eStatusTrack — Workforce Monitoring & Attendance Intelligence Platform
Last updated: April 14, 2026 · Effective immediately
eStatusTrack ("we", "our", "the Platform") is committed to protecting the privacy and security of all individuals who use our workforce monitoring and attendance intelligence platform. This Privacy Policy explains what personal data we collect, why we collect it, how it is used and stored, and your rights regarding your information. By using eStatusTrack, you acknowledge that you have read and understood this policy.
eStatusTrack collects the minimum data necessary to deliver workforce welfare monitoring and attendance tracking services. The categories of data we collect include:
| Data Category | Specific Data | Purpose |
|---|---|---|
| Identity | Full name, mobile number, email (optional) | User identification and communication |
| Welfare Status | Daily check-in status (OK / Follow-Up), timestamp | Welfare monitoring and safety assurance |
| Attendance | Check-in/out times, status (Present/Off/Late), shift, team, remarks | Attendance tracking and workforce accountability |
| Location | GPS coordinates (latitude, longitude) — opt-in only | Geofence validation and location-verified check-ins |
| Authentication | OAuth login data (name, email from Google/Manus) | Secure admin/client dashboard access |
| Usage & Audit | Login timestamps, IP addresses, actions performed | Security monitoring and compliance auditing |
GPS Location is strictly opt-in. Location data is only captured when you explicitly enable the GPS toggle. You can disable it at any time. Check-ins without GPS are fully supported.
We collect and process personal data exclusively for the following legitimate operational purposes:
We do not sell, rent, or share your personal data with third parties for marketing or advertising purposes.
Access to your data is strictly controlled through a role-based access control (RBAC) system. Only authorized personnel can view employee records, and access is limited to the minimum necessary for each role:
| Role | Access Level |
|---|---|
| Super Admin | Full platform access — all tenants, users, audit logs, and system configuration |
| Admin | Team management — welfare/attendance records, reminders, exports, and data management within assigned scope |
| Client Admin | Tenant-scoped access — only records belonging to their organization |
| Employee / End User | Own records only — can submit check-ins and view personal status |
Strict tenant isolation. In our multi-tenant architecture, each organization's data is completely isolated. There is absolutely no cross-client visibility. Client Admins can only access records belonging to their own organization.
We implement industry-standard security measures to protect your personal data:
Encrypted Transmission
All data is transmitted securely over HTTPS/TLS encryption
Role-Based Access
Access is role-based — only authorized admins can view employee records
Session Security
Admin sessions have configurable timeouts with automatic logout
Audit Logging
All administrative actions are logged with timestamps and IP addresses
Security Headers
CSP, HSTS, X-Frame-Options, and other security headers are enforced
Rate Limiting
API rate limiting and IP allowlisting protect against abuse
Input Validation
All inputs are validated and sanitized using strict schema validation
Data Isolation
Multi-tenant architecture ensures complete data separation between organizations
We retain personal data only for as long as necessary to fulfill the purposes described in this policy, or as required by applicable law. Our default retention periods are:
| Data Type | Default Retention | Notes |
|---|---|---|
| Welfare check-ins | 2 years | Configurable by admin; auto-archive after retention period |
| Attendance records | 2 years | Configurable by admin; export available before deletion |
| Employee profiles | Active + 1 year | Archived after inactivity; deletable on request |
| Audit logs | 3 years | Required for compliance and security review |
| Location data (GPS) | Same as parent record | Deleted when the associated check-in/attendance record is deleted |
Administrators can configure custom retention periods and initiate data export or deletion through the admin dashboard's Data Retention settings.
You have the following rights regarding your personal data:
Right to Access
You may request a copy of the personal data we hold about you. Contact your organization's administrator or our support team.
Right to Correction
If any of your personal data is inaccurate or incomplete, you may request correction. Administrators can update employee records directly through the dashboard.
Right to Deletion
You may request the deletion of your personal data. Administrators can process deletion requests through the Data Management section. All associated check-ins, attendance records, and location data will be permanently removed.
Right to Data Portability
You may request an export of your data in a standard format (CSV). Administrators can export records through the dashboard before any deletion.
Right to Withdraw Consent
You may withdraw consent for GPS location tracking at any time by disabling the GPS toggle. You may also request removal from the system entirely.
How to submit a request: Contact your organization's administrator directly, or email us at [email protected]. We will respond to all data requests within 30 days.
eStatusTrack uses the following client-side storage mechanisms:
| Type | Purpose | Duration |
|---|---|---|
| Session Cookie | Authentication — maintains your login session | Until session expires or logout |
| localStorage | Remembers returning user identity (name, mobile) for quick check-in | Persistent until cleared |
| IndexedDB | Offline check-in queue — stores pending submissions when offline | Until synced to server |
We do not use third-party tracking cookies or advertising pixels. Analytics are privacy-respecting and self-hosted.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of the platform after changes constitutes acceptance of the updated policy.
If you have any questions about this Privacy Policy, your personal data, or wish to exercise your rights, please contact us:
Elvis Tumassang Fon — Founder & Data Controller
Email: [email protected]
Phone: +971 58 651 7322
Platform: estatustrack.org