Skip to main content

Legal

Privacy Policy

Data collection, verification, retention, rights, and subprocessors for our workforce platform

Last updated: 31 May 2026 · Terms · Partner Terms

Privacy Policy

VeriTrack Systems · Accra, Ghana · veritrack.cloud

Effective date: 31 May 2026. This policy describes how VeriTrack Systems collects, uses, shares, and protects personal information when you use our website, client portals, dashboards, communications, and related services.

1. Who we are and how to contact us

Data controller (for website and direct commercial relationships): VeriTrack Systems, operating from Accra, Ghana.

Privacy enquiries: info@veritrack.cloud · Phone: +233 59 254 8849
If you are an employee, student, or other end user of a Client Organisation’s portal, your employer or institution is usually the data controller for workforce or academic records. Contact them first; we will support them as processor where applicable.

2. Scope — who this policy covers

  • Client Organisation representatives — administrators, HR, finance, and owners who subscribe to VeriTrack;
  • End Users — staff, students, lecturers, event delegates, and others checking in through a Client portal;
  • Website visitors — people browsing veritrack.cloud, requesting demos, or using chat/support widgets;
  • Referral partners — independent partners onboarded under separate terms (see Partner Terms).

3. Personal data we collect

Categories depend on your role and enabled features:

3.1 Identity and employment / academic profile

  • Full name, Staff ID or student ID, job title or role, department, branch, class/course (college mode);
  • Work or institutional email and phone where supplied by the Client;
  • Profile photos or avatars if uploaded by the Client or End User.

3.2 Attendance and operational records

  • Check-in and check-out timestamps, shift or session identifiers, branch/site;
  • Attendance status (on time, late, absent, early departure), overtime and punctuality metrics;
  • Offline-queued events and sync timestamps;
  • QR or staff-ID validation events; admin corrections and audit notes where enabled.

3.3 Verification and location data

  • Live photo liveness — Camera captures processed to confirm presence and reduce buddy punching. Images may be stored according to Client configuration and dispute-retention settings described in Section 9;
  • GPS coordinates — Latitude/longitude (and accuracy metadata) at check-in/out when geofencing is enabled;
  • Device and technical data — IP address, browser type, operating system, device model, app/PWA version, language preference, and security logs.

3.4 Analytics, recognition, and optional modules

  • Leaderboard scores, badges, and recognition awards (optional add-on);
  • Shift rotation assignments and notifications (optional);
  • AI productivity tips or predictive analytics insights (optional), generated from attendance patterns;
  • Payroll export fields and integration logs (optional Payroll Sync add-on).

3.5 Commercial and partner data

  • Company name, sector, branch count, billing contacts, tax identifiers where required;
  • Subscription tier, payment history, renewal status, and support tickets;
  • Partner ID, referral attribution, and commission records for approved partners.

3.6 Website and communications

  • Demo requests, deployment forms, Calendly bookings, and chat widget transcripts;
  • Marketing preferences and email unsubscribe selections (manage preferences);
  • Cookies and similar technologies as described in Section 14.

4. How we collect data

  • Directly from Client Organisations during onboarding and administration;
  • From End Users when they check in/out, use dashboards, or respond to notifications;
  • Automatically through portal PWA operation, geolocation APIs, and server logs;
  • From payment processors when you pay subscriptions or renewals;
  • From partners who submit referral leads with consent.

5. Purposes and legal bases

Where GDPR-style legal bases apply, we rely on the bases below. Local law may use equivalent concepts (e.g. lawful processing under Ghana Act 843).

Purpose Typical legal basis
Provide portals, dashboards, and attendance captureContract / legitimate interest
Verify identity and prevent time fraud (photo liveness, GPS)Legitimate interest / legal obligation (employer duty)
Generate reports for HR, payroll preparation, and complianceContract / legal obligation
Send operational emails (summaries, alerts, shift notices)Contract / legitimate interest
Optional recognition, AI tips, predictive analyticsConsent or Client instruction
VGBA performance scoring and awards (eligible clients)Legitimate interest / consent for publicity
Billing, renewals, and fraud prevention on paymentsContract / legal obligation
Platform security, debugging, and service improvementLegitimate interest
Respond to enquiries and provide supportContract / legitimate interest

6. Automated processing and VGBA

VeriTrack calculates operational metrics (e.g. attendance rate, punctuality, checkout completion, online sync reliability) to power dashboards and, for enrolled clients, the VeriTrack Global Business Awards (VGBA). This processing is statistical and operational—not automated employment decisions. Clients remain responsible for how they use metrics in HR or academic policies. You may object to public VGBA publicity through your Client administrator or by contacting us.

7. Where data is stored and processor roles

Attendance and workforce records for Client Organisations are typically stored in the Client Organisation’s controlled Google Workspace environment (including Google Sheets, Drive, or related Google Cloud services configured for that tenant), with access restricted by role.

VeriTrack acts as a data processor (or service provider) when processing End User data on a Client’s instructions, and as a controller for our own website, billing, partner, and platform-security data. Specific arrangements may be documented in an order form or Data Processing Agreement.

