Privacy Policy

Last updated: 25 September 2025

Owner/Controller: COPROMS (PVT) LTD (“we”, “us”, “our”)
Website: https://coproms.com
Contact (Privacy & Support): info@coproms.com
Address: Johar Town, Lahore, Pakistan

This Privacy Policy explains how we collect, use, disclose, and protect personal information when you use COPROMS on the web and our mobile apps (Android and iOS). By using COPROMS, you agree to this Policy.

What we collect

Account & Organization Data: name, email, phone (optional), role, company/branch/site IDs.

Operational & HR Data: timesheets, attendance records, tasks, shift schedules, approvals, comments, documents you upload.

Device & App Data: app version, device model, OS version, language, crash logs, diagnostics, basic analytics.

Geo-Location (only during QR attendance): precise location (GPS/Network) captured once at the moment an employee scans a site QR code to check in/out. Stored fields include latitude/longitude, timestamp, user ID, site/project ID, and method (QR). We do not collect location continuously or in the background.

Why we collect it (purposes)
  • Attendance verification at authorized worksites (QR check-in/out).
  • Compliance and audit trail for accurate site presence logs.
  • Service operation (authentication, account management, performance, security, debugging).
  • Support and safety (troubleshooting, fraud/abuse prevention).
  • Legal and contractual obligations.

We do not sell personal data and do not use location for advertising.

Legal bases (EEA/UK users)
  • Contract performance: provide workforce features you/your employer use.
  • Legitimate interests: security, fraud prevention, and service improvement (balanced with your rights).
  • Consent (mobile location): your device asks for permission; you can deny or revoke it anytime in device settings.
How geo-location works
  • Trigger: when you tap Check-In/Out and scan the site’s QR code, the app requests “While Using the App” location permission.
  • Scope: we capture a single point (current location) to validate the QR scan against the authorized site area (with reasonable geofence for GPS drift).
  • No background tracking: COPROMS does not collect location when the app is closed or not actively used for attendance.
  • If permission is denied: other app features may still work, but QR attendance requiring location may not.

Google Play short disclosure: COPROMS collects your precise location only when you scan a QR code to check in/out for attendance to verify you are at an authorized site. We do not track location in the background and do not use location for ads.

Data sharing
  • Your organization (workforce data controller): authorized admins/managers can view attendance, including location/time captured at check-in/out.
  • Processors (service providers under contract/confidentiality): DigitalOcean (hosting), Cloudflare (CDN/security), New Relic (crash/performance), Postmark (email).
  • Legal and safety disclosures as required by law or to protect rights and safety.
  • Business transfers in case of merger/acquisition under similar protections.

We do not allow vendors to use your data for their own advertising.

Retention

Attendance and location entries are retained for 3 years (or longer if your employer’s policy or law requires), then deleted or anonymized. Diagnostics and logs are kept for a limited period for troubleshooting and service quality.

Your rights

Depending on your region (e.g., GDPR/UK GDPR/CCPA), you may have rights to access, correct, delete, or export your data; object to or restrict certain processing; and withdraw consent (e.g., location permission in device settings). Workforce records are often managed by your employer; for HR/attendance requests, we may direct you to your organization’s admin.

Security

We use administrative, technical, and physical safeguards (encryption in transit, access controls, logging, least-privilege). No system is 100% secure; we continually improve protections.

Children

COPROMS is for authorized business users and is not directed to children under 16 (or applicable age). If we learn a child’s data was collected without proper authorization, we will delete it.

International transfers

We may process/store data in countries other than where you live. Where required, we use appropriate safeguards (e.g., Standard Contractual Clauses) for cross-border transfers.

Changes

We may update this Policy. Material changes will be notified in the app or on our website. Continued use after the effective date means you accept the updated Policy.

Contact

Questions or requests about privacy: info@coproms.com
COPROMS (PVT) LTD, Johar Town, Lahore, Pakistan