Privacy Policy

1. Who is responsible

Two parties are involved in any processing of a worker's personal information on RealAttend:

• The business using RealAttend (the "responsible party" under POPIA) — they decide which workers get enrolled and why.
• RealAttend (the "operator" under POPIA) — we process the data on their instructions.

If you are a worker and have questions about your data, ask your employer first. If you don't get a satisfactory answer, contact us at hello@realattend.co.za.

2. What we collect

From the businesses using us

• Your name, email, phone, company name, and payment details at signup.
• Usage logs (which dashboard pages were visited, from which IPs) for troubleshooting.

From workers being enrolled

• Name and optionally SA ID number, email, phone (entered by the manager).
• One or more face images used to compute a face template via Azure Face API.
• Attendance events: time, site, geolocation when clocking in/out, a photo of the check-in, and a match confidence score.
• Consent records: when each worker agreed to biometric processing, and the exact text shown to them.

3. Why we collect it

• To let the business track attendance accurately and pay workers correctly.
• To sync attendance to the business's payroll system, when configured.
• To comply with the POPIA requirement to keep an auditable record of consent before processing biometrics.
• To keep the service secure (rate-limiting, fraud detection, audit logs).

We do not use worker data for advertising, profiling outside the employment context, or training our own AI models.

4. Lawful basis

• For businesses: a contractual basis (the subscription agreement).
• For workers: informed consent captured on the tablet at enrolment — this is POPIA's required basis for biometric special personal information.
• Where a worker withdraws consent, the business must stop using the biometric feature for that worker; we'll delete the face data from our systems on request.

5. Where data lives

• Face templates are stored by the Azure Face API in the data region configured for that tenant. By default, we use South Africa North.
• Attendance check-in photos and enrollment reference photos live in Microsoft Azure Blob Storage, encrypted at rest, in a private container. Paths are namespaced per tenant.
• Attendance events, employee records, and consent records live in PostgreSQL databases hosted in South Africa. Each tenant gets an isolated database; there is no shared-table multi-tenancy.

6. Who we share it with

We share data only with sub-processors strictly necessary to run the service:

• Microsoft Azure — hosting, face matching, email delivery infrastructure.
• Brevo — transactional emails (signup, password reset, invites).
• Google reCAPTCHA v3 — invisible bot protection on the public contact form only. Google may set cookies and process your IP + browsing signals to score each request. See Google's Privacy Policy. Not loaded on any authenticated page.
• Paystack — subscription payments, when billing is enabled.
• Xero / Sage / PaySpace — only if the business explicitly connects them. Attendance events are pushed; nothing is pulled back beyond the connector metadata the business configures.

We don't sell data to anyone. We don't share with marketing platforms, data brokers, or AI model training providers.

7. How long we keep it

• Attendance events: as long as the business needs them for payroll & compliance; default 7 years, configurable per tenant.
• Face templates and enrolment photos: while the worker is active on that tenant, plus 90 days (for dispute resolution). Immediately on a right-to-erasure request.
• Consent records: at least 7 years (POPIA audit requirement) or as long as the business holds any data about the worker, whichever is shorter.
• Tenant account data (business signup info): while the subscription is active plus 30 days after cancellation.

8. Your rights

Under POPIA, any data subject can:

• Ask what data we hold about them.
• Correct inaccurate data.
• Delete data, where lawful to do so.
• Withdraw consent for future processing.
• Lodge a complaint with the Information Regulator — inforegulator.org.za.

To exercise any of these, email hello@realattend.co.za with "POPIA request" in the subject. We respond within 30 days.

9. Security

• Encryption in transit (HTTPS/TLS 1.2+) and at rest.
• Passwords stored as bcrypt hashes; device API keys stored as bcrypt hashes.
• Per-tenant database isolation.
• Audit logs of admin actions and failed login attempts.
• We don't run our own face-matching model — that work is done by Microsoft Azure Face API.

10. Breach notification

If we become aware of a security breach that affects your data, we'll notify you by email as soon as we reasonably can, and no later than the deadlines set by POPIA (72 hours to the Information Regulator, and reasonable notice to affected data subjects).

11. Cookies and tracking

The web dashboard uses session cookies strictly for authentication and CSRF protection. The marketing site sets a small cookie for A/B-test variant assignment. We do not run third-party analytics suites (no Google Analytics, no Mixpanel, no Facebook Pixel).

The one exception is the public /contact form, which loads Google reCAPTCHA v3 for bot protection. Google may set cookies and read browser signals solely to produce a "is this a human?" score. reCAPTCHA is only loaded on that single page — not on the dashboard, the blog, or any authenticated route.

12. Children

RealAttend is for workforce management. It is not intended for anyone under 18. If you believe we've collected data about a minor, contact us and we'll delete it.

13. Changes to this policy

We'll update this policy as the product evolves. Material changes will be emailed to the primary account holder. The "last updated" date at the top reflects the most recent revision.

14. Contact

hello@realattend.co.za for anything privacy-related.