NepTime logo NepTime
Privacy Policy

Privacy Policy

NepTime is a human resource information system (HRIS) application used to manage employee attendance, leave, schedules, and related workforce administration. This application is not owned by, operated by, or affiliated with any government entity.

Last updated: June 4, 2026 Company: PT. INDOPASIFIK INDAHTAMA Country: Indonesia

Overview

This Privacy Policy explains what information NepTime collects, how the information is used, whether it is shared, where it is stored, how long it is retained, and how users may request access, correction, deletion, or withdrawal of consent where applicable.

Important: NepTime uses a photo-based attendance feature. Because an attendance photo can contain a user's face, this policy includes a dedicated Face Data section for clarity.

Data We Collect

Depending on the feature used, NepTime may collect the following categories of data:

Category Examples Purpose
Account and employee data Name, employee ID, account credentials, work schedule, department, contact details User authentication, attendance administration, HR operations
Attendance submission data Clock-in / clock-out time, attendance type, address, attendance notes Attendance recording, payroll support, compliance, dispute handling
Location data Latitude, longitude, and derived attendance location information Checking whether the user is within an approved attendance radius
Face data in attendance photos Selfie or attendance photo submitted at clock-in or clock-out that may contain the user's face Face presence verification and attendance evidence
Technical and usage data IP address, device identifiers, browser or operating system information, diagnostic logs Security, troubleshooting, and service improvement

Face Data Policy

To support online attendance features, NepTime processes face data and, where applicable, biometric face data solely for identity verification, prevention of attendance misuse, and protection of the integrity of attendance records. This processing is carried out in accordance with purpose limitation, data minimization, and applicable privacy obligations.

Face Data We Collect

When a user performs online check-in or check-out, we may collect and process the following categories of face data:

  • A face photo captured or knowingly uploaded by the user as part of an attendance submission.
  • Face feature points or face landmarks extracted from the face photo, including but not limited to the eyes, nose, mouth, and facial contours, to the extent necessary for face recognition and attendance verification.
  • A biometric face template or similar mathematical representation of facial characteristics, if our face recognition feature uses it to match the user's identity against authorized reference data.
  • Supporting metadata directly related to attendance verification, such as attendance date and time, attendance type, location, and account or employee identity.

We do not collect face data from the device photo library or from other sources outside the attendance process unless the user actively selects or submits a photo for attendance purposes.

Purpose and Processing of Face Data

Face data is processed on a limited, specific, and lawful basis only for the following purposes:

  • To verify the identity of the user when submitting online attendance.
  • To prevent misuse of the attendance system, including unauthorized use of an account.
  • To prevent duplicate attendance, proxy attendance, identity fraud, spoofing, or other forms of abuse that may affect the accuracy of attendance records.
  • To support internal audit requirements, attendance objection or dispute handling, and administrative evidence where relevant to attendance records.

Face data is not used for purposes other than those described above. In particular, face data is not used for advertising, user profiling, data sales, unrelated marketing, or analysis or inference of sensitive attributes such as race, ethnicity, religion, health status, sexual orientation, political views, or other sensitive personal characteristics.

Sharing of Face Data

We do not sell, lease, trade, transfer, or disclose face data to third parties for their own commercial purposes. Access to face data is restricted only to:

  • Authorized internal personnel with a legitimate need to access the data for operational, security, audit, compliance, or technical support purposes within the scope of their duties.
  • Hosting, infrastructure, storage, security, or technical support providers acting on behalf of the Company and bound by confidentiality, data use restrictions, and appropriate data protection obligations.
  • Other parties where disclosure is required by applicable law, court order, official investigation, or regulatory obligation.

In all cases, face data is not shared with advertisers, data brokers, or other parties for profiling, monetization, or secondary uses unrelated to attendance.

How We Use Data

The Company may use personal data and attendance data for the following purposes:

  • To provide and maintain NepTime and its attendance, leave, and scheduling features.
  • To manage user accounts, employee access, and authentication.
  • To verify attendance submissions, including attendance photo review and attendance radius checks.
  • To generate attendance records used for workforce administration, payroll support, and internal reporting.
  • To contact users regarding account, operational, service, or security matters.
  • To protect the service, investigate abuse, and enforce company rules and legal obligations.
  • To improve reliability, troubleshoot issues, and maintain system security.

Storage and Retention of Face Data

Attendance photos containing a face, face feature points, biometric face templates where used, and related metadata are stored on application servers, storage media, or cloud infrastructure managed by the Company or by infrastructure providers acting on the Company's behalf. Such data is protected by appropriate access controls and may be accessed only by authorized parties as described in this policy.

Face data is not retained indefinitely. Unless a longer retention period is required by law or otherwise justified by a legitimate basis, face data is retained for 2 (two) years from the date of collection. This retention period is established to support legitimate business and legal needs, including attendance history verification, employment and payroll administration, internal audit, investigation of suspected misuse, defense or resolution of disputes, and compliance with applicable obligations.

We apply a defined, documented, and auditable retention period for face data processed through the online attendance feature.

Deletion of Face Data

After the retention period expires, face data, face feature points, and biometric face templates where used will be permanently deleted or irreversibly anonymized in accordance with our internal data deletion procedures. Deletion is performed in a manner intended to ensure the data can no longer be used to identify the user.

Exceptions to deletion at the end of the retention period may apply where the data must be retained for legal obligations, audit requirements, active investigations, lawful requests from competent authorities, dispute resolution, suspected fraud, or other ongoing matters. In such cases, the data will be retained only to the extent necessary for those purposes and deleted once the basis for continued retention ends.

User Rights Regarding Face Data

To the extent permitted by applicable law, users may request information about the processing of their face data, request access to relevant data, request correction of inaccurate data, and request deletion of face data in accordance with this policy. Users may also withdraw consent where consent is the legal basis for processing, with the understanding that withdrawal may prevent use of online attendance features that depend on face verification.

  • Access to the camera and location is requested only to support legitimate attendance and verification functions.
  • Users may disable camera or location permissions through device settings, but doing so may limit or disable certain attendance features.
  • Requests concerning access, correction, deletion, or questions about face data processing may be submitted through the contact information provided in this privacy policy.
  • User rights may be limited where necessary to comply with legal obligations, security requirements, fraud prevention, employment recordkeeping, or evidentiary needs in ongoing disputes.

Security

The Company implements reasonable administrative, technical, and organizational measures designed to protect personal data, including attendance photos and related metadata, against unauthorized access, alteration, disclosure, or destruction. No system can be guaranteed to be completely secure, but the Company works to apply safeguards appropriate to the sensitivity of the data processed by NepTime.

Contact Us

If you have questions about this Privacy Policy or want to request access, correction, deletion, or additional information regarding your data, you can contact:

  • PT. INDOPASIFIK INDAHTAMA
  • Email: it.team1@indopasifik.id
  • Address: Jl. Jalur Sutera Barat No. 15, Kota Tangerang 15143, Indonesia