Your privacy is important to us. This Privacy Policy explains how AttendMitra collects, uses, and protects information when you use our workforce management platform — including the web console for managers, the employee mobile app, and the manager mobile app.

AttendMitra ("we", "our", or "us"), a product of Mitra Nest, is committed to protecting your privacy. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our workforce management platform — including attendance tracking, shift scheduling, leave management, payroll, hiring, and related web and mobile services (collectively, the "Services"). The Services are used by employer organizations ("Clients") and their employees, managers, and administrators.
We may collect the following types of information:
Name, email address, phone number, profile photo, job title, department, and account credentials for employers, managers, and employees.
IP address, browser type, device model, operating system, app version, pages or screens visited, push notification tokens, and session activity.
GPS coordinates for geo-fenced clock-in/out, worksite verification, live location during active shifts (when enabled), and manager location views.
Employee records, attendance logs, shift schedules, leave requests, payroll and payslip data, hiring applications, resumes, documents, incident reports, and optional face verification data used for secure clock-in.
We collect this information directly from you, automatically through your use of our Services (including our web app and mobile apps), from your employer organization when they provision your account, or through integrations your organization enables. Optional face verification is used only for secure clock-in — not for continuous surveillance.
We do not sell your personal information. We may share information: (a) with your employer organization, which controls employee data within its workspace; (b) with trusted service providers who help us host, secure, deliver email and push notifications, and operate the Services — under contractual confidentiality obligations; (c) when required by law, regulation, or legal process; or (d) in connection with a business transaction such as a merger, acquisition, or asset sale. Employers are responsible for how they use and share employee data within their organization.
We implement technical and organizational measures — including encryption in transit and at rest, role-based access controls, secure authentication, and regular security reviews — to protect your information from unauthorized access, alteration, or disclosure. Optional face verification data is used solely to confirm identity at clock-in and is not used for unrelated monitoring. No method of transmission or storage is 100% secure; we encourage strong passwords and prompt reporting of suspected unauthorized access.
Depending on your location, you may have the right to access, correct, delete, export, or restrict processing of your personal information. Employees should contact their employer organization first for workforce-related data requests (attendance, payroll, leave, etc.). For account, privacy, or platform-related requests, contact us using the details in Section 11. You can manage push notification and location permissions through your device settings; disabling certain permissions may limit attendance features that depend on them.
Our web application uses cookies and similar technologies to maintain your login session, remember preferences, and understand how the Services are used. Mobile apps may use local storage and device identifiers for authentication and offline functionality. You can control cookies through your browser settings; blocking cookies may affect web app functionality.
We retain information for as long as necessary to provide the Services, fulfill the purposes described in this policy, and comply with legal obligations. Client organizations may retain employee workforce records according to their own policies and applicable law. When a Client account ends, we delete or anonymize data within a reasonable period, except where retention is required by law or legitimate business needs.
The Services are designed for workplace use and are not directed to individuals under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us so we can take appropriate action.
We may update this Privacy Policy from time to time to reflect changes in our Services, legal requirements, or data practices. We will notify you of material changes by posting the updated policy on this page with a revised "Last Updated" date. Continued use of the Services after changes take effect constitutes acceptance of the updated policy.
If you have questions about this Privacy Policy or our data practices, contact us at info@attendmitra.com. For general product support, visit app.attendmitra.com.