TRDP Attendance Monitoring System Privacy Policy
Public / In-App Privacy Policy for Google Play Store Listing
| Field | Detail |
|---|---|
| Effective Date | April 21, 2026 |
| Last Updated | May 7, 2026 |
| Developer / Organization | Thardeep Rural Development Programme (TRDP) |
| App Package | com.trdp.attendance |
| Address | TRDP House, North Colony, Mithi 69230, District Tharparkar, Sindh, Pakistan |
| Website | www.thardeep.org |
| Recommended Public Privacy Policy URL | https://thardeep.org/trdp-attendance-monitoring-system/ |
| Phone | +92-232-261462-261661 |
| Privacy Contact | hr@thardeep.org |
1. Who We Are
Thardeep Rural Development Programme (TRDP) operates TRDP Attendance Monitoring System (the "App"). This Privacy Policy explains how TRDP accesses, collects, uses, stores, shares, protects, retains, and deletes information processed through the App.
This policy is intended for the Google Play Store privacy policy field, the public website privacy policy page, and the in-app Privacy Policy screen. The developer or organization name used in the Google Play listing should match the organization named in this policy.
2. Scope and Intended Users
The App is an internal attendance, leave, notification, holiday, reporting, and administrative monitoring application for authorized TRDP staff and approved users only.
The App is not intended for the general public, is not directed to children, and is not submitted as a child-focused or Families app. Users should access the App only if they are authorized by TRDP.
3. Summary of Current App Data Practices
Based on the reviewed Android app package, the current version uses Firebase Authentication, Firebase Realtime Database, Firebase Cloud Messaging, Google Sign-In or email/password sign-in, Google Play Services Location, Android biometric/device credential verification, encrypted local preferences, Android/platform geocoding services, osmdroid/OpenStreetMap map display services, Aladhan prayer-time services, CSV export through Android sharing, and an account deletion request screen that also opens a Google Forms web resource.
The reviewed app package requests foreground fine/coarse location permission, notification permission, biometric permission, internet/network access, and vibration permission. The reviewed package does not request ACCESS_BACKGROUND_LOCATION.
The reviewed app package does not include Google AdMob, Google Mobile Ads SDK, Firebase Analytics, Firebase Crashlytics, or an advertising SDK in the Gradle dependency list. TRDP does not intentionally collect the Android Advertising ID for advertising in the reviewed version. If TRDP later adds advertisements, analytics, Crashlytics, Advertising ID use, or other SDKs that change data practices, TRDP must update this policy, the in-app notice, the Google Play Data Safety form, the Ads declaration, and the Android manifest before publishing that release.
4. Information We Collect or Access
Depending on user role and use of the App, TRDP may collect, access, generate, or process the following categories of information. Some information is entered by the user, some is configured by authorized TRDP administrators, and some is generated automatically by the App or Firebase services during normal operation.
| Data category | Examples | Purpose / required or optional handling |
|---|---|---|
| Account, identity, and staff profile information | Name, email address, Firebase user ID / employee-linked user ID, designation, role, status, supervisor or reporting line, assigned office/reporting location, region/location assignment, and assigned locations. | Authentication, role-based access, attendance management, leave workflow, supervision, reporting, internal administration, account deletion, and security. Required for authorized use. |
| Authentication information | Google Sign-In authentication results, email/password sign-in where enabled, Firebase Authentication identifiers, session state, and authentication-related tokens handled by Firebase. | User sign-in, session management, access control, account security, and account deletion. Required for signed-in use. |
| Device and technical information | Android device ID used by the App, app installation ID, device model/manufacturer, approved device bindings, Firebase Cloud Messaging token, topic subscription information, app security logs, and limited diagnostic/security information. | Device approval, trusted-device binding, notification delivery, fraud/spoofing prevention, security alerts, and access control. Required for secure device-bound attendance. |
| Attendance records | Attendance date, check-in/check-out time, attendance event, attendance status, user ID, device ID, assigned location ID, geofence ID, checkout records, and server-generated timestamp. | Attendance recording, geofence validation, dashboards, reporting, HR/payroll review, audit, and organizational recordkeeping. Required when using attendance features. |
| Location data | Precise or approximate current device location, location accuracy, mock-location indicator, calculated distance to approved geofence, assigned office geofence coordinates, location ID, geofence ID, map display context, and optional city/prayer-time coordinates. | Verifying whether check-in/check-out occurs at an approved workplace, detecting fake/mock location risk, showing user-to-office map/distance context, power-admin GPS accuracy diagnostics, and optional city/prayer-time features. Required for attendance verification; optional for prayer/city/map refresh features except when used. |
