Datenschutzerklärung

Zuletzt aktualisiert: 2026-06-05

1. Data controller

The data controller is posup.com LLC, with registered address at Franklinton, North Carolina 27525, USA. For any privacy matter you can write to privacy@posup.app.

2. Data we collect

  • From the customer company: company name, email, billing data, subscribed plan.
  • From employees: name, internal identifiers, clock-in/out records, clock-in zone location and facial biometric data.
  • Technical: IP address, browser, activity logs.

3. Biometric data (facial recognition)

Facial recognition involves processing biometric data, considered a special category / sensitive data (GDPR Art. 9, LGPD, BIPA and local law). This data:

  • Is processed solely to verify the employee's identity when clocking in.
  • Requires the employee's prior explicit consent, which the customer company must obtain.
  • Is not sold or shared for commercial purposes.
  • Is retained only for the duration of the contract and deleted per the DPA.

4. Purposes and legal basis

We process data to provide the Service (contract performance), to comply with legal obligations and, for biometric data, on the basis of explicit consent.

5. Our role: data processor

Regarding employee data, the customer company is the controller and PosupClock acts as processor, under the Data Processing Agreement (DPA).

6. Recipients and sub-processors

We share data with the providers that enable us to operate the Service, including Stripe (payment processing) and our cloud hosting providers. They act as processors or sub-processors, subject to contractual confidentiality and security obligations.

7. International transfers

If data is processed outside your country, we apply appropriate safeguards (standard contractual clauses or other legal mechanisms).

8. Retention

We retain data for the term of the contract and applicable legal periods. Biometric data is deleted at the end of the relationship or upon request, per the DPA.

9. Your rights

You may exercise rights of access, rectification, erasure, objection, restriction and portability by writing to privacy@posup.app. Employees should direct requests to their employer (controller).

10. Security

We apply reasonable technical and organizational measures: encryption in transit, access control, prepared statements and per-company isolation.

11. Minors

The Service is not directed to minors and we do not knowingly collect their data.

12. Changes

We may update this Policy. Changes will be posted on this page.

13. Contact

For any privacy matter: privacy@posup.app.

Rechtliche Fragen? Schreiben Sie an legal@posup.app.