Privacy Policy
Last updated: January 7, 2025
Punch'd, operated by Krynovo ("we," "us," or "our"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information.
1. Information We Collect
1.1 Account Information
- Name and email address
- Company name and address
- Phone number (optional)
- Password (encrypted)
- Billing information (processed by Stripe)
1.2 Employee Information
- Name and employee ID
- Email address and phone number
- Job title and assigned job sites
- Hourly wage rates
1.3 Biometric Data
If face verification is enabled:
- Facial photographs for identity verification
- Facial recognition data (mathematical representations)
Important: Biometric data is only collected with explicit consent and is used solely for identity verification. We do not sell biometric data.
1.4 Location Data
When employees clock in or out:
- GPS coordinates at the time of the punch
- Geofence verification status
Location is collected only at clock-in/clock-out, not continuously.
1.5 Time and Attendance Data
- Clock-in and clock-out timestamps
- Break times
- Total hours worked
- Job site assignments
2. How We Use Your Information
- Provide time tracking services
- Verify employee identity and location
- Generate timesheets and reports
- Calculate labor costs
- Process payments
- Provide customer support
- Improve our services
- Comply with legal obligations
3. Data Sharing
We do not sell your personal information. We share data with:
| Provider | Purpose |
|---|---|
| Amazon Web Services | Hosting, face recognition |
| Stripe | Payment processing |
| Render | Application hosting |
We may also disclose information if required by law or to protect our rights.
4. Data Retention
| Data Type | Retention |
|---|---|
| Account information | Account duration + 30 days |
| Time records | 7 years (legal compliance) |
| Biometric data | Until consent withdrawn |
| Payment records | 7 years (tax compliance) |
5. Data Security
- Encryption in transit and at rest
- Secure password hashing
- Access controls
- Regular security assessments
6. Your Rights
You have the right to:
- Access your personal data
- Correct inaccurate data
- Request data deletion
- Export your data
- Withdraw consent for biometric processing
California Residents (CCPA)
You have rights to know what data is collected, request deletion, and opt-out of data sales (we do not sell data).
Illinois Residents (BIPA)
We obtain written consent before collecting biometric data and inform you of the purpose and retention period.
7. Children's Privacy
Punch'd is not intended for individuals under 18. We do not knowingly collect data from children.
8. Changes to This Policy
We may update this policy and will notify you of material changes by email or through the service.
9. Employer Obligations
Employers using Punch'd are responsible for:
- Notifying employees about data collection
- Obtaining required consents
- Complying with applicable privacy laws
10. Contact Us
Email: krynovo@gmail.com
Punch'd is a product of Krynovo.