| Leave management information | Leave type, from/to dates, reason, alternate arrangement, address or phone/contact information submitted in the leave form, supervisor/HR decision, approval/rejection status, comments, timestamps, employee name/UID, supervisor name/UID, daily leave records, and leave messages. Sick or maternity leave type/reason may reveal health or personal information if submitted by the user. | Submitting, approving, rejecting, recording, reviewing, reporting, and auditing leave requests. Required when a user submits or processes a leave request. |
| Notifications and messages | FCM token, topic subscriptions, notification queue entries, notification title/body, target user ID, leave or attendance notification content, and delivery-related information. | Attendance reminders, leave workflow updates, supervisor/admin notices, security alerts, holiday notices, and organizational communication. Required for notification delivery, though users may disable device notification permission. |
| Administrative reference data | Office locations, location names, addresses, geofence labels, coordinates, radius, workday/time settings, holidays, optional holiday selections, custom messages, app reviewer/demo user records, and administrative settings. | Managing office locations, attendance rules, holidays, Play review/demo access, and administrative configuration. Required for administrative operation. |
| Audit, security, and deletion request records | Role-based administrative actions, security alerts, mock-location alerts, device approval decisions, account deletion requests, actor/user IDs, timestamps, before/after values where recorded, and related log details. | Security monitoring, misuse prevention, investigation, audit, compliance, internal control, and processing account/data deletion requests. Required for secure operation and accountability. |
| Biometric or device credential verification | The App may ask the device to verify the user through Android biometric or device credential mechanisms before sensitive attendance actions. TRDP does not collect, receive, store, or transmit fingerprints, face data, biometric templates, PINs, patterns, or passwords used by the device. | Local identity confirmation before attendance actions. Handled locally by Android. TRDP receives only whether verification succeeded or failed. |
| Local app data and generated files | Encrypted local preferences such as today’s check-in/check-out status and app installation ID; Firebase offline cache; CSV attendance/deletion request exports generated on device by authorized users. | Local app operation, faster user experience, offline/local status display, and user-initiated reporting/export. Stored locally until cleared/uninstalled or managed by Android/Firebase behavior. |
5. How We Collect Information
We collect information directly from users when they sign in, request device approval, mark attendance, submit leave requests, respond to leave requests, select optional holidays, request account deletion, or use administrative features.
We collect certain information automatically from the device when the App is used, including device identifiers used for device approval, app installation ID, Firebase Cloud Messaging token, current foreground location during location-based features, attendance timestamps, local app status, and security/audit events.
We receive some staff profile, reporting-line, role, access-control, office-location, geofence, attendance-rule, holiday, and administrative configuration information from authorized TRDP administrators who configure the App for organizational use.
6. How We Use Information
TRDP uses information to authenticate users, manage role-based access, approve trusted devices, verify attendance against approved workplace geofences, record attendance and leave transactions, display dashboards, generate reports, export CSV reports when initiated by authorized users, send notifications, manage holidays and office locations, support HR/payroll/audit review, prevent misuse, detect fake or mock-location attempts, handle account deletion requests, and maintain internal administrative records.
TRDP does not sell personal information. TRDP does not use attendance location data for advertising. The reviewed App version does not serve third-party advertisements.
7. Location Data Use and Foreground Location Disclosure
The App requests location permission because attendance check-in/check-out requires verification against approved TRDP workplace geofences. The App uses the device’s current foreground location to calculate whether the user is inside an approved geofence and may check location accuracy and mock-location indicators to reduce spoofing and misuse.
The current App version uses foreground location only. It does not request Android background location permission and does not continuously track users when the App is closed or not in active use.
For attendance records, the App stores attendance date, time, event/status, user ID, device ID, location ID, geofence ID, and timestamp. Raw latitude/longitude of the current device location is used to perform geofence verification, display map context, and calculate distance/accuracy. The attendance log is designed to store location/geofence references rather than a continuous raw-location trail.
