Privacy Policy
App Name: UPSALE
Effective Date: March 13, 2026
Last Updated: March 13, 2026
1. Introduction
This Privacy Policy describes how UPSALE ("the App", "we", "our", or "us") collects, uses, stores, and protects information from users ("you" or "employee") of the UPSALE mobile application. UPSALE is an employee attendance and outlet management tool intended for use by authorised employees of the organisation.
By using the App, you agree to the collection and use of information in accordance with this policy.
2. Information We Collect
2.1 Account & Authentication Information
- Email address and password — used for employee login and session management. Credentials are stored locally on your device in an AES-256-GCM encrypted store (not in plain text).
- Employee ID, full name, and display name — received from the company server upon successful login and used to personalise the app experience.
- Authentication token — a server-issued token used to authorise API requests during your session.
2.2 Location Data
- Precise GPS location (latitude & longitude) — collected at the time of check-in and check-out at an outlet. Location data is essential to record where attendance events occur and is submitted to the company's backend server.
- Location is accessed only when you initiate a check-in or check-out action. The App does not track your location continuously or in the background.
2.3 Camera & Photos
- Photos taken via the device camera — required at check-in to capture a photo as part of the attendance record at an outlet. Photos are uploaded directly to the company's backend server and are not stored in your device's photo library by the App.
- Product images — employees can capture and upload product images associated with outlet visits. These are also transmitted to the company server.
2.4 Biometric Data
- Fingerprint / Face ID — optionally used for local app authentication (PIN bypass). Biometric data is handled entirely by your device's operating system (iOS Secure Enclave / Android BiometricPrompt). The App never reads, stores, or transmits raw biometric data.
2.5 Device Information
- Device model, operating system version, and app version — collected for diagnostic and support purposes (e.g., when reporting issues). This information is displayed within the app and may be shared with support staff. It is not sent to any third party.
2.6 Outlet & Attendance Records
- Attendance records (check-in time, check-out time, outlet ID, employee ID, GPS coordinates) are transmitted to and stored on the company's backend servers.
- Outlet information (name, address, region, type, license number) is fetched from the company's servers and displayed to you. It is not shared beyond the company's own systems.
3. How We Use Your Information
| Data |
Purpose |
| Email & password |
Authenticate employee sessions; stored encrypted on device for seamless re-login |
| GPS location |
Record location at attendance events (check-in / check-out) |
| Photos |
Verify physical presence at outlet; document product conditions |
| Employee & outlet data |
Display assigned outlets, track attendance, enable navigation |
| Device info |
Assist in technical support and debugging |
| Biometric |
Provide secure, convenient local app unlock (optional) |
We do not use your personal data for advertising, marketing, or any purpose outside the scope of employee attendance management.
4. Data Storage & Security
- On-device storage: Session credentials (email, password, authentication token, PIN) are stored locally using AES-256-GCM encryption (PBKDF2-derived key, 100,000 iterations). Attendance records are cached using ObjectBox, a local embedded database.
- Server storage: Attendance events, photos, and outlet data are stored on servers operated or contracted by your employer.
- In transit: All communication between the App and the backend server is performed over HTTPS (TLS-encrypted).
- Biometric data: Never leaves the device and is never accessible to the App directly.
5. Data Sharing & Third Parties
We do not sell, rent, or share your personal data with third parties for commercial purposes.
Your data may be accessed by:
- Your employer / organisation — as the operator of the backend system, your employer has access to all attendance records, photos, and outlet activity you generate through the App.
- Service providers — the company may use third-party cloud infrastructure (e.g., hosting providers) to operate the backend. These providers are bound by data processing agreements and may not use your data for any independent purpose.
The App does not integrate with any third-party analytics SDKs, advertising networks, or social media platforms.
6. Permissions Required
The App requests the following device permissions:
| Permission |
Why It's Needed |
| Location (When In Use) |
To capture GPS coordinates at check-in and check-out |
| Camera |
To take attendance photos and product images |
| Photo Library / Gallery |
To allow selection of existing images for product uploads |
| Face ID / Biometrics |
To enable optional biometric app unlock |
You may deny optional permissions (such as biometrics and photo library access); however, denying location or camera permissions will prevent core attendance features from working.
7. Data Retention
- On-device: Credential data is retained until you log out. Attendance cache is retained for app performance and is cleared upon logout.
- Server-side: Attendance records and photos are retained in accordance with your employer's data retention policies. As an employee, please refer to your organisation's HR or IT policy for specifics.
8. Children's Privacy
Liveline is a business productivity application intended solely for use by adult employees of the subscribing organisation. We do not knowingly collect data from persons under the age of 18.
9. Your Rights
Depending on your jurisdiction, you may have rights to:
- Access the personal data we hold about you
- Request correction or deletion of your personal data
- Object to or restrict how your data is processed
Since the App operates within your employer's infrastructure, most data access and deletion requests should be directed to your employer's HR or IT department, who control the backend data.
For queries about how the App itself handles data, you may contact us at the address below.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date at the top of this document. We encourage you to review this policy periodically. Continued use of the App after changes constitutes your acceptance of the updated policy.
This policy applies to the UPSALE mobile application on iOS and Android platforms.