DropIn Privacy Policy

Effective Date: April 29, 2026

Last Updated: May 12, 2026

This Privacy Policy describes how SRA OSS Pvt. Ltd. ("Company", "We", "Us", or "Our") collects, uses, and protects information when you use the DropIn attendance application across Android and iOS platforms. By using the DropIn application, you agree to the collection and use of information in accordance with this Privacy Policy.

1. Overview

DropIn is an attendance system used by organizations to enable employees to clock in and clock out for assigned projects. The mobile applications (Android and iOS) may collect location and selfie data during attendance submission for verification purposes.

2. Information We Collect

We collect and process the following categories of information:

  • Account Information: name, email address, username, organization, and role.
  • Attendance Data: clock-in time, clock-out time, project details, and attendance type.
  • Location Data: precise latitude and longitude during attendance actions.
  • Selfie Data: images captured using device camera during attendance submission.
  • Device Information: device identifier used for authentication and security.
  • Authentication Data: access and refresh tokens stored locally on the device.
  • Network Data: IP address (when enabled by organization policies).

3. How We Use Information

We use collected information strictly for workforce attendance and system security purposes:

  • User authentication and session management.
  • Recording attendance events.
  • Associating users with projects and organizations.
  • Verifying identity using selfies (when required).
  • Geofence validation for location-based attendance rules.
  • Enforcing organization-level security policies (e.g., IP restrictions).
  • Maintaining secure device-bound sessions.

We do not use personal data for advertising, profiling, or selling to third parties.

4. Platform-Specific Data Collection

4.1 Android Application

  • May request runtime permissions for camera, location, and storage.
  • May temporarily store captured images for upload processing.
  • Uses device permissions during active attendance actions only.

4.2 iOS Application

  • Uses camera permission for selfie capture during attendance.
  • Uses location permission while app is in use (When In Use mode).
  • Does not collect background location.

5. Permissions

  • Camera: Used to capture selfies during attendance submission.
  • Location: Used to record attendance location during clock-in and clock-out.
  • Internet: Used for communication with backend services.
  • Storage (Android only): Temporary handling of captured images.

6. When Data Is Collected

  • User sign-in.
  • Device registration or reuse.
  • Clock-in action.
  • Clock-out action.
  • Selfie capture during attendance.
  • Location capture during attendance submission.

7. Data Sharing

We may share data only in the following cases:

  • With the user's organization and authorized administrators.
  • With backend infrastructure service providers.
  • When required by law or government authorities.

We do not sell personal data.

8. Data Retention

  • Attendance records are retained based on organizational policies.
  • Images and location data are stored as part of attendance records.
  • Authentication tokens remain on the device until logout or app removal.

9. Security

We use secure communication channels and authenticated APIs to protect data. However, no system can guarantee absolute security.

10. User Control and Account Deletion

Users can manage application permissions through their Android or iOS device settings. Disabling required permissions (such as location or camera) may prevent attendance-related actions like clock-in or clock-out.

10.1 Account Deletion (iOS and Android)

DropIn provides users with the ability to request deletion of their account and associated personal data.

  • Users may request account deletion through the application or by contacting their organization administrator or support team.
  • Once a deletion request is received, the account is marked for deletion and becomes inactive.
  • A 30-day retention period is applied after the deletion request.
  • During this retention period, data may be retained for security, fraud prevention, or legal compliance purposes.
  • After the 30-day period, personal data is permanently deleted from our production systems and databases, unless retention is required by law.
  • Some anonymized or aggregated data may be retained for system integrity and reporting purposes, but it will no longer be linked to any identifiable user.

11. Children's Privacy

DropIn is intended for workforce and organizational use and is not directed to individuals under the age of 13.

12. Third-Party Services

We may use third-party infrastructure providers for hosting and backend services. These providers are obligated to protect user data.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted with an updated revision date.

14. Contact Us

For privacy-related questions, contact us at:

Email: info@aarvee.in