Privacy Policy V Plus Insights

Introduction

Welcome to V Plus Insights ("we," "our," "us," or "the App"). We are committed to protecting the privacy and security of all data processed through our application. This Privacy Policy explains how the App enables admin users to collect, process, and securely manage employee information on behalf of their organization.

What This App Does:

Allows admin users to register new employees and manage employee records securely
Provides employees with secure access to view their own profile, attendance, and payroll information via face recognition login
Displays attendance and payroll data retrieved from the organization’s backend systems

By using V Plus Insights, you (as an admin or authorized user) agree to handle employee data responsibly and in accordance with this Privacy Policy. If you do not agree with these terms, please do not use the App.

1. Information We Collect

The App enables authorized administrators to collect and manage employee information. The following categories of data may be processed through the App on behalf of your organization:

1.1 Employee Information

When admin users register employees through the App, the following personal information may be collected for identity verification and secure access purposes:

Full Name: Employee’s full name as per Aadhaar card.
Aadhaar Number: Employee’s 12-digit government identification number used for verification.
Aadhaar Card Images: Front and back photographs of the employee’s Aadhaar card (uploaded during registration).
Phone Number: Employee’s mobile contact number for account verification and notifications.
Salary: Employee’s salary details.
Select Designation: Employee’s Designation details.
Facial Data: Employee’s facial image data collected to train the face recognition model and enable secure login.

1.2 Biometric Data (of Employees)

The App uses facial recognition technology solely for employee login authentication. This process involves:

Face Images During Registration:
- 5 photographs of the employee’s face are captured during registration
- Uploaded to the backend server for face embedding generation
- Automatically deleted from the device cache memory after upload
Face Images During Login:
- A single image is captured each time the employee logs in
- Sent to the server for face match verification
- Deleted from the device cache memory immediately after authentication
Face Embeddings:
- Mathematical data generated from the registration photos
- Used only for matching during authentication
- Encrypted, securely stored, and non-reversible (cannot recreate face images)
On-Device Face Detection:
- Google ML Kit is used locally to detect and align faces during image capture
- No facial data is sent to Google; all processing occurs on-device

1.3 Attendance and Work Data (View Only)

The App does not collect or record attendance data. It only retrieves and displays records stored in your organization’s existing attendance management system.

Displayed data includes check-in/out times, shifts, total working hours, and attendance status, payroll, but this information originates from the organization’s backend — not the App itself.

Clarification: V Plus Insights is a data viewing and management tool. Attendance tracking, calculations, and payroll management are performed by your organization’s internal systems, not through the App’s facial recognition feature.

1.4 Payroll Data (View Only)

The App does not collect or calculate payroll data. It only displays payroll details that are already managed by your organization’s HR or payroll system, including gross salary, deductions, and payment history.

1.5 Technical and Usage Data

Session Data: Encrypted authentication tokens used for secure logins (auto-expire after 24 hours).

1.6 Data We Do NOT Collect

Device Identifiers: We do not collect device model, OS version, or IMEI.
Location GPS Data: We do not track your real-time location.
Contacts/SMS/Call Logs: We do not access your contacts or messages.
Social Media Data: We do not connect with social platforms.

2. How We Use Your Information

We use the collected information for the following purposes:

2.1 Core App Functionality

Authentication: Verify your identity using face recognition for secure app access
Employee Information Display: Show your personal profile, designation, site, and contact details
Attendance Viewing: Display your attendance records retrieved from organization's backend system
Payroll Viewing: Display your monthly payroll information from organization's backend system
Employee Directory: For admins to view employee list and details
New User Registration: For admins to register new employees with face training

2.2 Security and Fraud Prevention

Access Control: Ensure only authorized employees can log in
Audit Trails: Maintain logs for security and compliance purposes

2.3 Service Improvement

Bug Fixes: Diagnose and resolve technical issues
Performance Optimization: Improve app speed and reliability
Feature Development: Develop new features based on usage patterns

2.4 Communication

Support: Respond to your inquiries and support requests
Policy Updates: Inform you of changes to this Privacy Policy

2.5 Legal Compliance

Regulatory Requirements: Comply with labor laws, tax regulations, and legal obligations
Court Orders: Respond to lawful requests from authorities

3. How We Store Your Data

3.1 Local Storage (On Your Device)

Session Tokens: Stored using encrypted storage (FlutterSecureStorage with EncryptedSharedPreferences) for auto-login (24-hour expiration)
Profile Cache: Basic profile information stored using encrypted storage for offline viewing
Temporary Face Images:
- During Login: Face image captured by camera is temporarily stored in app cache, then automatically deleted immediately after successful login and server verification
- During Registration: Multiple face images (5 photos) are captured and temporarily stored in app cache, then automatically deleted immediately after successful training and upload to server
- On Failure: If login/registration fails, temporary images remain in app's private cache directory until manually retried or automatically cleared by Android OS

Enhanced Security: All local data is stored using industry-standard encryption (AES-256 via Android's EncryptedSharedPreferences. Face images captured during login and registration are automatically deleted from your device after successful authentication or registration, ensuring no permanent biometric image data remains on your device.

