Privacy-First Design

Privacy Policy

Effective: October 13, 2025

Last Updated: January 26, 2026

This Privacy Policy supplements the UHere Account Privacy Policy and describes how QRPunch collects, uses, and protects your employee time tracking data.

Privacy-First By Design

Your data security and privacy are built into every aspect of QRPunch

Local Database Architecture

Most of your data stays on your device and never leaves your premises

Enterprise-Grade Encryption

SecurePunch technology with military-grade encryption for maximum security

Data Sovereignty

Complete control over your workforce data with zero cloud lock-in

Regulatory-Friendly

Built with features to support organizations in regulated industries

1. Introduction

This Privacy Policy supplements the UHere Account Privacy Policy .

UHere Account handles authentication data (email, passwords, OAuth tokens). This policy covers QRPunch-specific data related to employee time tracking, attendance management, and application functionality.

By using QRPunch, you agree to both the UHere Account Privacy Policy and this QRPunch Privacy Policy.

2. Distribution Platform

QRPunch is distributed via Microsoft Store.

Distributor: Microsoft Corporation acts solely as distributor
Data Controller: UHere (developer) is the data controller for all QRPunch data
Microsoft's Role: Microsoft facilitates app distribution, updates, and may collect limited diagnostic data per their privacy policy
Compliance: This privacy policy complies with Microsoft Store Policy 10.5.1

Microsoft Store Privacy: privacy.microsoft.com

3. QRPunch-Specific Data Collection

3.1 Employee & Workforce Data

Stored locally in SQLite database (qrpunchdatabase.db):

Employee records (name, email, QR card ID, role, shift, SecurePunch secure key)
Attendance records (clock in/out times, status, punctuality, creation method)
Event entries (meetings, breaks, custom events with timestamps)
Role and shift data (schedules, grace periods, assigned employees)

3.2 Audit & Compliance Data

For security and compliance (stored locally only):

Attendance audit trail (action type, field changes, admin attribution, timestamps, IP address)
Event entry audit trail (same fields as attendance audit)
Preserved indefinitely for compliance (GDPR Article 30, legal obligations)

3.3 Subscription & Billing Data

For all users (including Free Starter):

Stripe Customer ID (created for all users, even free tier)
Subscription tier, status, billing cycle, payment status
Device activation metadata (machine fingerprint, device name, OS, timestamps)
Storage: Cloud (Stripe) + Local cache (7-day validity for offline access)

3.4 Application Logs

For debugging (local only, never transmitted):

Application events, authentication events, database operations
PII automatically redacted in production (emails, IDs, IP addresses)
Retention: 5 days max (5 files × 5MB each)

3.5 Data We Do NOT Collect

Phone numbers, physical addresses, payment card details
Browsing history, usage analytics, telemetry
Employee photos, GPS coordinates, biometric data
Screenshots, social connections, contact lists

4. How We Use QRPunch Data

We use your QRPunch data solely for:

Time Tracking: Recording and managing employee attendance
Workforce Management: Managing employees, roles, shifts
Subscription Management: Processing and managing your subscription, billing, device activation
Audit Compliance: Maintaining audit trails for accountability
SecurePunch Integration: Generating encrypted QR codes for mobile app
Offline Mode: Caching subscription data for offline access
Backup & Recovery: Enabling data backups and restoration
Time Synchronization: Ensuring accurate timestamps via NTP
Support: Troubleshooting issues (only if you share logs with us)

5. Data Storage

5.1 Local Storage (Primary)

All QRPunch data is stored locally on your device:

Windows: %APPDATA%/QRPunch/

Databases:

qrpunchdatabase.db - Main employee/attendance data
qrpunch-license.db - Separate license database

5.2 Optional Encryption (Business Plus Tier Only)

Cipher: ChaCha20-Poly1305 authenticated encryption
Exclusive to Business Plus subscribers
Key storage: OS keychain (Keytar) - keys never leave your device
User control: Enable/disable via Settings
No Key Recovery: We cannot recover lost encryption keys
Your Responsibility: Protect your OS account password and maintain keychain backups

5.3 Cloud Storage (Minimal)

QRPunch does NOT store employee/attendance data in the cloud.

Only authentication and subscription data is stored externally:

Firebase: Email, Firebase UID, authentication state
Stripe: Customer ID, subscription tier, device activation metadata

6. Third-Party Services (QRPunch-Specific)

6.1 Microsoft Corporation

Distribution & Updates:

Purpose: App distribution via Microsoft Store, automatic updates
Data Collected by Microsoft: Device diagnostics (crash reports, performance metrics) if you enable Windows diagnostic data; Store analytics (download counts, usage statistics - aggregated only); Update delivery metadata
Data NOT Shared with Microsoft: Employee data, attendance records, or any QRPunch-specific data remain local
Your Control: Windows diagnostic data settings controlled via Windows Privacy Settings
Privacy Policy: privacy.microsoft.com

Microsoft OAuth (Optional):

Purpose: Alternative authentication method (in addition to Google OAuth)
Data Shared: Email address, OAuth tokens (for authentication only)
Provider: Microsoft Identity Platform
Note: OAuth data handled by UHere Account (see UHere Account Privacy Policy)

6.2 UHere SecurePunch API (Internal Service)

Purpose: QR card generation, delivery to employee emails, and SecurePunch mobile app integration
Data Shared: Employee email, employee ID, employee name, role, company name; for SecurePunch cards: card ID and secure key
Encryption: ChaCha20-Poly1305 encrypted QR codes (SecurePunch cards only)

6.3 NTP Time Servers

Purpose: Time synchronization for accurate attendance timestamps
Servers: pool.ntp.org, time.google.com, time.cloudflare.com, time.windows.com, time.aws.com
Data Shared: None (NTP protocol transmits timestamps only, no personal data)
Frequency: Sync every 5 minutes for accuracy

6.4 Stripe

Purpose: Subscription payment processing and device license management
Data Shared: Email, Stripe Customer ID, subscription tier, device activation metadata
Privacy Policy: stripe.com/privacy
Note: Even free tier users have a Stripe Customer ID for device activation management

7. Data Sharing

We do NOT sell, rent, or trade your employee or attendance data.