8. Sharing and subprocessors

We share Personal Data only as necessary:

  • Client Organisation administrators — Full access within scope of their role to manage workforce or academic attendance;
  • Infrastructure and productivity providers — e.g. Google Workspace / Google Cloud for tenant data storage and automation;
  • Payment providers — e.g. Paystack for subscription and renewal transactions (we do not store full card PANs on our servers);
  • Scheduling and communications — e.g. Calendly for demo bookings, email delivery services for reports and alerts;
  • Website tools — e.g. chat/support widgets and social embeds when you interact with them;
  • Professional advisers — lawyers, accountants, or auditors under confidentiality;
  • Authorities — when required by valid legal process or to protect rights, safety, and security.

We do not sell Personal Data. We do not permit third-party advertising networks to track End Users inside client portals.

9. Retention periods

Data category Typical retention
Attendance and punctuality recordsUp to 5 years after the record date, or longer if required by Client policy or law
Verification photos (when stored)30 days by default; up to 90 days if a dispute is open; deleted earlier on Client request where feasible
GPS check-in metadataAligned with attendance record retention
Billing and subscription records7 years for tax and accounting compliance
Security and access logs12 months, unless needed for incident investigation
Marketing and demo enquiries24 months from last interaction, or until opt-out
Partner referral recordsDuration of partnership + 3 years for commission audits

After retention periods, data is securely deleted, anonymised, or archived in line with Client instructions and technical constraints.

10. Security measures

  • Encryption in transit — TLS 1.2+ for web and API traffic;
  • Role-based access control — Administrator, branch, and feature permissions per Client configuration;
  • Authentication controls — Staff ID and optional verification steps; session management on dashboards;
  • Monitoring and logging — Security events, failed logins, and abnormal sync patterns;
  • Vendor management — Subprocessors selected for reliability and security practices appropriate to workforce data.

No system is perfectly secure. Report suspected incidents immediately to info@veritrack.cloud.

11. International transfers

Client data may be processed in Ghana and in countries where our subprocessors operate (including the United States for certain Google Cloud services). Where transfers require safeguards, we implement appropriate measures such as standard contractual clauses, processor agreements, or equivalent mechanisms recognised under applicable law. Details may be specified in your contract.

12. Your rights

Depending on your location, you may have rights to:

  • Access — Obtain a copy of Personal Data we hold about you;
  • Rectification — Correct inaccurate information (often via your employer’s HR admin);
  • Erasure — Request deletion subject to legal and contractual retention needs;
  • Restriction or objection — To certain processing, including optional analytics or marketing;
  • Portability — Receive data in a structured format where technically feasible;
  • Withdraw consent — Where processing is consent-based (e.g. optional modules or marketing).

Submit requests to your Client Organisation first for workforce data, or to info@veritrack.cloud. We respond within 30 days where required by law, with possible extension for complex requests.

13. Email communications and preferences

With Client or End User authorisation, we may send:

  • Daily attendance summaries;
  • Weekly and monthly performance reports;
  • Leaderboard and awards notifications;
  • Shift rotation alerts;
  • AI predictive analytics digests;
  • System alerts (errors, subscription, security).

You can update preferences at unsubscribe.html or through your administrator. Critical service and security notices may still be sent where permitted by law.

14. Cookies and similar technologies

  • Essential cookies — Session and security tokens for dashboards and portal login;
  • Preference cookies — Language selection and UI state;
  • Analytics — Limited, first-party or privacy-oriented metrics on our marketing site where enabled;
  • Third-party widgets — Chat, social, or scheduling tools may set their own cookies when you interact with them; review their policies.

We do not use third-party advertising trackers inside client attendance portals.

15. Children and students

College and student attendance modules may process data about minors or students. Client Organisations (schools, colleges, training institutions) must ensure appropriate parental notice, consent, or legal basis under education and child privacy laws. VeriTrack processes such data only on Client instructions.

16. Data breach notification

If we become aware of a Personal Data breach affecting Client or End User data, we will notify affected Client Organisations without undue delay and provide information reasonably required to meet regulatory obligations. End Users should report suspected breaches to their organisation and to info@veritrack.cloud.

17. Regulatory framework

We design practices to align with applicable African and international standards, including: Ghana Data Protection Act, 2012 (Act 843); South Africa POPIA; Nigeria NDPR; Kenya Data Protection Act, 2019; and Rwanda Law No. 058/2021. VeriTrack Systems is approved and certified by Ghana’s Data Protection Commission (certificate above). You may lodge complaints with your local supervisory authority; in Ghana, contact the Data Protection Commission.

18. Changes to this policy

We may update this Privacy Policy to reflect legal, technical, or operational changes. Material updates will be posted on this page with a revised effective date and, where appropriate, notified to Client Organisation contacts or via in-portal message at least 14 days before taking effect.

19. Contact

VeriTrack Systems — Privacy

Email: info@veritrack.cloud

Phone: +233 59 254 8849

Accra, Ghana

See also our Terms and Conditions and Partner Terms.

Book a demo