Yes. Punchly is free for teams of up to 5 staff. Larger teams use our paid plans starting at ₹49 per staff per month.

How does Punchly verify attendance?

Punchly uses GPS geofencing plus a selfie at the moment of check-in. This stops proxy attendance because the app verifies both that the staff member is physically at the workplace and that the right person is punching in.

Can I run multiple branches in Punchly?

Yes. Each branch has its own staff list, shifts, geofence and payroll. Branch managers see only their branch, head office admins see everything.

Does Punchly work for field staff?

Yes. Set 'Field staff' on the staff profile and they can check in from anywhere. Their GPS location is still captured for the live map.

Is my staff data safe?

All data is encrypted at rest in Supabase (Mumbai region) and encrypted in transit via HTTPS. Bank-account changes need admin approval to prevent salary-redirect fraud. We comply with India's DPDP Act 2023.

Privacy Policy — Punchly

1. Who We Are

Punchly is a biometric attendance management platform operated by K² Adexos Global Technologies, Hyderabad, Telangana, India. We provide GPS + selfie-based attendance tracking, payroll management, leave management, and shift scheduling for businesses and schools across Andhra Pradesh and Telangana.

Contact: support@punchly.online | K² Adexos Global Technologies, Hyderabad, Telangana — 500001

2. Data We Collect

We collect only the data necessary to provide our attendance and payroll services:

2.1 Personal Identification Data

Name, phone number, email address
Employee ID, designation, department
Date of joining, salary details

2.2 Biometric Data (Sensitive Personal Data)

Selfie photographs — captured during check-in to verify physical presence
GPS location coordinates — captured at time of check-in to verify on-site presence
Location accuracy, timestamp, and device identifier

This constitutes "sensitive personal data" under the Digital Personal Data Protection Act, 2023 (DPDP Act). We collect it only with your explicit consent.

2.3 Attendance & Work Data

Check-in and check-out times, breaks, overtime
Leave requests and approval history
Shift assignments, payroll calculations, payslips

2.4 Technical Data

Device type, browser, operating system
IP address, login timestamps
App usage logs for debugging and fraud detection

3. How We Use Your Data

Attendance verification: GPS and selfie are used only to confirm you are physically present at work at the time of check-in
Payroll processing: Attendance records are used to calculate salary, overtime, and deductions
Leave management: Leave requests and balances are tracked and processed
Fraud prevention: Mock GPS detection and attendance anomaly detection to prevent false check-ins
Reports: Attendance summaries are provided to your employer/manager
Platform improvement: Anonymized, aggregated usage data to improve the app

We do NOT use your biometric data for facial recognition, tracking outside work hours, or any purpose other than attendance verification.

4. Legal Basis for Processing (DPDP Act 2023)

Under the Digital Personal Data Protection Act, 2023, we process your personal data on the following grounds:

Consent: You explicitly consent to biometric data collection before your first check-in
Contractual necessity: Attendance data is required to fulfill the employment/payroll contract
Legitimate interest: Fraud detection and platform security
Legal obligation: Maintaining attendance records as required by Indian labour law

5. Data Storage & Security

Storage: Data is stored on Supabase (PostgreSQL database) with encryption at rest (AES-256)
Location: Data is stored on servers located in India (Supabase India region)
Access control: Row-Level Security (RLS) ensures each company can only access its own employees' data
Selfie photos: Stored in encrypted Supabase Storage. Not processed by facial recognition systems
Transmission: All data is transmitted over HTTPS (TLS 1.3)
Access: Only your employer's designated admins can access your attendance records

6. Data Retention

Attendance records: Retained for 7 years (as required by Indian labour law)
Selfie photographs: Retained for 3 years, then automatically deleted
GPS logs: Retained for 1 year, then automatically deleted
Payroll records: Retained for 7 years (as required by income tax laws)
Account data: Deleted within 30 days of account closure

7. Your Rights Under DPDP Act 2023

You have the following rights regarding your personal data:

Right to access: Request a copy of all personal data we hold about you
Right to correction: Request correction of inaccurate personal data
Right to erasure: Request deletion of your data (subject to legal retention requirements)
Right to grievance redressal: Lodge a complaint about how your data is handled
Right to withdraw consent: Withdraw consent for biometric data collection at any time
Right to nominate: Nominate another person to exercise your rights in case of incapacity

To exercise any of these rights, email us at: privacy@punchly.online with subject "Data Rights Request".

We will respond within 72 hours and fulfil the request within 30 days.

8. Data Sharing

We share your data only in the following circumstances:

Your employer: Attendance, leave, and payroll data is shared with your employer's designated admin. This is the core purpose of the platform.
Supabase (Infrastructure): Our cloud database provider. They process data on our behalf under a Data Processing Agreement.
Vercel (Hosting): Our web hosting provider. They serve the app but do not process personal data.
Razorpay (Payments): Payment details for subscription billing. Punchly does NOT store card details.
Legal requirements: When required by Indian courts or government authorities.

We NEVER sell your personal data. We do NOT share biometric data with third parties.

9. Biometric Data — Special Provisions

Because we collect biometric data (selfies + GPS during work hours), we follow additional protections:

Explicit written consent is obtained before the first check-in
Selfies are stored as photographs, NOT as facial embeddings or biometric templates
We do not use facial recognition algorithms or compare faces across employees
Your employer (admin) can view your check-in selfie as a visual audit trail only
Biometric data is never used for advertising or shared outside the employer relationship

10. Children's Data

Punchly is intended for use by adults (18+) in professional or employment contexts. For School Edition users, student attendance data is collected and managed by the school institution as the Data Fiduciary. Parents have the right to request access to or deletion of their child's data by contacting the school administrator.

11. Cookies & Tracking

Session cookies: Used only for authentication (keeping you logged in). Essential and cannot be disabled.
No advertising cookies: We do not use Google Ads, Facebook Pixel, or any advertising trackers
No analytics cookies: We use privacy-respecting server-side analytics only (no user-level tracking)

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users by email at least 7 days before any material changes take effect. Continued use of Punchly after the effective date constitutes acceptance of the updated policy.

13. Grievance Officer

As required by the Digital Personal Data Protection Act, 2023, we have appointed a Grievance Officer:

Grievance Officer: Karthikeya

Organization: K² Adexos Global Technologies

Address: Hyderabad, Telangana — 500001, India

Email: grievance@punchly.online

Response time: Within 72 hours acknowledgement, resolved within 30 days

If you are not satisfied with our response, you may approach the Data Protection Board of India once it is established.

14. Contact Us

Punchly Privacy Team

K² Adexos Global Technologies

Hyderabad, Telangana — 500001

Email: privacy@punchly.online

Website: https://punchly.online