Clockd
Legal

Privacy Policy

How we handle personal information across the Clockd kiosk app, staff app, admin portal and website.

Last updated: 17 June 2026

This Privacy Policy explains how Clockd(“Clockd”, “we”, “us” or “our”) collects, uses, discloses and protects personal information when you use the Clockd kiosk app, staff mobile app, web admin portal and this website (together, the “Service”). We handle personal information in accordance with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth).

1. Our role: controller and processor

Clockd is used by restaurants and hospitality businesses (“Employers”) to manage their workforce. For the personal information of an Employer’s staff that we process on the Employer’s behalf, the Employer is responsible for that information and we act as a service provider (processor). If you are an employee, please direct requests about your information to your Employer in the first instance; we will assist them. For account holders and website visitors, we act as the controller of that information.

2. Information we collect

Account & business information

  • Administrator name, email address and password (managed via our authentication provider)
  • Business/restaurant details, including locations and configuration
  • License and device registration information

Employee information (entered by the Employer)

  • Name, phone number and a 4-digit PIN (stored in protected form)
  • Employee type, roles and employment classification
  • Pay rules and payroll-related details configured by the Employer

Time & attendance data

  • Clock in / clock out times and break start / end times
  • A photo captured by the device camera at each clock action, used as visual proof of attendance to deter buddy-punching
  • GPS location captured at the time of a mobile clock action (where enabled)
  • The source of the entry (kiosk or mobile) and related device details

Integration data

  • If an Employer connects Google Sheets, we process the OAuth authorisation needed to write the files they choose (limited drive.file access).

Technical & usage data

  • Log data, device and browser information, and IP address
  • Audit records of actions taken in the Service

3. Photos and identity verification

Photos captured at clock actions are used to confirm that the right person performed the action and to give managers visual proof when approving time. They are retained with the related time entry and shown in the approval workflow. We do not sell these photos. If facial recognition features are made available in future, they will only be used where lawful and with the additional consent required for biometric information. Employers are responsible for informing their staff that photos are captured and for obtaining any consent required by law.

4. How we use information

  • To provide, operate and maintain the Service
  • To verify attendance and reduce time-and-attendance fraud
  • To prepare payroll information and enable approved exports
  • To provide support and respond to requests
  • To secure the Service, prevent abuse and maintain audit trails
  • To comply with our legal obligations

5. Disclosure of information

We may disclose personal information to:

  • Service providers who host and run the Service on our behalf (including our cloud database, storage and authentication provider), under obligations of confidentiality and security;
  • Integrations you choose, such as Google, when an Employer connects them;
  • The relevant Employer, for staff data we process on their behalf;
  • Authorities or others where required or permitted by law.

We do not sell personal information.

6. Overseas storage

The Service is hosted using reputable cloud infrastructure. Some information may be stored or processed outside Australia by our service providers. Where this occurs, we take reasonable steps to ensure your information is handled consistently with the APPs.

7. Data retention

We retain personal information for as long as needed to provide the Service and to meet the Employer’s record-keeping and legal obligations (for example, employment and payroll records). Employers can configure retention for certain data, including temporary-staff records. When information is no longer required, we take reasonable steps to delete or de-identify it. See Account & data deletion for how to request removal.

8. Security

We use technical and organisational measures to protect personal information, including encryption in transit, access controls, row-level security scoped to each business, and protected storage of sensitive values. No system is completely secure, but we work to protect your information and to respond promptly to any incident.

9. Your rights

You may request access to, or correction of, the personal information we hold about you. If you are an employee, please contact your Employer first; we will support them in fulfilling your request. You can also contact us using the details below. You may complain to us about how we handle your information, and if you are not satisfied with our response, to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

10. Children

The Service is intended for use in a workplace context and is not directed at children. Where young workers are employed, their information is handled in the same way as other staff and remains the responsibility of the Employer.

11. Cookies & this website

This marketing website uses only the cookies necessary to function. The admin portal uses cookies to keep you signed in. We do not use this website to build advertising profiles.

12. Changes to this policy

We may update this policy from time to time. We will post the updated version here and revise the “Last updated” date above.

13. Contact us

For privacy questions or requests, contact us at support@clockd.com.au.