Legal

Privacy Policy

Last updated 20 April 2026
Plain-English summary. RealAttend processes face images and attendance data on behalf of the businesses using it. Workers' biometric data is special personal information under the Protection of Personal Information Act (POPIA) - we treat it that way. We don't sell data, we don't train AI models on it, and anyone can ask to be deleted.

1. Who is responsible

Two parties are involved in any processing of a worker's personal information on RealAttend:

  • The business using RealAttend (the "responsible party" under POPIA) - they decide which workers get enrolled and why.
  • RealAttend (the "operator" under POPIA) - we process the data on their instructions.

If you are a worker and have questions about your data, ask your employer first. If you don't get a satisfactory answer, contact us at hello@realattend.co.za.

2. What we collect

From the businesses using us

  • Your name, email, phone, company name, and payment details at signup.
  • Usage logs (which dashboard pages were visited, from which IPs) for troubleshooting.

From workers being enrolled

  • Name and optionally SA ID number, email, phone (entered by the manager).
  • One or more face images used to compute a face template via our biometric matching provider.
  • Attendance events: time, site, geolocation when clocking in/out, a photo of the check-in, and a match confidence score.
  • Consent records: when each worker agreed to biometric processing, and the exact text shown to them.

3. Why we collect it

  • To let the business track attendance accurately and pay workers correctly.
  • To sync attendance to the business's payroll system, when configured.
  • To comply with the POPIA requirement to keep an auditable record of consent before processing biometrics.
  • To keep the service secure (rate-limiting, fraud detection, audit logs).

We do not use worker data for advertising, profiling outside the employment context, or training our own AI models.

4. Lawful basis

  • For businesses: a contractual basis (the subscription agreement).
  • For workers: informed consent captured on the tablet at enrolment - this is POPIA's required basis for biometric special personal information.
  • Where a worker withdraws consent, the business must stop using the biometric feature for that worker; we'll delete the face data from our systems on request.

5. Where data lives

  • Face templates are stored by our biometric matching provider in a South Africa data region.
  • Attendance check-in photos and enrolment reference photos live in encrypted-at-rest object storage in a private container. Paths are namespaced per tenant.
  • Attendance events, employee records, and consent records live in PostgreSQL databases hosted in South Africa. Each tenant gets an isolated database; there is no shared-table multi-tenancy.

6. Who we share it with

We share data only with the categories of sub-processor strictly necessary to run the service:

  • Cloud hosting and biometric matching providers - server hosting, face matching, encrypted object storage, all in a South Africa data region.
  • Transactional email provider - signup, password reset, invites, and operational notifications.
  • Bot-protection provider - invisible bot protection on the public contact form only. May set cookies and process your IP + browsing signals to score each request. Not loaded on any authenticated page.
  • Subscription payments provider - when billing is enabled.
  • Third-party payroll integrations of your choosing - only where the business explicitly connects them. Attendance events are pushed to the integration you configured; nothing is pulled back beyond the connector metadata you set up.

We don't sell data to anyone. We don't share with marketing platforms, data brokers, or AI model training providers.

We use a small number of vendors in each of the categories above. Names are kept internal as a security and operational matter, in line with standard South African practice; we will, on reasonable written request from a Customer with a legitimate compliance reason, share the current named list under NDA.

7. How long we keep it

  • Attendance events: as long as the business needs them for payroll & compliance; default 7 years, configurable per tenant.
  • Face templates and enrolment photos: while the worker is active on that tenant, plus 90 days (for dispute resolution). Immediately on a right-to-erasure request.
  • Consent records: at least 7 years (POPIA audit requirement) or as long as the business holds any data about the worker, whichever is shorter.
  • Tenant account data (business signup info): while the subscription is active plus 30 days after cancellation.

8. Your rights

Under POPIA, any data subject can:

  • Ask what data we hold about them.
  • Correct inaccurate data.
  • Delete data, where lawful to do so.
  • Withdraw consent for future processing.
  • Lodge a complaint with the Information Regulator - inforegulator.org.za.

To exercise any of these, email hello@realattend.co.za with "POPIA request" in the subject. We respond within 30 days.

9. Security

  • Encryption in transit (HTTPS/TLS 1.2+) and at rest.
  • Passwords stored as bcrypt hashes; device API keys stored as bcrypt hashes.
  • Per-tenant database isolation.
  • Audit logs of admin actions and failed login attempts.
  • We don't run our own face-matching model - that work is done by a specialist third-party biometric matching provider.

10. Breach notification

If we become aware of a security breach that affects your data, we'll notify you by email as soon as we reasonably can, and no later than the deadlines set by POPIA (72 hours to the Information Regulator, and reasonable notice to affected data subjects).

11. Cookies and tracking

The web dashboard uses session cookies strictly for authentication and CSRF protection. The marketing site sets a small cookie for A/B-test variant assignment. We do not run third-party web analytics, behavioural tracking, or advertising trackers anywhere on the platform.

The one exception is the public /contact form, which loads a third-party bot-protection script. That provider may set cookies and read browser signals solely to score whether each request is from a human. The script is only loaded on that single page - not on the dashboard, the blog, or any authenticated route.

12. Children

RealAttend is for workforce management. It is not intended for anyone under 18. If you believe we've collected data about a minor, contact us and we'll delete it.

13. Changes to this policy

We'll update this policy as the product evolves. Material changes will be emailed to the primary account holder. The "last updated" date at the top reflects the most recent revision.

14. Contact

hello@realattend.co.za for anything privacy-related.

Note on this document. This is a reasonable-effort privacy policy reflecting how RealAttend actually operates. It is not legal advice, and it does not exempt businesses using RealAttend from their own POPIA obligations to their workers. Get a South African attorney to review before relying on this in a regulated context.