3.2 Remote Storage (Backend Servers)

Database: All employee, attendance, and payroll data is stored in a secure database
File Storage: Face embeddings and profile pictures are stored in encrypted format
Backup Systems: Regular backups ensure data is not lost

Security Measures:

Encryption at Rest: All sensitive data is encrypted when stored
Encryption in Transit: All data transmitted between app and server uses HTTPS/SSL
Access Control: Only authorized personnel can access backend systems
Firewalls: Network-level protection against unauthorized access
Regular Audits: Periodic security assessments and penetration testing

3.3 Data Retention

Active Employees: Data is retained while you are employed
Inactive Employees: Data is retained for 3-7 years after employment ends (as per legal requirements)
Attendance Records: Retained for 3-7 years for compliance with labor laws
Face Embeddings: Deleted upon account deletion or employment termination (as per policy)
Session Tokens: Automatically expire after 24 hours of inactivity

4. How We Share Your Data

4.1 Within Our Organization

Your data is accessible to authorized personnel:

Admins: Full access to all employee data for management purposes
Employees: Access to your own data via the app

4.2 Backend Infrastructure and Hosting

Our backend servers that store and process your data are secured with:

Encryption: AES-256 encryption for data at rest, TLS/SSL for data in transit
Access Controls: Only authorized personnel can access backend systems
Monitoring: 24/7 security monitoring and intrusion detection
Backups: Regular encrypted backups for data recovery
Compliance: Infrastructure meets industry security standards

4.3 Google Services

Google ML Kit: Used for on-device face detection
- Data Shared: None (processing is entirely on your device)
- Purpose: Real-time face detection
- Privacy: No data leaves your device

4.4 Legal Authorities

We may disclose your information if required by law:

Court Orders: In response to subpoenas or legal processes
Law Enforcement: To investigate fraud or security incidents
Regulatory Bodies: To comply with labor, tax, or data protection regulations

4.5 What We Do NOT Do

Sell Your Data: We never sell personal or biometric data to third parties
Advertising: We do not use your data for targeted advertising
Marketing: We do not share your data with marketing companies
Social Media: We do not integrate with or share data with social networks

5. Your Rights and Choices

You have the following rights regarding your personal data:

5.1 Right to Access

You can request a copy of all personal data we hold about you. Contact your HR department or email us at viprasplus@gmail.com

5.2 Right to Correction

You can update incorrect or incomplete information using the app's profile settings or by contacting your HR department.

5.3 Right to Deletion

You can request deletion of your account and all associated data. Note: Some data may be retained for legal compliance (e.g., payroll records). Contact our organization's admin or email viprasplus@gmail.com

5.4 Right to Data Portability

You can request your data in a machine-readable format (e.g., JSON, CSV). Contact viprasplus@gmail.com with your request.

5.5 Right to Withdraw Consent

You can revoke app permissions at any time via Android Settings.

5.6 Right to Object

You can object to certain data processing activities. Contact your organization if you have concerns.

6. Security Measures

We implement industry-standard security practices to protect your data:

6.1 Technical Safeguards

End-to-End Encryption: Data encrypted in transit (HTTPS/TLS) and at rest (AES-256 database encryption)
Encrypted Local Storage: Session tokens and profile data stored using FlutterSecureStorage with Android EncryptedSharedPreferences
Automatic Data Deletion: Face images automatically deleted from device immediately after successful upload
Biometric Authentication: Secure facial recognition using Google ML Kit (on-device processing only)
Access Controls: Role-based permissions (RBAC) limit who can access what data
Secure Coding: Regular security audits, code reviews, and penetration testing
Firewalls: Multi-layer network security to prevent unauthorized access

6.2 Organizational Safeguards

Employee Training: Staff trained on data privacy and security
Confidentiality Agreements: Employees sign non-disclosure agreements
Audit Logs: All data access is logged and monitored
Incident Response Plan: Procedures in place to respond to data breaches

6.3 Your Responsibility

Device Security: Keep your device locked with a strong PIN/password
App Logout: Log out when not using the app, especially on shared devices
Permission Management: Review and manage app permissions regularly
Report Issues: Notify us immediately if you suspect unauthorized access

7. Android Permissions Used

Our app requires the following Android permissions to function properly. Below is an explanation of why each permission is needed:

7.1 Camera Permission

Permission: android.permission.CAMERA
Why We Need It: To capture face images for authentication and document uploads
When It's Used:
- Login: Every time you log in using face recognition to access the app
- Registration: During initial registration to capture 5 face training photos
- Document Upload: To capture Aadhaar card photos (front and back) during registration
What It's NOT Used For:
- NOT used for attendance check-in/check-out (attendance is managed by separate organizational system)
- NOT used for continuous monitoring or surveillance
- NOT used to access your photo gallery
Your Control: You can revoke this permission anytime via Android Settings → Apps → V Plus Insights → Permissions. However, face recognition login will not work without camera access.

