Heavention 2025 Privacy Policy
INTERNAL USE ONLY: This application is restricted to pre‑authorized organizational staff/members. This hosted copy mirrors the in‑app authoritative version.
Last Updated: 2025-10-02
1. Introduction
This Policy explains how the Heavention 2025 attendance application (“App”) collects, uses, and protects limited operational data for internal attendance management. It is not a public consumer product.
2. Data We Collect
Authentication Data: Display name and email (Google Sign‑In)
Attendance Scan Events: Timestamp, internal attendance/member identifier (or QR reference), scan counter, ephemeral device identifier
Local Device Cache: Unsynced scan records stored temporarily for offline functionality
Transient Camera Frames: Processed only in memory to decode QR codes (not stored or transmitted)
We DO NOT collect: precise location, contacts, stored photos, microphone audio, health data, advertising identifiers, biometric templates.
3. Purpose (Why We Process)
Authenticate and authorize internal users
Record and synchronize attendance scans to organization‑controlled Google Sheets
Provide offline reliability and conflict‑free syncing
Maintain minimal operational audit trace (scan count & timestamp)
4. Storage & Retention
Local Offline Queue: Cleared on sign out or account deletion
Google Sheets Rows: Retained as organizational operational records (may persist after account deletion)
Ephemeral Device Identifier: Not a hardware serial; may rotate; used only to reconcile offline batches
Account Deletion: Removes Firebase auth identity and local cached scans; does not retroactively erase historic attendance rows already synchronized
Data minimization: Only fields strictly needed for attendance integrity are processed.
5. Sharing / Third-Party Processors
Firebase Authentication (Google): Identity management
Google Sheets API: Structured attendance storage (organization-controlled)
No advertising SDKs. No data sold or shared for marketing or profiling.
6. Security
OAuth-based Google authentication
Encrypted transport (HTTPS)
Restricted data scope reduces exposure
7. Permissions & Camera Use
Camera: Real-time QR decoding only; no image capture or storage
Network: Sync attendance data to secure backend (Google Sheets)
No background location or continuous sensor tracking
8. Your Choices
Sign out at any time
Delete account in-app (removes auth identity + local cache)
Request clarification or correction (where feasible) via support email
9. Children
The App is not directed to the general public or unsupervised minors. No targeted profiling of children occurs.
10. International Processing
Services (Firebase / Google) may operate in multiple regions; only minimal operational data is handled.
11. Changes
Material updates change the “Last Updated” date. In‑app copy always matches this hosted version.
12. Contact
Email: support@qcxis.com
13. Change Log (Summary)
2025-10-02: Added explicit transient camera clarification, data minimization, no analytics/ads note.
© 2025 QC Group Sdn Bhd · Terms