QRPunch data is shared only with:

Stripe: For subscription payment processing, billing, and device license management
UHere SecurePunch API (internal service): For QR card generation when you enable SecurePunch integration
NTP Servers: For time synchronization (timestamps only, no personal data)
Legal Authorities: When required by law or to protect our rights

No Third-Party Analytics: We do not use Google Analytics, Facebook Pixel, or any third-party tracking.

8. Data Retention

8.1 Active Use

Employee Data: Retained as long as you use QRPunch
Attendance Records: Retained indefinitely (you control deletion)
Audit Trails: Preserved indefinitely for compliance
Subscription Data: Retained in Stripe as long as required for tax and legal compliance
Subscription Cache: Cached locally for offline access (7-day validity)
License Data: Retained as long as subscription is active

8.2 Deletion

When you delete data in QRPunch:

Soft Delete: Most data is soft-deleted (marked as deleted, can be restored)
Audit Trail Preservation: Audit logs preserved even after data deletion
Permanent Deletion: You can permanently delete data via Settings
Account Deletion: When you delete your UHere Account, authentication data is deleted (see UHere Account Privacy Policy), but local QRPunch data remains on your device until you uninstall

9. User Rights (QRPunch-Specific)

You have the right to:

Data Access

View all your employee and attendance data via QRPunch interface
Export full database to JSON format

Data Correction

Update employee information
Edit attendance records (with audit trail)
Correct errors in data

Data Deletion

Soft delete (can be restored from archive)
Permanent deletion via Settings
Uninstall QRPunch to remove all local data

Data Portability & Backup Control

Export all data to JSON format (no vendor lock-in)
Manual or automatic backups
Choose backup location
Control backup retention (up to 30 backups)

Encryption Control (Business Plus Tier)

Enable/disable database encryption
Manage encryption keys

To exercise your rights, use the QRPunch Settings interface or contact privacy@uhere.co.

10. Security Measures (QRPunch-Specific)

We protect your QRPunch data with:

Optional Database Encryption: ChaCha20-Poly1305 (Business Plus tier only)
OS Keychain Storage: Encryption keys stored securely via Keytar
Local-Only Storage: Employee/attendance data never transmitted to cloud
Audit Trails: Complete change history for accountability
Soft Delete: Prevent accidental data loss
PII Redaction: Sensitive data redacted from logs
Secure QR Codes: ChaCha20-Poly1305 encrypted (SecurePunch)
No External Analytics: No third-party tracking scripts

11. Third-Party Services (QRPunch-Specific)

11.1 UHere SecurePunch API (Internal Service)

Purpose: QR card generation, delivery to employee emails, and SecurePunch mobile app integration
Data Shared: Employee email, employee ID, employee name, role, company name; for SecurePunch cards: card ID and secure key
Encryption: ChaCha20-Poly1305 encrypted QR codes (SecurePunch cards only)

11.2 NTP Time Servers

Purpose: Time synchronization for accurate attendance timestamps
Servers: pool.ntp.org, time.google.com, time.cloudflare.com, time.windows.com, time.aws.com
Data Shared: None (NTP protocol transmits timestamps only, no personal data)
Frequency: Sync every 5 minutes for accuracy

11.3 Stripe

Purpose: Subscription payment processing and device license management
Data Shared: Email, Stripe Customer ID, subscription tier, device activation metadata
Privacy Policy: stripe.com/privacy
Note: Even free tier users have a Stripe Customer ID for device activation management

12. Compliance

QRPunch complies with:

Singapore Personal Data Protection Act (PDPA) - As a Singapore-based company
General Data Protection Regulation (GDPR) - For EU/EEA users
California Consumer Privacy Act (CCPA) - For California users
Other applicable data protection laws

Your Compliance Responsibilities

As the QRPunch user (employer/organization), you are responsible for:

Employee Consent: Obtaining necessary employee consents for time tracking
Data Protection: Complying with applicable labor and privacy laws in your jurisdiction
Legitimate Use: Using QRPunch lawfully and ethically
Data Security: Protecting access to QRPunch within your organization

13. Children's Privacy

QRPunch is designed for business use and employee time tracking. It is not intended for use by children under 13 (or applicable age in your jurisdiction). If you become aware that a child has provided employee data to QRPunch, please contact us immediately at privacy@uhere.co.

14. Changes to This Policy

We may update this QRPunch Privacy Policy by posting a new Policy with updated "Last Updated" date. Users will be notified of material changes through in-app notifications or email. Continued use after changes constitutes acceptance.

15. Contact Us

For QRPunch privacy questions or concerns:

Email: privacy@uhere.co

Website: qrpunch.uhere.co

Data Protection Officer: dpo@uhere.co

16. Integration with UHere Account Privacy Policy

This QRPunch Privacy Policy supplements the UHere Account Privacy Policy :

UHere Account Privacy: Covers authentication data (email, passwords, OAuth, sessions)
QRPunch Privacy: Covers employee data, attendance records, audit trails, logs

Both policies apply when you use QRPunch.

Your Privacy Matters

We collect only what's necessary for time tracking, store data locally on your device, and give you full control over your data. QRPunch is designed as a privacy-first desktop application with local data storage and the highest security standards.