We comply with the Information Technology Act, 2000, the IT (Amendment) Act 2008, and the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011. Your data never leaves India.
1. Introduction
INIC Communications Private Limited ("INIC", "we", "us", "our") operates INIC CheckIn, a cloud-based face recognition attendance management system. This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and what rights you have over it.
By using INIC CheckIn, you agree to the collection and use of information in accordance with this policy. This policy applies to all users of the Service — organisation administrators, as well as employees whose data is processed by their employer through INIC CheckIn.
2. Data We Collect
Account Data
- Organisation name and admin username
- Email address (required for account verification and notifications)
- Phone number (optional)
- Billing information — plan type and payment status (we do not store card numbers or bank details directly)
Employee Data (collected by your organisation)
- Employee names, departments, designations, and shift timings
- Facial biometric data — 128-point mathematical facial descriptors generated from employee photographs at the time of enrolment
- Attendance records: check-in timestamps, check-out timestamps, and daily attendance status
Usage Data
- Login activity and session information for the web dashboard
- API request logs for system operation and security monitoring
- Device information for kiosk registrations (device ID, Android version)
- IP addresses and browser information for web dashboard access
Communication Data
- Emails exchanged with info@inic.in for support and account-related matters
3. How We Use Your Data
- To provide, operate, and maintain the INIC CheckIn Service
- To verify your email address and authenticate your account
- To send account-related notifications (verification emails, trial expiry reminders, subscription alerts)
- To improve the Service based on anonymised usage patterns
- To respond to support requests and communications
- To enforce our Terms & Conditions and prevent misuse
- To comply with applicable Indian law and respond to lawful requests from authorities
We do NOT use your data for advertising, profiling, or selling to third parties — ever.
4. Facial Biometric Data — Special Provisions
Sensitive Personal Data
Facial biometric data is classified as Sensitive Personal Data or Information (SPDI) under the IT Rules 2011. We treat it with the highest level of care and protection.
- Facial biometric data is collected only through explicit actions by the organisation administrator
- It is used exclusively for employee attendance identification within the kiosk system of your organisation
- After processing, it is stored as a mathematical descriptor (a set of 128 numerical values) — raw photographs are not retained after the facial descriptor is generated
- All facial descriptors are encrypted both at rest and in transit using industry-standard encryption
- Facial data is never shared with any third parties under any circumstances
- Facial data is never used to train AI models for purposes other than attendance identification within INIC CheckIn
- Upon account deletion or subscription cancellation, all facial biometric data is permanently and irreversibly purged within 30 days
- Organisations bear sole responsibility for obtaining explicit, informed consent from employees before enrolling their faces
5. Data Sharing
We do NOT sell, rent, or trade your personal data. We share data only in the limited circumstances below:
- Service providers — hosting infrastructure (Indian servers) and email delivery (for verification and notification emails). All providers are bound by confidentiality agreements and process data only as directed by us.
- Legal requirements — if required by Indian law, a court order, or a lawful request from a government authority
- Business transfer — in the event of a merger, acquisition, or sale of assets. You will be notified via email at least 30 days before such a transfer and given the option to delete your account.
Facial biometric data is never shared under any of the above circumstances, except where expressly required by a court order under Indian law.
6. Data Storage & Location
- All personal data, including attendance records and facial biometric descriptors, is stored on servers physically located in India
- We do not transfer personal data outside the territory of India
- Backup copies are also maintained within India
7. Data Retention
We retain your data for as long as necessary to provide the Service and comply with legal obligations. The table below summarises retention periods:
| Data Type | Retention Period |
|---|---|
| Account & organisation data | Duration of subscription + 30 days after cancellation |
| Employee records & profiles | Duration of subscription + 30 days after cancellation |
| Attendance records | Duration of subscription + 30 days after cancellation |
| Facial biometric descriptors | Duration of subscription + 30 days after cancellation |
| Email communication logs | 90 days |
| Usage & access logs | 30 days |
After the applicable retention period, data is permanently and irreversibly deleted from all systems including backups.
8. Security
- In transit — all data is transmitted over TLS/HTTPS encryption
- At rest — facial descriptors and sensitive fields are encrypted in storage
- Access controls — admin accounts are password-protected; super-admin access to infrastructure is restricted to authorised INIC personnel
- Regular reviews — we conduct periodic security assessments of our systems
- Incident response — in the event of a confirmed data breach affecting your account, we will notify you within 72 hours of discovery, as recommended by IT Rules 2011
While we implement strong security measures, no system is 100% impenetrable. You are responsible for maintaining the security of your admin credentials.
9. Your Rights
As an account holder or as an employee (via your organisation administrator), you have the following rights under applicable Indian law:
- Access — request a copy of the personal data we hold about you or your organisation
- Correction — request correction of inaccurate or incomplete personal data
- Deletion — request deletion of your data by closing your account or (for employees) through your organisation administrator removing your profile
- Portability — request your attendance data exported in a standard machine-readable format (CSV)
- Objection — object to the processing of your biometric data; this will require removal from the INIC CheckIn system
- Withdrawal of Consent — withdraw consent to data processing at any time; this may result in inability to use the Service
To exercise any of these rights, contact us at info@inic.in. We will respond within 30 days of receipt.
11. Children's Privacy
INIC CheckIn is designed for use by businesses and is not intended for users under 18 years of age. We do not knowingly collect personal data from minors. If you believe a minor's data has been collected through the Service, please contact us immediately at info@inic.in and we will take prompt action to delete it.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will notify you via email at least 14 days before changes take effect. The updated policy will also be published on this page with a revised "Last updated" date.
Continued use of the Service after the effective date of changes constitutes acceptance of the revised Privacy Policy.
13. Contact & Grievance Officer
For privacy concerns, data requests, or complaints, please contact our Grievance Officer as designated under the IT (Reasonable Security Practices) Rules 2011:
INIC Communications Private Limited
Grievance Officer: Manish Agrawal
Email: info@inic.in
Response time: Within 30 days of receipt (as per IT Rules 2011)
Also see our Terms & Conditions for the full legal agreement governing your use of INIC CheckIn.