Optional city, map, and prayer-time features may use the current location to show city/location context, map visualization, distance between the user and office, and prayer timings. When prayer-time lookup is used, coordinates may be sent to Aladhan to return prayer-time information. Map tile services may receive technical information such as IP address and map tile requests needed to display maps.
Recommended in-app prominent disclosure before the Android location runtime permission: "TRDP AMS collects and uses your current location while the app is open to verify check-in/check-out against your assigned office geofence, show distance/map context, and detect fake or mock-location attempts. The current version does not collect background location and does not track you when the app is closed. Optional city/map/prayer-time features may use your current location and may send coordinates to geocoding/map/prayer-time services to return those features. Attendance check-in/check-out may not work without location permission."
8. Third-Party Services and Data Processing
TRDP uses service providers, SDKs, platform services, and external APIs needed to operate the App. These services may process data according to their own terms and privacy policies, in addition to TRDP’s instructions where they act as service providers. TRDP should keep the Google Play Data Safety form consistent with the final app build and each SDK provider’s current data-safety guidance.
| Service / provider | Purpose in the App |
|---|---|
| Firebase Authentication / Google Sign-In / Google Identity Services | Sign-in, authentication, session support, user identifiers, and account deletion support. |
| Firebase Realtime Database | Storage and synchronization of staff profiles, attendance, leave, device approvals, locations, geofences, holidays, settings, notifications, audit logs, security records, deletion requests, and app reviewer/demo records. |
| Firebase Cloud Messaging | Push notifications, FCM tokens, notification delivery, and topic subscriptions. |
| Google Play Services Location | Foreground location retrieval for attendance verification, GPS accuracy diagnostics, and optional location-based features. |
| Android biometric/device credential APIs | Local identity verification on the device; biometric templates and device credentials are not collected by TRDP. |
| Android/platform geocoding services | City or locality lookup from current coordinates when location-based convenience features are used. |
| Aladhan prayer-time API | Prayer-time lookup using latitude/longitude when the prayer-time feature is used. |
| osmdroid / OpenStreetMap or configured map tile providers | Display of map tiles, geofence visualization, and user-to-office map context. Map providers may receive IP address and tile request information needed to display maps. |
| Google Forms or other deletion-request web resource | External account/data deletion request form. The provider may process information submitted in the form and technical information needed to operate the form. |
| Android WorkManager / local system services | Periodic local checks for leave-related alerts and local app operation. Current reviewed worker does not collect location in the background. |
9. Advertising and Android Advertising ID
The reviewed App version does not display third-party advertisements, does not include Google AdMob / Google Mobile Ads SDK, and does not intentionally collect the Android Advertising ID for advertising or ad measurement.
If TRDP later enables AdMob, Google Mobile Ads SDK, personalized ads, non-personalized ads, ad measurement, analytics, or Advertising ID use, TRDP will update this policy, the in-app notice, Google Play Data Safety declarations, the Ads declaration, and the Android manifest before publishing that version. Any future use of location or Advertising ID for ads must be disclosed and must comply with Google Play and applicable law.
10. Data Sharing and Disclosure
TRDP does not sell personal information. TRDP may disclose or make data available only for the purposes described in this policy, including to service providers and platform services that operate the App, to authorized TRDP personnel according to role, to comply with legal or regulatory obligations, to protect rights and security, and as required for HR, payroll, audit, donor/compliance, administrative, or organizational purposes.
Administrators, supervisors, HR/admin staff, and power administrators may access data according to their role-based permissions. Employees can generally access their own records and relevant leave/attendance information as permitted by the App. CSV exports are generated only when initiated by authorized users and may be shared outside the App only when the user chooses to share/export them through Android sharing flows.
11. Security and Data Handling
TRDP uses reasonable administrative, technical, and organizational safeguards to protect information processed through the App. These include authenticated access, Firebase security rules, role-based permissions, device approval and device-binding mechanisms, server-generated timestamps, audit logging, security alerts, encrypted local preferences, and controlled administrative access.
Data transmitted to Firebase, Google services, and external HTTPS APIs is expected to be transmitted using modern encryption in transit where provided by those services. The App also enables Firebase Realtime Database offline persistence, so synced data may be cached locally on the device according to Firebase and Android behavior. However, no electronic transmission, mobile device, or cloud system can be guaranteed to be completely secure.
