This Privacy Policy supplements the UHere Account Privacy Policy (https://uhere.co/account/privacy).
UHere Account handles authentication data (email, passwords, OAuth tokens). This policy covers QRPunch-specific data related to employee time tracking, attendance management, and application functionality.
By using QRPunch, you agree to both the UHere Account Privacy Policy and this QRPunch Privacy Policy.
QRPunch is distributed via Microsoft Store.
Distributor: Microsoft Corporation acts solely as distributor. Data Controller: UHere (developer) is the data controller for all QRPunch data. Microsoft's Role: Microsoft facilitates app distribution, updates, and may collect limited diagnostic data per their privacy policy. Compliance: This privacy policy complies with Microsoft Store Policy 10.5.1.
Microsoft Store Privacy: https://privacy.microsoft.com/
3.1 Employee & Workforce Data Stored locally in SQLite database (qrpunchdatabase.db): - Employee records (name, email, QR card ID, role, shift, SecurePunch secure key) - Attendance records (clock in/out times, status, punctuality, creation method) - Event entries (meetings, breaks, custom events with timestamps) - Role and shift data (schedules, grace periods, assigned employees)
3.2 Audit & Compliance Data For security and compliance (stored locally only): - Attendance audit trail (action type, field changes, admin attribution, timestamps, IP address) - Event entry audit trail (same fields as attendance audit) - Preserved indefinitely for compliance (GDPR Article 30, legal obligations)
3.3 Subscription & Billing Data For all users (including Free Starter): - Stripe Customer ID (created for all users, even free tier) - Subscription tier, status, billing cycle, payment status - Device activation metadata (machine fingerprint, device name, OS, timestamps) - Advertising attribution consent preference and consent timestamp — stored in your Stripe billing profile to honor your choice and satisfy GDPR/PDPA consent record-keeping obligations - Storage: Cloud (Stripe + account profile) + Local cache (7-day validity for offline access)
3.4 Application Logs For debugging (local only, never transmitted): - Application events, authentication events, database operations - PII automatically redacted in production (emails, IDs, IP addresses) - Retention: 5 days max (5 files x 5 MB each)
3.5 Data We Do NOT Collect - Phone numbers, physical addresses, payment card details - Browsing history, usage analytics, telemetry - Employee photos, GPS coordinates, biometric data - Screenshots, social connections, contact lists
We use your QRPunch data solely for: - Time Tracking: recording and managing employee attendance - Workforce Management: managing employees, roles, shifts - Subscription Management: processing and managing your subscription, billing, device activation - Audit Compliance: maintaining audit trails for accountability - SecurePunch Integration: generating encrypted QR codes for mobile app - Offline Mode: caching subscription data for offline access - Backup & Recovery: enabling data backups and restoration - Time Synchronization: ensuring accurate timestamps via NTP - Support: troubleshooting issues (only if you share logs with us)
5.1 Local Storage (Primary) All QRPunch data is stored locally on your device: Windows: %APPDATA%/QRPunch/
Databases: - qrpunchdatabase.db — main employee/attendance data - qrpunch-license.db — separate license database
5.2 Optional Encryption (Enterprise Tier Only) - Cipher: ChaCha20-Poly1305 authenticated encryption - Exclusive to Enterprise subscribers - Key storage: OS keychain (Keytar) — keys never leave your device - User control: enable/disable via Settings - No Key Recovery: we cannot recover lost encryption keys - Your Responsibility: protect your OS account password and maintain keychain backups
5.3 Cloud Storage (Minimal) QRPunch does NOT store employee/attendance data in the cloud.
Only authentication and subscription data is stored externally: - Firebase: email, Firebase UID, authentication state - Stripe: Customer ID, subscription tier, device activation metadata
6.1 Microsoft Corporation — Distribution & Updates - Purpose: app distribution via Microsoft Store, automatic updates - Data collected by Microsoft: device diagnostics (crash reports, performance metrics) if you enable Windows diagnostic data; store analytics (download counts, usage statistics — aggregated only); update delivery metadata - Data NOT shared with Microsoft: employee data, attendance records, or any QRPunch-specific data remain local - Your control: Windows diagnostic data settings controlled via Windows Privacy Settings - Privacy Policy: https://privacy.microsoft.com/
For Microsoft OAuth authentication data, see the UHere Account Privacy Policy (https://uhere.co/account/privacy).
6.2 UHere SecurePunch API (Internal Service) - Purpose: QR card generation, delivery to employee emails, and SecurePunch mobile app integration - Data shared: employee email, employee ID, employee name, role, company name; for SecurePunch cards: card ID and secure key - Encryption: ChaCha20-Poly1305 encrypted QR codes (SecurePunch cards only)
6.3 NTP Time Servers - Purpose: time synchronization for accurate attendance timestamps - Servers: pool.ntp.org, time.google.com, time.cloudflare.com, time.windows.com, time.aws.com - Data shared: none (NTP protocol transmits timestamps only, no personal data) - Frequency: sync every 5 minutes for accuracy
6.4 Stripe - Purpose: subscription payment processing and device license management - Data shared: email, Stripe Customer ID, subscription tier, device activation metadata - Privacy Policy: https://stripe.com/privacy - Note: even free tier users have a Stripe Customer ID for device activation management
6.5 Google Ads (Advertising Attribution Only — Consent Required) - Purpose: advertising attribution — matching paid subscriptions to Google Ads campaigns via Enhanced Conversions for Leads - Data shared: a one-way SHA-256 cryptographic hash of your email address, subscription value, and subscription timestamp. The hash cannot be reversed to recover your email address. - What is NOT shared: raw email address, employee data, attendance records, IP address, device identifiers, or any other QRPunch data - When: only upon first paid subscription event, if you have consented (not on free tier, not on renewal) - Legal basis: consent — you opt in during the subscription flow and can withdraw at any time via QRPunch Settings > Privacy - Privacy Policy: https://policies.google.com/privacy
6.6 Meta (Facebook) Ads (Advertising Attribution Only — Consent Required) - Purpose: advertising attribution — matching paid subscriptions to Facebook/Instagram ad campaigns via Meta Conversions API (CAPI) - Data shared: a one-way SHA-256 cryptographic hash of your email address, subscription value, and subscription timestamp. The hash cannot be reversed to recover your email address. - What is NOT shared: raw email address, employee data, attendance records, IP address, device identifiers, or any other QRPunch data - When: only upon first paid subscription event, if you have consented (not on free tier, not on renewal). Events older than 7 days are not uploaded as they fall outside Meta's attribution window. - Legal basis: consent — you opt in during the subscription flow and can withdraw at any time via QRPunch Settings > Privacy - Privacy Policy: https://www.facebook.com/privacy/policy/
We do NOT sell, rent, or trade your employee or attendance data.
