FaceMate Logo
FaceMate Logo

Privacy Policy

Last Updated: 2026-02-27

This Privacy Policy ("Policy") explains how Aryahs World Infotech (OPC) Private Limited ("Company", "we", "us", "our") collects, uses, shares, stores, and protects information when you use the FaceMate application and related services (collectively, the "Service").

This Policy should be read together with our Terms & Conditions. Where your employer/organization ("Organization") provides access to FaceMate, the Organization may control certain settings, including verification frequency, roles, and retention.

1) Who We Are (Data Fiduciary / Data Controller)

Company Name: Aryahs World Infotech (OPC) Private Limited
Legal Entity Statement: "Aryahs World Infotech (OPC) Private Limited, a company incorporated under the Companies Act, 2013 of India."
Contact Support: tech.aryahs@gmail.com
Registered Address:
601, Gauri Complex,
Sector-11, CBD Belapur,
Navi Mumbai - 400614,
Maharashtra, India

If your Organization provides access to FaceMate, the Organization may be the primary administrator of your account. In such cases, we process data to provide the Service to the Organization and act on the Organization's instructions where applicable and lawful.

2) Definitions (High-Level)

  • Personal Data: any data about an identifiable individual.
  • Biometric Data: data relating to unique biological characteristics used to identify a person, including face embeddings derived from face images.
  • Face Embeddings: numerical representations derived from a face image used for matching/verification.
  • Processing: collection, storage, use, disclosure, deletion, or any operation on data.

3) Scope

This Policy applies to:

  • Mobile, desktop, and web clients of FaceMate
  • Backend services, APIs, dashboards, and security systems supporting FaceMate
  • Attendance verification and smart verification reminders and flows

4) Information We Collect

4.1 Account & Identity Data

  • Full name (as provided by you or your Organization)
  • Work email address / username
  • Organization identifiers (e.g., company ID, department)
  • Role and access level (Admin / Manager / Employee)

4.2 Attendance & Session Data

  • Attendance events (e.g., check-in, check-out, verification events)
  • Session metadata (e.g., status, timestamps, duration data)
  • Work mode and client type (web/mobile/desktop) as required for the Service

4.3 Biometric Data (Face Embeddings)

FaceMate may process biometric information such as face embeddings derived from your face image for:

  • Attendance verification (identity verification)
  • Smart verification and security checks where configured

We do not sell biometric data. We do not use biometric data for advertising. We do not use biometric data for unrelated profiling.

4.4 Images & Camera Inputs

  • Face images submitted for enrollment and verification workflows
  • Verification frames may be captured where configured and permitted

4.5 Technical, Security & Audit Data

  • IP address (e.g., for security and OTP context)
  • Device/app metadata (e.g., app version) and user-agent
  • Security/audit logs for abuse prevention and traceability

4.6 Preferences

  • Notification preference (enable/disable) stored locally where applicable
  • Time format preference (12h/24h) stored locally where applicable
  • Language selection stored locally where applicable

5) Purpose Limitation (Why We Use Data)

We process personal data only for legitimate, specific, and limited purposes, including:

  • Account creation and access management
  • Identity verification for attendance and presence checks
  • Delivering OTPs, verification prompts, and security notices
  • Fraud prevention, abuse detection, and security auditing
  • Service reliability, debugging, and operational monitoring
  • Compliance with legal obligations and lawful requests

Biometric processing is limited to attendance verification and security and is not used for unrelated purposes.

6) Legal Bases & Compliance References

6.1 India

We follow applicable Indian laws and recognized privacy principles, including:

  • Information Technology Act, 2000 and applicable rules/guidance
  • Digital Personal Data Protection Act, 2023 (DPDP Act) principles such as consent, purpose limitation, data minimization, security safeguards, and accountability

6.2 GDPR Principles (Global Users / Best Practice)

Where GDPR principles apply or are used as best practice, we align with:

  • Lawfulness, fairness, and transparency
  • Purpose limitation and data minimization
  • Accuracy and storage limitation
  • Integrity and confidentiality
  • Accountability

7) Explicit User Consent for Biometric Processing

By enrolling your face and using the Service (or by your Organization enabling biometric verification for attendance), you provide explicit consent to:

  • Capture face images for enrollment/verification
  • Create and store face embeddings
  • Compare embeddings to verify identity for attendance and presence verification

If you do not consent, you should not use biometric features. Your Organization may provide alternate mechanisms if configured.

8) Data Retention

We retain data only as long as necessary to provide the Service and meet contractual/legal obligations.

Typical retention approach:

  • Biometric embeddings: retained while your account is active and biometric verification is enabled; deleted upon deactivation/termination or verified deletion request, subject to Organization policy and legal requirements.
  • Face images: may be stored temporarily for enrollment/verification workflows; retention (if any) is controlled by configuration and/or Organization policy.
  • Attendance records: retained to support compliance, audits, payroll/HR needs, and Organization policy.
  • Security/audit logs: retained for a reasonable period to detect, prevent, and investigate security incidents and misuse.

Your Organization may control retention settings. We act on the Organization's instructions unless prohibited by law.

9) Security Safeguards

We implement reasonable technical and organizational safeguards, such as:

  • Role-based access controls and authentication controls
  • OTP and verification flows for sensitive actions
  • Transport security (e.g., HTTPS/TLS where applicable)
  • Monitoring and alerting for misuse and suspicious activity
  • Best-effort minimization of sensitive data exposure in logs

No system is perfectly secure. We continuously improve safeguards and operational controls.

10) Data Sharing & Disclosure

We may share data:

  • With your Organization (admins/managers as configured): for workforce attendance and compliance administration.
  • With service providers (processors): hosting, email delivery, and operational tooling as necessary to provide the Service. Providers are required to protect data and use it only to provide services to us.
  • For legal reasons: to comply with lawful requests, court orders, or to protect rights, safety, and security.

We do not sell personal data.

11) Cross-Border Transfers

Depending on deployment or service providers used, data may be processed in locations outside your country. Where we transfer data, we take reasonable steps to ensure an appropriate level of protection consistent with applicable laws and best practices.

12) Your Rights

Subject to applicable law and Organization controls, you may have rights such as:

  • Access to your data
  • Correction of inaccurate data
  • Deletion of data (subject to legal/contractual obligations and Organization policy)
  • Withdrawal of consent where applicable (biometric features may become unavailable)
  • Grievance redressal / complaint mechanisms

To submit a request, contact tech.aryahs@gmail.com. If your Organization controls your account, we may direct you to your administrator for certain requests.

13) Cookies / Tracking

FaceMate is primarily a workplace application. If the web client uses local storage/session storage for operational functionality (e.g., session keys, tab-lock), it is used for functionality and security rather than advertising tracking.

14) Children's Privacy

The Service is intended for workplace/organizational use and is not directed to children. We do not knowingly collect personal data from children.

15) Changes to This Policy

We may update this Policy periodically. If changes are material, we will provide notice through the Service or other reasonable means.

16) Governing Jurisdiction

This Policy is governed by the laws of India, and courts at Navi Mumbai, Maharashtra shall have jurisdiction, subject to applicable law.