Device Fraud IDs: Rolling 2-hour window
Deletion: You may request data deletion via your employer or by contacting us at app@clock-me.com.

📋 Timecard Attestation

When submitting your weekly timesheet, you must certify the accuracy of your time records:

This attestation, along with your digital signature and timestamp, is stored for compliance and audit purposes.