Clock-Me Privacy Policy
1. Introduction
Clock-Me ("the System," "we," "our," or "us") is a time tracking and workforce management platform owned and operated by A & C Service Group. This Privacy Policy explains how we collect, use, store, and protect information when you use our web application and mobile app.
We are committed to protecting your privacy and ensuring transparency about our data practices. This policy applies to all users of Clock-Me, including employees, supervisors, managers, administrators, and clients.
2. Information We Collect
2.1 Account Information
- User ID / Username: Your unique identifier in the system
- Name: Your full name as provided by your employer
- Role: Your assigned role (Employee, Supervisor, Manager, Administrator, Client)
- Address: Physical address (for company billing or location assignment)
- Contact Information: Email address (if provided for notifications)
2.2 Time and Attendance Data
- Punch Records: Date, time, and type (in/out) of each punch
- Work Hours: Calculated hours worked, including regular, overtime (1.5x), and double-overtime (2x) hours
- Meal Break Records: Start time, end time, and duration of meal breaks
- Rest Break Records: Start time, end time, and duration of rest breaks (California locations)
- Lunch Deductions: Applied lunch break deductions (automatic or actual)
- Location Data: The work location associated with each punch
2.3 Location Data
We collect location data in the following scenarios:
GPS Snapshot (Punch In/Out)
- GPS Coordinates: Latitude and longitude at the moment of the punch
- GPS Accuracy: The accuracy level of your device's GPS reading
- Mock Location Detection: Whether your device is using simulated/fake GPS (Android only)
Foreground Heartbeat (While Punched In)
- Periodic Location Updates: While the app is open and you are punched in, the app may collect periodic location updates ("heartbeats") to verify continued presence at the work location
- Frequency: Location heartbeats are collected at intervals (typically every 2-5 minutes) only while the app is in the foreground
- Purpose: Geofence compliance verification and attendance accuracy
Purpose: Location data is used solely to verify that punches occur within the designated work area (geofence validation) and to ensure ongoing compliance with attendance policies. This helps ensure accurate time tracking and prevents time fraud.
Note: Meal breaks and rest breaks do NOT require location validation. Employees may take breaks anywhere.
2.4 California Compliance Data
California Employees: For employees working at California locations, we collect additional data to comply with California Labor Code requirements.
- Meal Break Tracking: Actual meal break start and end times to ensure 30-minute minimum compliance
- Rest Break Tracking: 10-minute paid rest break records for every 4 hours worked
- Meal Break Waivers: Digital waivers for shifts of 6 hours or less, including employee signature, date, and acknowledgment text
- Daily Overtime: Hours tracked for daily overtime (>8 hours) and double-time (>12 hours) calculations
- 7th Consecutive Day: Tracking of consecutive workdays for 7th-day overtime rules
- Split Shift Detection: Records of shifts with unpaid gaps exceeding 1 hour
- Compliance Violations: Records of meal break, rest break, and overtime violations for penalty calculations
2.5 Timecard Attestation Data
When you submit or approve your weekly timecard, we collect:
- Attestation Acceptance: Your acknowledgment of the timecard accuracy statement
- Attestation Text: The exact certification text you agreed to at the time of signing
- Signature Data: Digital signature (drawn or typed)
- Timestamp: Date and time of attestation
- Submission Source: Whether submitted via web or mobile app
Attestation Statement: "I certify that this timecard is complete and accurate. I confirm that I have recorded all hours worked and that I have not performed any work before my scheduled start time, after clocking out, or while off the clock during meal or rest breaks. I also confirm that all meal periods and rest breaks have been accurately recorded and provided in accordance with company policy and applicable law. I have not worked any unrecorded or 'off-the-clock' time."
2.6 Device Information
For Web Browsers:
- Browser ID: A randomly generated unique identifier stored in your browser's local storage
- Screen Resolution: Your device's screen dimensions
- Timezone: Your device's timezone setting
- Platform: Your operating system (e.g., Windows, macOS, Linux)
For Mobile App:
- Push Token: A unique token for sending push notifications (Expo Push)
- Device ID: Your device's unique identifier
- Device Type: iPhone, Android, etc.