Users must protect their device, login credentials, and device unlock methods. Users should immediately report lost devices, unauthorized access, suspected misuse, or suspected fake-location/security incidents to TRDP.
12. Data Retention
TRDP retains information only as long as reasonably necessary for organizational, operational, HR, payroll, audit, donor/compliance, legal, security, and internal-control purposes.
Account, profile, device-approval, and access-control information may be retained while the user is active and for a reasonable period afterward for security, audit, and access-control purposes. Attendance records, leave records, audit logs, security logs, notification logs, deletion request records, and administrative records may be retained for longer periods because they support HR, payroll, internal audit, donor/compliance review, legal obligations, dispute handling, security investigation, and organizational recordkeeping.
Local app data remains on the user’s device until cleared by the App, removed by the user, overwritten, or deleted when the App is uninstalled, subject to Android device backup/restore behavior, Firebase offline cache behavior, and device settings.
13. Account Deletion and Data Deletion Requests
The App provides an in-app account deletion request path through the Account Deletion screen. In the reviewed App package, the Account Deletion screen records a deletion request in Firebase Realtime Database and also opens an external Google Forms web resource for account/data deletion requests. Users who cannot access the App may submit an account deletion or data deletion request through TRDP’s official contact channels, including the privacy contact email, or through the deletion web resource listed by TRDP in Google Play Console.
For Google Play Console, TRDP should enter a publicly accessible web resource that allows users to request deletion without reinstalling the App. Preferably, this should be hosted on TRDP’s official website and should clearly identify TRDP, the App name, the user identification information required to process the request, what data will be deleted, what data may be retained, and the expected processing timeline.
When an account deletion request is approved or completed, TRDP will delete, deactivate, or disable the user’s active App account/access as appropriate. This may include deleting or disabling the Firebase Authentication account, active profile/access entry, email index entry, FCM token, device-binding/profile data, and device approval records where those records are not required for legitimate retention purposes.
Account deletion may not remove all historical organizational records. TRDP may retain attendance records, leave records, audit logs, security logs, notification logs, deletion request logs, and administrative records where retention is necessary or permitted for legitimate organizational, legal, HR, payroll, donor/compliance, audit, internal-control, dispute-resolution, fraud-prevention, or security reasons.
TRDP will review deletion requests within a reasonably quick period, normally within 30 days where practicable, unless additional verification, employment/organizational review, legal retention, security investigation, audit, donor/compliance, or administrative requirements apply.
14. User Choices and Permissions
Location permission: Users may deny or revoke location permission through Android settings, but attendance check-in/check-out and location-based features may not work without it.
Notification permission: Users may deny or disable notifications through Android settings, but this may affect attendance reminders, leave updates, supervisor/admin notices, security messages, and organizational communications.
Biometric/device credential: Users may manage biometric or device credential settings through Android settings. The App relies on Android for local verification and does not receive biometric templates, fingerprints, face data, PINs, patterns, or device passwords.
Account/data requests: Users may request correction, deactivation, account deletion, data deletion, or information about their data through the App or TRDP’s official contact channels, subject to organizational, legal, HR, payroll, donor/compliance, audit, and security requirements.
15. Children’s Privacy
The App is for authorized TRDP staff and approved users. It is not intended for children and is not directed to children. TRDP does not knowingly use the App to collect data from children as a target audience. If TRDP learns that a child has used the App without authorization, TRDP will take appropriate steps to restrict access and handle any related information according to applicable law and organizational requirements.
16. International or Cloud Processing
The App uses cloud-based infrastructure and third-party services. Information may be processed or stored on servers located outside the user’s district, province, or country, depending on the infrastructure used by Firebase, Google, and other service providers. By using the App, users understand that data may be processed through such services as needed to operate the App.
17. Changes to This Policy
TRDP may update this Privacy Policy from time to time to reflect changes in App features, service providers, Google Play requirements, legal requirements, or organizational practices. Updated versions will show a revised Last Updated date and will be made available through the App, website, or other official channels.
18. Contact Us
For privacy questions, complaints, account deletion requests, data deletion requests, correction requests, or troubleshooting, please contact:
Thardeep Rural Development Programme (TRDP)
TRDP House, North Colony, Mithi 69230, District Tharparkar, Sindh, Pakistan
Website: www.thardeep.org
Phone: +92-232-261462-261661
Email: hr@thardeep.org