Privacy Policy | Fidelitus FMS

Privacy Policy

App: Fidelitus FMS  |  Effective Date: June 9, 2026  |  Last Updated: June 14, 2026

Fidelitus Facility Management Services Pvt. Ltd (“we”, “our”, “us”) operates the Fidelitus FMS mobile application and website (“the App”). This Privacy Policy explains what data we collect, why we collect it, how it is stored, and your rights over your data.

1. Who We Are

Fidelitus Facility Management Services Pvt. Ltd
Email: fidelitushrms@gmail.com
Address: No. 42, Ground Floor, B Block, 27th Cross, BSK 2nd Stage, Bangalore, India, 560070

2. Data We Collect

  • Biometric / Facial Data — Face images captured solely for attendance verification. This is sensitive data and is handled with the highest protection.
  • Identity Data — Name, employee ID, email address, phone number.
  • Attendance Data — Check-in and check-out timestamps.
  • Location Data — GPS coordinates at the time of attendance marking (only when the feature is enabled).
  • AI Assistant Conversations — Messages you send to the FideB AI assistant, and the assistant's replies, including session history and timestamps.
  • Account Credentials — Login session tokens, stored securely in encrypted on-device storage.
  • Device Data — Device model, operating system version, app version.

3. How We Use Your Data

  • Verifying employee identity for attendance using facial recognition.
  • Recording, reporting, and managing employee attendance.
  • Providing AI-powered assistance (FideB) for questions related to your attendance, assignments, and account — your messages are sent to our backend to generate a response and are saved as conversation history so you can revisit past chats.
  • Account management and application security.
  • Communicating important updates related to your account.
⚠ We do not use facial data or AI chat content for advertising. We do not sell any personal or biometric data to third parties. Please avoid sharing sensitive personal information (e.g. financial details, passwords, government ID numbers) in the AI chat.

4. Legal Basis & Consent

We process your data only after obtaining your explicit consent before any facial data is captured. Users may withdraw consent at any time by contacting us or deleting their account.

  • India: Compliance with the Digital Personal Data Protection (DPDP) Act 2023.
  • EU/EEA users: Processing is based on explicit consent under GDPR Article 9.
  • Illinois users: Compliance with BIPA (Biometric Information Privacy Act).

5. Biometric Data — Specifics

  • What is stored: The captured face image is sent to our secure server for comparison. No permanent face template or encoding is stored after verification.
  • Where processed: Face matching is performed on our backend server (Frappe) via AWS Rekognition. Processing occurs within secure AWS infrastructure.
  • Retention: Reference photos linked to active employees are retained for the duration of employment. They are deleted within 30 days of account termination.
  • Third parties: Biometric data is not shared with any third party for purposes unrelated to attendance verification.

6. AI Assistant (FideB)

  • The App includes an optional AI chat assistant ("FideB") that answers questions about your attendance, assignments, and account.
  • Messages you send and the assistant's responses are transmitted securely to our backend server for processing and are stored as conversation history tied to your account.
  • Conversation history lets you revisit past chats and is used to improve the quality of responses within your own sessions.
  • You can delete an individual chat session at any time from within the App; deleted sessions and their messages are permanently removed from our servers.
  • Access to the AI assistant may be limited or rate-limited based on your organization's plan.

7. Data Storage & Security

  • Data is stored on servers located in India / AWS (ap-south-1 Mumbai region).
  • All data in transit is encrypted using HTTPS/TLS 1.2+.
  • Data at rest is encrypted using AES-256.
  • Login session credentials are stored on-device using OS-level encrypted secure storage (iOS Keychain / Android Keystore) and are never accessible to other apps.
  • Access to personal data is restricted to authorised personnel only.

8. Data Sharing & Third Parties

  • Employer / Organisation admins — attendance records are visible to authorised HR managers.
  • AWS Rekognition — used for face comparison; images are not stored by AWS after the API call.
  • AWS S3 — secure storage for reference and attendance images.
  • AI Assistant infrastructure — chat messages are processed by our backend AI service to generate responses; messages are not used to train third-party models and are not sold or shared for marketing purposes.
  • Expo (React Native) — mobile app framework; does not receive personal data.

We do not sell, rent, or trade personal or biometric data.

9. Data Retention & Deletion

  • Attendance records: retained for 5 years for compliance purposes.
  • Facial images: deleted within 30 days of account termination or on request.
  • AI chat history: retained until you delete a session or your account, whichever is sooner.
  • Account data: deleted within 30 days of a deletion request.

To request deletion of your account and all associated data (including biometric data and chat history), email us at fidelitushrms@gmail.com or use the “Delete Account” option in the app settings.

10. Your Rights

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Request deletion of your data.
  • Withdraw consent at any time.
  • Export your data in a portable format.

To exercise any of these rights, contact: fidelitushrms@gmail.com

11. Children

Fidelitus FMS is an employee attendance application intended solely for adults (18 years and above). We do not knowingly collect data from anyone under the age of 18.

12. App Permissions

  • Camera — used exclusively for capturing the face image during attendance marking.
  • Location — used to record where attendance was marked (only when geo-fencing is enabled by the employer).
  • Internet — required to sync attendance data, assignments, and AI assistant messages with the server.

13. International Data Transfers

Data may be processed by AWS services in regions outside India. All such transfers are protected by appropriate safeguards including standard contractual clauses and AWS data processing agreements.

14. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the “Last Updated” date at the top of this page and notify users via the app or email for material changes.

If you have any questions about this Privacy Policy, please contact us at fidelitushrms@gmail.com.