QRPunch data is shared only with: - Stripe: for subscription payment processing, billing, and device license management - UHere SecurePunch API (internal service): for QR card generation when you enable SecurePunch integration - NTP Servers: for time synchronization (timestamps only, no personal data) - Google Ads: a one-way SHA-256 hash of your email address, shared upon first paid subscription for advertising attribution (Enhanced Conversions for Leads) — only if you have consented - Meta (Facebook) Ads: a one-way SHA-256 hash of your email address, shared upon first paid subscription for advertising attribution (Conversions API) — only if you have consented - Legal Authorities: when required by law or to protect our rights
No Behavioral Tracking: we do not use Google Analytics, Facebook Pixel, or any third-party behavioral tracking scripts on our website.
Advertising Attribution Consent: sharing your hashed email with Google Ads and Meta Ads is opt-in only. You choose during the subscription flow, and you can withdraw consent at any time via QRPunch Settings > Privacy. Withdrawal takes effect immediately — no further uploads will occur, and your consent record is updated in your Stripe billing profile.
8.1 Active Use - Employee Data: retained as long as you use QRPunch - Attendance Records: retained indefinitely (you control deletion) - Audit Trails: preserved indefinitely for compliance - Subscription Data: retained in Stripe as long as required for tax and legal compliance - Subscription Cache: cached locally for offline access (7-day validity) - License Data: retained as long as subscription is active
8.2 Deletion When you delete data in QRPunch: - Soft Delete: most data is soft-deleted (marked as deleted, can be restored) - Audit Trail Preservation: audit logs preserved even after data deletion - Permanent Deletion: you can permanently delete data via Settings - Account Deletion: when you delete your UHere Account, authentication data is deleted (see UHere Account Privacy Policy), but local QRPunch data remains on your device until you uninstall
You have the right to:
Data Access - View all your employee and attendance data via QRPunch interface - Export full database to JSON format
Data Correction - Update employee information - Edit attendance records (with audit trail) - Correct errors in data
Data Deletion - Soft delete (can be restored from archive) - Permanent deletion via Settings - Uninstall QRPunch to remove all local data
Data Portability & Backup Control - Export all data to JSON format (no vendor lock-in) - Manual or automatic backups - Choose backup location - Control backup retention (up to 30 backups)
Advertising Attribution Consent - Opt in or withdraw consent for Google Ads and Meta Ads attribution via QRPunch Settings > Privacy - Applies to both platforms simultaneously — a single toggle covers Google ECL and Meta CAPI - Withdrawal takes effect immediately; your consent record is updated and no further uploads occur - California residents (CCPA): this is your "Do Not Sell or Share" mechanism for advertising attribution data
Encryption Control (Enterprise Tier) - Enable/disable database encryption - Manage encryption keys
To exercise your rights, use the QRPunch Settings interface or contact privacy@uhere.co.
We protect your QRPunch data with: - Optional Database Encryption: ChaCha20-Poly1305 (Enterprise tier only) - OS Keychain Storage: encryption keys stored securely via Keytar - Local-Only Storage: employee/attendance data never transmitted to cloud - Audit Trails: complete change history for accountability - Soft Delete: prevent accidental data loss - PII Redaction: sensitive data redacted from logs - Secure QR Codes: ChaCha20-Poly1305 encrypted (SecurePunch) - No External Analytics: no third-party tracking scripts
QRPunch complies with: - Singapore Personal Data Protection Act (PDPA) — as a Singapore-based company - General Data Protection Regulation (GDPR) — for EU/EEA users - California Consumer Privacy Act (CCPA) — for California users - Other applicable data protection laws
Your Compliance Responsibilities As the QRPunch user (employer/organization), you are responsible for: - Employee Consent: obtaining necessary employee consents for time tracking - Data Protection: complying with applicable labor and privacy laws in your jurisdiction - Legitimate Use: using QRPunch lawfully and ethically - Data Security: protecting access to QRPunch within your organization
QRPunch is designed for business use and employee time tracking. It is not intended for use by children under 13 (or applicable age in your jurisdiction). If you become aware that a child has provided employee data to QRPunch, please contact us immediately at privacy@uhere.co.
We may update this QRPunch Privacy Policy by posting a new Policy with an updated "Last Updated" date. Users will be notified of material changes through in-app notifications or email. Continued use after changes constitutes acceptance.
For QRPunch privacy questions or concerns:
Email: privacy@uhere.co Data Protection Officer: dpo@uhere.co Website: https://qrpunch.uhere.co