7.2 Internet Permission

Permission: android.permission.INTERNET
Why We Need It: To communicate with our organization's backend servers
When It's Used:
- Login: To send face images for authentication and identity verification
- Registration: To upload new employee data and face training photos
- Data Display: To fetch and display your attendance records, payroll information, and employee details from backend
Security: All data transmission uses HTTPS/TLS encryption to protect your information during transfer

7.3 Storage Permissions

Why We Need Storage Access: To allow you to select and upload Aadhaar card images during employee registration

7.3.1 For Android 10 and Below

Permissions:
- android.permission.READ_EXTERNAL_STORAGE
- android.permission.WRITE_EXTERNAL_STORAGE
Purpose: Read and write files to device storage for Aadhaar document uploads

7.3.2 For Android 11-12 (API 30-32)

Permissions:
- android.permission.READ_EXTERNAL_STORAGE (limited to API 32)
- android.permission.MANAGE_EXTERNAL_STORAGE
Purpose: Access media files and documents for Aadhaar uploads

7.3.3 For Android 13+ (API 33+)

Permissions: (Granular media permissions)
- android.permission.READ_MEDIA_IMAGES - To select Aadhaar card images
- android.permission.READ_MEDIA_VIDEO - For any video files (if needed)
- android.permission.READ_MEDIA_AUDIO - For any audio files (if needed)
Purpose: Read images from your photo library to upload Aadhaar documents during registration

Important Notes About Storage Permissions:

Storage permissions are only requested during employee registration when you need to upload Aadhaar card photos
We do not access your personal photos, videos, or other files
We only read the specific Aadhaar images you select through the file picker
You can revoke these permissions after registration via Android Settings
These permissions are not required for face login or daily app usage

7.4 Permissions We Do NOT Request

To protect your privacy, our app does NOT request or use:

Location/GPS - We do not track your location
Contacts - We do not access your contact list
SMS/Phone - We do not read your messages or call logs
Microphone - We do not record audio
Calendar - We do not access your calendar
Bluetooth - We do not use Bluetooth
Body Sensors - We do not access fitness or health sensors

8. Children's Privacy

The V Plus Insights is intended for use by employees of organizations and is not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If we discover that a child under 18 has provided us with personal information, we will delete it immediately.

If you are a parent or guardian and believe your child has provided us with data, please contact us at viprasplus@gmail.com

9. International Data Transfers

If you are located outside the country where our servers are hosted, your data may be transferred internationally. We ensure that such transfers comply with applicable data protection laws:

Adequacy Decisions: We transfer data only to countries with adequate data protection
Standard Contractual Clauses: We use EU-approved contracts for international transfers
Your Consent: By using the App, you consent to international data transfers as necessary

10. Cookies and Tracking Technologies

The App does not use cookies. However, we use the following technologies:

Session Tokens: For maintaining your login session
Local Storage: For caching data and app preferences
Analytics: We may use anonymized analytics to understand app usage (no personal data)

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make significant changes, we will:

Update the "Last Updated" date at the top of this policy
Notify you via email
Request your consent if required by law

We encourage you to review this Privacy Policy periodically. Your continued use of the App after changes constitutes acceptance of the updated policy.

12. Data Breach Notification

In the unlikely event of a data breach affecting your personal information, we will:

Investigate: Assess the scope and impact of the breach
Contain: Take immediate steps to prevent further unauthorized access
Notify: Inform affected users within 72 hours of discovering the breach
Remediate: Implement measures to prevent future breaches
Report: Notify relevant authorities as required by law

13. Compliance with Laws

This Privacy Policy is designed to comply with:

Google Play Store Developer Program Policies
Android Privacy Best Practices
GDPR (General Data Protection Regulation) - if applicable in the EU
CCPA (California Consumer Privacy Act) - if applicable in California, USA
Local Data Protection Laws in your jurisdiction

14. Acknowledgment and Consent

By downloading, installing, or using the V Plus Insights, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

If you are using this App on behalf of your employer, you confirm that you have the authority to agree to this Privacy Policy on behalf of your organization.

15. Governing Law

This Privacy Policy is governed by the laws of India and the State of Tamil Nadu, without regard to its conflict of law provisions. Any disputes arising from this policy will be resolved in the courts of Tamil Nadu, India.

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Privacy Email:viprasplus@gmail.com
Support Email:viprasplus@gmail.com
Physical Address:No-495 A, Village High Rd, Sholinganallur, Chennai, Tamil Nadu 600119
Phone:+91 63817 17423