- App Version: The version of the Clock-Me app installed
Important: We do NOT collect:
- Browser history or browsing activity
- Personal files or photos
- Contacts or messages
- Biometric data (fingerprints, face recognition)
- Financial information
- Social media accounts
- Background location when app is closed
2.7 Technical Data
- IP Address: Your device's IP address at time of access
- User Agent: Browser/app identification string
- Timestamps: When actions are performed in the system
- Error Logs: Technical error information for debugging (via Sentry.io)
3. How We Use Your Information
3.1 Primary Purposes
| Data Type |
Purpose |
| Account Information |
User authentication and access control |
| Time Records |
Calculating work hours and payroll |
| GPS Location (Punch) |
Verifying punch location within work geofence |
| GPS Location (Heartbeat) |
Verifying continued presence during shift (foreground only) |
| Meal/Rest Break Data |
California labor law compliance, penalty calculations |
| Timecard Attestation |
Legal compliance, payroll accuracy, audit trail |
| Device Information |
Fraud prevention (device sharing detection) |
| Push Token |
Sending work-related notifications |
3.2 California Labor Law Compliance
For employees at California locations, we use collected data to:
- Calculate daily overtime (1.5x after 8 hours, 2x after 12 hours)
- Calculate 7th consecutive day overtime
- Track meal break compliance and identify violations
- Track rest break compliance and identify violations
- Calculate meal break and rest break penalty hours
- Detect split shifts and calculate premium pay
- Generate compliance reports for employers
- Store meal break waivers for audit purposes
3.3 Fraud Prevention (Device Sharing Detection)
To maintain time tracking integrity and prevent "buddy punching" (one employee punching for another), we monitor for device sharing patterns.
How It Works:
- When you punch, your device identifier is recorded.
- The system checks if the same device was used by a different employee.
- A potential violation is flagged ONLY if ALL conditions are met:
- Same device identifier (Browser ID, Push Token, or Device ID)
- Same work location
- Within a 2-hour time window
- Different user account
4. Data Retention
| Data Type |
Retention Period |
| Time entries and punch records |
7 years (for compliance) |
| Timecard attestations |
7 years (for compliance) |
| Meal break waivers |
7 years (California compliance) |
| Meal/Rest break records |
7 years (California compliance) |
| Compliance violation records |
7 years (California compliance) |
| Audit logs |
2 years |
| Device identifiers |
Rolling 2-hour window for fraud detection; 30 days in audit logs |
| GPS coordinates (punch) |
Stored with punch records (7 years) |
| GPS heartbeat data |
30 days (for compliance verification) |
5. Data Security
We implement industry-standard security measures to protect your information:
Technical Safeguards
- Encryption in Transit: All data transmitted using HTTPS/TLS
- Secure Authentication: JWT-based authentication with secure token handling
- Access Controls: Role-based access limits who can view what data
- Error Monitoring: Sentry.io for secure error tracking and performance monitoring
What We DON'T Do:
- Sell your data to third parties
- Use your data for advertising
- Track your location when app is closed (background)
- Share California compliance data outside of employer reporting
6. Data Sharing
We only share your information in the following circumstances:
6.1 With Your Employer
Your employer (the organization using Clock-Me) has access to:
- Your time and attendance records
- Punch locations and timestamps
- Meal break and rest break records
- Timecard attestations and signatures
- Compliance violation reports
- Meal break waivers
6.2 Service Providers
We use the following third-party services:
| Service |
Purpose |
Data Shared |
| Google Places API |
Address Autocomplete |
Inputted address text |
| Expo Push Notifications |
Mobile notifications |
Push tokens only |
| LocationIQ |
Reverse geocoding |
GPS coordinates |
| Brevo |
Email notifications |
Email addresses |
| Sentry.io |
Error monitoring |
Error logs, device info (no personal data) |
7. Your Rights
Depending on your jurisdiction, you may have rights regarding access, correction, and deletion of your data.
California Residents
Under the California Consumer Privacy Act (CCPA), you have the right to:
- Know what personal information is collected
- Request deletion of your personal information
- Opt-out of the sale of personal information (we do not sell data)
- Non-discrimination for exercising your rights
To exercise these rights, please contact your employer's HR department or email us at app@clock-me.com.
8. Cookies and Local Storage
We use local storage for device identification (fraud prevention) and session management. We do not use third-party advertising or tracking cookies.
9. Mobile App Permissions
The Clock-Me mobile app requests the following permissions:
| Permission |
Purpose |
Required? |
| Location (GPS) - Foreground |
Geofence validation during punch; heartbeat while punched in |
Yes (While Using App) |
| Push Notifications |
Receiving work reminders, break notifications |
Optional |
| Camera |
Future feature (not currently used) |
No |
"Always Allow" Location: NOT required. We do not track location when the app is closed or in the background.
10. Children's Privacy
Clock-Me is a workplace application and is not intended for use by individuals under 16 years of age.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Significant changes will be communicated through the app or via email. Continued use of Clock-Me after changes constitutes acceptance of the updated policy.
12. Contact Us
If you have questions about this Privacy Policy, please contact us at:
Email: app@clock-me.com