← Back to home

Privacy Policy

Last updated: July 2, 2026

Usetimio (“Usetimio”, “we”, “our”, “us”) provides a cloud-based attendance and workforce management platform. This Privacy Policy explains what information we collect from organizations that use Usetimio (“Customers”) and their employees or members (“End Users”), how we use it, and the choices available to you. By using Usetimio, you agree to the collection and use of information as described here.

1. Information We Collect

We collect the following categories of information:

  • Account information: name, email address, phone number, and password (stored as a salted hash, never in plain text) for organization admins and staff.
  • End-user attendance data: name, employee/member ID, department, role, and check-in/check-out timestamps recorded by your organization's admins.
  • Location data: if your organization enables GPS-verified check-in, we record the device's location at the moment of check-in/check-out to confirm attendance at an approved site. Location is not tracked continuously or outside of a check-in event.
  • Biometric data: if your organization enables biometric check-in, we use the WebAuthn standard, which means a cryptographic public key is stored on our servers while the actual biometric (fingerprint/face) never leaves the End User's device.
  • Payment information: billing details are processed by our payment provider (Flutterwave); we store transaction references and status, not full card numbers.
  • Usage data: log data, device/browser type, and anonymized analytics (via Umami and, where enabled, Google Analytics) to help us improve the product.

2. How We Use Information

  • To provide, operate, and maintain the attendance tracking service for your organization.
  • To verify identity and prevent fraudulent check-ins.
  • To generate reports, analytics, and payroll exports on behalf of your organization's admins.
  • To send transactional emails (verification, password reset, billing, alerts).
  • To process payments and manage subscriptions.
  • To detect, investigate, and prevent security incidents or abuse of the platform.
  • To comply with legal obligations.

3. Data Ownership & Organization Responsibility

Each organization (“Customer”) that signs up for Usetimio is the data controller for the End User data it enters into the platform (its employees' or members' attendance records). Usetimio acts as a data processor on the Customer's behalf. Organizations are responsible for obtaining any consent required from their employees or members before entering their personal data into Usetimio, and for honoring end-user data requests (access, correction, deletion) in line with applicable law.

4. Data Isolation

Usetimio is a multi-tenant platform. Each organization's data is logically isolated and access-controlled so that one organization cannot view or modify another organization's data. Access to production data by Usetimio staff is limited to what is necessary for support and platform operation.

5. Data Retention

We retain account and attendance data for as long as an organization's account remains active, plus a reasonable period afterward to allow for reactivation, support, and legal compliance. Organizations may request deletion of their data by contacting us at info@usetimio.com.

6. Data Sharing

We do not sell personal data. We share data only with:

  • Service providers who help us operate the platform (hosting, email delivery, payments, analytics), bound by confidentiality obligations.
  • Law enforcement or regulators, where required by law.
  • A successor entity in the event of a merger, acquisition, or sale of assets, with notice to affected organizations.

7. Security

We use industry-standard measures to protect your data, including encrypted connections (HTTPS), hashed passwords, role-based access control, and account lockout after repeated failed login attempts. No system is 100% secure, and we encourage organizations to use strong, unique passwords and to promptly report any suspected security issue to info@usetimio.com.

8. Your Rights

Depending on your jurisdiction (including under GDPR and Nigeria's NDPA), you may have the right to access, correct, export, or delete your personal data, and to object to certain processing. End Users should first contact their organization's administrator, as the organization controls its own attendance data. Organizations may contact us directly at info@usetimio.com.

9. Children's Privacy

Usetimio is intended for use by organizations to manage adult employees, staff, or members. It is not directed at children under 16, and we do not knowingly collect personal data from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated version on this page with a new “Last updated” date, and for material changes we will make reasonable efforts to notify organization admins by email.

11. Contact Us

If you have questions about this Privacy Policy, contact us at info@usetimio.com or by mail at Spent Digital Labs, 3 Idishin Street, Surulere, Ondo, Ondo State, Nigeria.

This document is a general-purpose template and does not constitute legal advice. Please have it reviewed by qualified counsel for your specific jurisdiction and use case before relying on it.