QuickClockin
Get free app

Privacy Policy

QuickClockin collects only what is needed to operate the service, protect accounts, and generate workforce reports. We do not sell your data and we do not use it for advertising.

Last updated: June 16, 2026

1. Information we collect

Account information

When you register or are added to QuickClockin, we collect:

  • Full name, email address, and hashed password
  • Numeric login ID (system-assigned employee identifier)
  • Timezone preference and account role (employee or administrator)
  • Account creation date

Work & workforce records

The core purpose of QuickClockin is time tracking. We collect and store:

  • Clock-in and clock-out timestamps — recorded server-side at the moment the action is performed
  • Work session duration and history
  • Project and job-site assignments per session
  • Mileage — manually entered by the employee per session; no GPS or location data is collected

Device & technical information

  • Device name — the name of your iOS device (e.g., "Alex's iPhone") is sent to our servers at login for security and session management
  • IP address — collected server-side for security, fraud detection, and access logging
  • Browser and OS information — collected via standard HTTP headers when using the web dashboard
  • Authentication tokens — stored in the iOS Keychain on device; transmitted securely with each API request

Server & security logs

Our servers automatically record standard technical logs: request timestamps, API endpoints accessed, HTTP status codes, IP addresses, and authentication success/failure events. Auth-related responses are redacted in logs; credentials are never logged. Logs are retained for up to 90 days.

2. Firebase Analytics (iOS app)

The QuickClockin iOS app uses Google Firebase Analytics. Firebase automatically collects the following anonymous, non-identifiable information:

  • app_instance_id — an anonymous, Firebase-generated identifier for the app installation. This is not an advertising identifier (IDFA) and is not used for advertising.
  • Device model, iOS version, and app version
  • Device language and timezone (OS-level settings)
  • Screen views, session duration, and app open events

Firebase Analytics does not receive your name, email, employee ID, work records, or mileage. Firebase data is governed by Google's Privacy Policy. Learn more at firebase.google.com/support/privacy.

The QuickClockin iOS app does not use: Firebase Crashlytics, Firebase Performance Monitoring, Firebase Cloud Messaging (push notifications), or advertising identifiers (IDFA).

3. Cookies & sessions

iOS app: No cookies. Authentication is maintained using a secure bearer token stored in the iOS Keychain.

Web dashboard: We use strictly necessary cookies for authentication and security:

  • Session cookies — expire when you close your browser; maintain your logged-in state
  • Security cookies — CSRF tokens to protect against request forgery

We do not use advertising cookies, retargeting cookies, or third-party tracking pixels on any page of QuickClockin.

4. How we use your information

  • Service delivery — to operate time tracking, record work sessions, manage projects, and generate reports
  • Authentication & security — to verify identity, maintain sessions, detect unauthorized access, and prevent abuse
  • Communication — account confirmations, password resets, and important service notices. We do not send marketing emails without explicit consent.
  • Product improvement — aggregated Firebase Analytics data is used to understand feature usage and improve the app
  • Compliance & dispute resolution — to respond to legal requests and enforce our Terms of Service

We do not sell, rent, or trade your personal information. We do not use your data for advertising.

5. Security measures

  • All data is transmitted over HTTPS/TLS encryption
  • Passwords are stored using cryptographic hashing (bcrypt); never in plain text
  • Authentication tokens are stored in the iOS Keychain with kSecAttrAccessibleWhenUnlocked protection
  • Clock-in/out timestamps are recorded server-side, preventing client-side manipulation
  • Session cookies use HttpOnly and SameSite flags; CSRF tokens protect web forms
  • Production system access is restricted to authorized personnel

No system is perfectly secure. While we implement industry-standard measures, we cannot guarantee absolute security of data transmitted over the internet.

6. Data retention

  • Work records and account data — retained for the life of the account
  • Server security logs — retained up to 90 days, then purged
  • Firebase Analytics data — subject to Google's retention policies (typically 14 months)

Upon account deletion, we permanently remove your personal data and workspace records within 7 days, except where retention is required by law.

7. Sharing & service providers

We share data only with the providers strictly necessary to operate the service:

  • Google LLC (Firebase) — anonymous analytics data; no account PII shared. See Google Privacy Policy.
  • Hosting and infrastructure providers — processed under data processing agreements
  • Transactional email providers — for password resets and account notifications

We may also disclose data if required by law, court order, or to protect the rights, safety, or property of QuickClockin, our users, or the public.

8. Employer & administrator access

Account administrators have full access to all work records, session history, mileage entries, and project data for employees in their workspace. This access is intentional — it is the core function of the service.

It is the sole responsibility of the employer or administrator to obtain any legally required consents from employees prior to monitoring work time, and to comply with all applicable employment, labor, and privacy laws in their jurisdiction. QuickClockin provides a technology tool only and does not provide legal or compliance advice.

9. iOS app permissions

The QuickClockin iOS app does not request or access:

  • Location or GPS data
  • Camera, microphone, or photo library
  • Contacts or calendar
  • Apple Advertising Identifier (IDFA)
  • Face ID or biometrics
  • Push notifications

Mileage is manually entered by the user — the app does not track physical movement or location.

10. Your rights

Depending on your jurisdiction, you may have the right to access, correct, export, or delete your personal data. You can export your work records at any time as PDF or CSV from within the app or web dashboard.

For access, correction, or deletion requests, contact support@quickclockin.com from your account email. We will respond within 30 days.

California residents (CCPA): You have the right to know what data we collect, request deletion, and opt out of sale. We do not sell personal data — no opt-out is required. Submit requests to support@quickclockin.com.

EEA / UK residents (GDPR): Our legal bases for processing are contract performance, legitimate interests (security, analytics), and legal obligation. You have the right to object to processing and to lodge a complaint with your supervisory authority.

11. Children's privacy

QuickClockin is a business product not directed to individuals under 16. We do not knowingly collect data from minors. If you believe a child's data has been submitted, contact us and we will remove it promptly.

12. Changes to this policy

We may update this policy from time to time. Material changes will be announced on the site or by email. The "Last updated" date reflects the latest revision. Continued use of the service after changes become effective constitutes acceptance of the updated policy.