Privacy Policy for HEART Nagaland
Effective Date: December 2024
⚠️ IMPORTANT: This app is designed for college students and faculty members (typically 18+ years old). We do not knowingly collect data from children under 13 years of age. This app is NOT intended for children under 13.
1. Introduction
HEART Nagaland ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application ("App").
2. Information We Collect
2.1 Personal Information
- Account Information: Name, email address, phone number, college affiliation, student/faculty ID
- Profile Data: Profile pictures, employment details, academic information, department
- Biometric Data: Face recognition data for attendance verification (processed locally on device only)
2.2 Usage Information
- Attendance Records: Check-in/check-out times and locations
- App Usage: Features used, time spent in app, interaction patterns
- Device Information: Device type, operating system, unique device identifiers
2.3 Location Information
- GPS Data: Used only for attendance verification within college premises (1km radius)
- Location is not stored permanently and is only used during active attendance sessions
2.4 Sensitive Data Types (Google Play Required Disclosure)
Our app collects and processes the following types of sensitive data:
- Biometric Data: Facial recognition data (processed locally, not stored on servers)
- Location Data: GPS coordinates for attendance verification (temporary use only)
- Personal Identifiers: Names, email addresses, phone numbers
- Device Identifiers: Unique device IDs for app functionality
- Camera Data: Images captured for face recognition (processed locally)
- Storage Data: Profile pictures and app data stored locally
3. Permissions and Sensitive Data Access
| Permission |
Purpose |
Data Collected |
Storage Location |
| CAMERA |
Face recognition for attendance verification |
Facial images and biometric templates |
Local device only |
| ACCESS_FINE_LOCATION |
Verify attendance within college premises |
GPS coordinates (temporary) |
Not stored permanently |
| READ_EXTERNAL_STORAGE |
Access profile pictures and app data |
Profile images and app files |
Local device storage |
| POST_NOTIFICATIONS |
Send important updates and announcements |
Notification preferences |
Local device settings |
4. How We Use Your Information
4.1 Primary Uses
- Attendance Management: Verify and record attendance using face recognition and location
- Communication: Send notifications about events, announcements, and important updates
- Account Management: Maintain your profile and account settings
- Data Submission: Allow authorized users (principals) to submit enrollment data
4.2 Legal Basis
- Consent: You provide explicit consent for data collection and processing
- Legitimate Interest: Educational institution management and attendance tracking
- Contract Performance: Providing services as part of your educational relationship
5. Data Sharing and Disclosure
5.1 We Do NOT Share Your Data With:
- Third-party advertisers
- Marketing companies
- Data brokers
- Unauthorized third parties
5.2 We May Share Data With:
- Your Educational Institution: For legitimate educational purposes
- Legal Requirements: When required by law or legal process
- Service Providers: Trusted partners who assist in app functionality
5.3 Third-Party Services
Our app uses the following third-party services:
- Firebase (Google): For authentication, database, and cloud storage
- Google Play Services: For app functionality and updates
- Expo: For app development and deployment services
These services have their own privacy policies and data practices. We ensure they meet our privacy standards.
6. Data Security
6.1 Security Measures
- Encryption: All data is encrypted in transit and at rest
- Access Controls: Strict access controls and authentication
- Regular Audits: Security assessments and vulnerability testing
- Secure Infrastructure: Firebase security features and best practices
6.2 Biometric Data Protection
CRITICAL: Face recognition data is processed locally on your device only. No biometric templates are stored on our servers. Biometric data is never shared with third parties.
7. Your Rights and Choices
7.1 Access and Control
- View Your Data: Access your profile and attendance records
- Update Information: Modify your profile and preferences
- Delete Account: Request account deletion and data removal
- Data Portability: Export your data in a standard format
7.2 Communication Preferences
- Notification Settings: Control which notifications you receive
- Marketing Communications: Opt-out of promotional messages
- Location Services: Enable/disable location tracking
7.3 Opt-Out Mechanisms
- Location Tracking: Can be disabled in device settings
- Notifications: Can be disabled in app settings or device settings
- Data Collection: Account deletion removes all collected data
- Biometric Processing: Can be disabled by not using face recognition features
8. Data Retention
8.1 Retention Periods
- Account Data: Retained while your account is active
- Attendance Records: Retained for 7 years for academic and administrative purposes
- Biometric Data: Not stored permanently, processed locally only
- Location Data: Not stored permanently, used only during active sessions
- App Usage Data: Retained for 2 years for analytics and improvement
8.2 Deletion
- Data is automatically deleted when you delete your account
- You can request immediate deletion of specific data
- Some data may be retained for legal compliance requirements (up to 7 years)
9. Children's Privacy (COPPA Compliance)
- Target Audience: Our app is designed for college students and faculty (typically 18+ years old)
- No Data from Children: We do not knowingly collect data from children under 13
- Immediate Action: If you believe we have collected data from a child, contact us immediately
- COPPA Compliance: We comply with the Children's Online Privacy Protection Act
10. Prominent Disclosure Requirements
In-App Data Collection Disclosure:
"HEART Nagaland collects facial recognition data to enable attendance verification, location data to verify attendance within college premises, and personal information to manage your educational account. This data is used for attendance tracking, communication, and account management purposes."
11. International Data Transfers
- Your data may be processed in countries other than your own
- We ensure adequate protection through standard contractual clauses
- Firebase provides global infrastructure with appropriate safeguards
12. Changes to This Policy
- We may update this Privacy Policy periodically
- Significant changes will be communicated through the app
- Continued use constitutes acceptance of updated terms
13. Contact Information
14. Compliance
This Privacy Policy complies with:
GDPR
CCPA
COPPA
FERPA
Google Play Store
15. Account Deletion
If you wish to delete your account, you can:
- Use the account deletion feature within the app
- Contact us at nititechnologies1@gmail.com
- Visit our website for account deletion instructions
When you delete your account, all associated data will be permanently removed from our systems, except for data we are legally required to retain.
16. Your Consent
By using HEART Nagaland, you consent to the collection and use of information as described in this Privacy Policy.