Your Data, Protected.
Your Workforce, Trusted.
Timenox is built for businesses that take privacy seriously. We handle attendance data with minimal collection, strong technical security, and clear employer control — and we're transparent about all of it.
Built on Four Core Principles
Every design and architecture decision in Timenox starts with these commitments.
Privacy-First Design
Features that could create privacy risks are optional and disabled by default. GPS, photos, and device tracking are employer-configured — not forced.
Minimal Data Collection
We collect only what is needed to verify attendance. No behavioral tracking, no advertising profiles, no data enrichment from third parties.
Full Transparency
We publish exactly what data we collect, how we use it, and who processes it — in plain language, not buried in legal text.
Security by Default
Encryption is on, access is locked down, and every attendance record includes a verified device identity — out of the box.
How Timenox Protects Your Data
The technical architecture that makes Timenox secure without requiring biometrics or special hardware.
Device-Bound Identity
Each employee is tied to their registered device using a cryptographic key pair. No shared logins. No password guessing. The device proves identity — not a username.
No Raw Biometric Storage
If a device uses fingerprint or face unlock (via WebAuthn), that happens entirely on the device's operating system. Timenox never receives or stores fingerprints, face scans, or any biometric data.
Passkey Authentication (WebAuthn)
Check-ins are authenticated using the WebAuthn standard — the same technology used by Google, Apple, and Microsoft. It's phishing-resistant, passwordless, and industry-verified.
Role-Based Access Controls
Attendance data is only accessible to authorized administrators within your organization. Employees can see their own records. No one else can access your company's data.
Data We Handle — and Why
Simple, honest breakdown. No hidden collection. No surprise processing.
| Data Type | What It Is | Why We Use It |
|---|---|---|
| Employee Info | Name, email or ID, department | To create the employee profile and link attendance records |
| Device Data | Device fingerprint, WebAuthn credential ID | To verify that check-ins come from a registered, trusted device |
| Location (GPS) | GPS coordinates at check-in / check-out moment | To confirm the employee is within the authorized work location |
| Photos | Selfie captured at check-in or check-out | For manual visual verification by the employer's administrator |
| Attendance Records | Timestamps, location, device, photo linked to each event | To generate accurate attendance reports for payroll and management |
| Account Data | Administrator name, work email, company name | To manage the employer's account and deliver the Service |
Full details in our Privacy Policy.
Compliance & Legal Framework
Our policies and agreements are written to support your compliance obligations, not just ours.
Privacy & Data Protection
Explains data roles, technology behavior, GDPR-aligned rights, and international transfer safeguards.
Data Processing Agreement
Formal DPA for EU and UK customers. Governs Timenox's obligations as your Data Processor under Article 28 GDPR.
Privacy Policy
Complete account of all personal data collected, how it's used, shared, retained, and your rights as a data subject.
Terms of Service
Governs use of the platform, employer responsibilities, data accuracy, and liability framework.
Enterprise or procurement teams: We can provide a completed DPA, a security questionnaire response, or sub-processor list on request. Email us at support@timenox.com.
Infrastructure & Security
Technical safeguards applied to every account, by default.
Encryption in Transit
All traffic between your browser and Timenox servers is protected using TLS (HTTPS). Data is never sent in the clear.
Encryption at Rest
Stored data — attendance records, photos, device credentials — is encrypted on disk using industry-standard algorithms.
Strict Access Controls
Internal access to customer data is restricted to authorized personnel on a need-to-know basis, with audit logging.
Continuous Monitoring
Our infrastructure is monitored around the clock for anomalies, errors, and potential security events.
Breach Notification
In the event of a confirmed security incident affecting your data, affected employers are notified promptly — aiming for within 72 hours of discovery.
Secure Cloud Infrastructure
Hosted on managed cloud infrastructure with high availability, automated backups, and geographic redundancy.
You're in Control
As the Employer using Timenox, you are the Data Controller for your employees' attendance data. Timenox processes that data on your behalf — and only on your instructions.
Add and remove employees
You decide who is tracked. Employee data is removed when you remove the employee record.
Enable or disable features
GPS verification, photo capture, and device fingerprinting are all employer-configured. Turn them on when you need them.
Export your data
Your attendance records are your records. Download them at any time from your dashboard.
Request deletion
Close your account and request full data deletion at any time by contacting support@timenox.com.
For Employees
If you are an employee whose attendance is managed through Timenox, your employer is the Data Controller for your records. For access, correction, or deletion requests, contact your employer first.
If your employer is unresponsive, you may reach us directly at support@timenox.com and we will assist where possible.
Data Ownership
Your attendance data is yours. Timenox does not use your employees' data for any purpose other than delivering the Service to you. We do not analyze, sell, license, or share it with third parties for commercial purposes.
What We Never Do
These are hard limits — not marketing language.
We don't sell your data
Employee or employer data is never sold to third parties, data brokers, or advertisers.
We don't run ads
Timenox has no ad network, no retargeting pixels, and no interest-profile building.
No continuous GPS tracking
Location is captured only at the moment of check-in or check-out — never in the background.
No biometric storage
We do not store fingerprints, face data, voice prints, or any biometric identifiers.
No hidden data use
We do not run secondary analysis on employee data for purposes outside of delivering the Service.
No data sharing for profit
Third parties receive only what is necessary to operate the infrastructure (e.g., hosting providers).
Have a Security or Compliance Question?
Whether you're an enterprise buyer, a DPO, or just want to understand how your data is handled — we're happy to talk. No sales pitch. Just answers.
We typically respond within one business day.