01 Controller & scope
This Privacy Policy describes how Speraverim (Hopi Digital) (operating the Tapsence service, "Tapsence", "we", "us", "our"), based in Manado, North Sulawesi, Indonesia, and contactable at [email protected], processes personal data in connection with the Tapsence attendance and visitor-management service made available at tapsence.com.
This Policy applies to:
- Visitors to our public website (marketing, signup, billing).
- Workspace owners and portal admins (our direct customers).
- End users whose data is processed inside a customer's Workspace, employees and visitors, to the extent we act as a processor for the customer.
It is designed to comply with the EU General Data Protection Regulation (GDPR, EU 2016/679), the Indonesian Personal Data Protection Act (UU No. 27/2022 / UU PDP), and other applicable privacy laws.
02 Roles (controller / processor)
We act in different roles depending on the data:
- Controller, for data we collect directly from you as a Tapsence customer (account, billing, support, website interactions). We decide why and how we process this data.
- Processor, for End User data uploaded to your Workspace (your employees and visitors). You remain the controller for that data; we process it strictly on your documented instructions, in accordance with the data-processing terms set out in our Terms of Service and this Policy. A separate Data Processing Addendum (DPA) is available on request.
03 What we collect
Account data (controller)
- Identification: company name, full name, email, phone number.
- Authentication: hashed password, optional Google OAuth identifier, email-verification tokens.
- Billing: plan, currency, invoices, receipts, payment provider reference (we never store the full PAN; payment card numbers are processed directly by our card payment providers, PayPal and Paddle).
- Support communications: messages you send us, including attachments.
Technical data (controller)
- IP address, browser user-agent, request timestamps, language, time zone.
- Access logs of authenticated actions (audit trail).
- Crash and error reports.
End User data inside your Workspace (processor)
- Employees: name, work email, job title, department, employment metadata, QR identifier, attendance records (check-in / check-out timestamps and method), and, only if Face Recognition is enabled, a face embedding (numeric vector) optionally accompanied by a low-resolution thumbnail.
- Visitors: name, contact, host, visit purpose, ID-document reference where required, photograph captured at registration.
We do not deliberately collect "special category" / sensitive data (race, religion, political views, sexual orientation, health) and you should not upload any such data to your Workspace unless you have a lawful basis to do so under your local law.
04 Lawful bases (GDPR / UU PDP)
We rely on the following lawful bases:
| Processing | Lawful basis |
|---|---|
| Creating and operating your Workspace | Contract, Art. 6(1)(b) GDPR / Art. 20(2)(a) UU PDP |
| Billing, taxes, invoicing | Contract & legal obligation |
| Security, fraud prevention, audit logging | Legitimate interest |
| Sending transactional emails | Contract |
| Optional marketing emails | Consent (opt-in, revocable) |
| Face recognition (where used) | Explicit consent of the data subject or other lawful basis under local law, obtained by the customer |
| Responding to legal requests | Legal obligation |
05 How we use data
We use personal data strictly for the purposes for which it was collected:
- Provide the Service and your Workspace, including authentication, employee QR generation, attendance tracking, and visitor registration.
- Process payments, issue tax invoices and receipts, manage subscriptions, and prevent payment fraud.
- Send transactional emails: verification, password reset, payment receipts, billing alerts, security notices.
- Provide support and respond to enquiries.
- Detect abuse, protect the integrity and security of the Service, and enforce our Terms of Service.
- Comply with legal obligations, including tax, accounting, and lawful access requests by competent authorities.
- Improve the Service through aggregated, de-identified usage analysis.
We do not sell personal data, do not use it for behavioural advertising, do not use it to train machine-learning models, and do not profile individuals to produce legal or similarly significant effects without your explicit consent and a clear opt-out mechanism.
06 Face recognition
Face recognition is an opt-in feature available on Studio and Enterprise Plans. It is the customer's responsibility to obtain a valid lawful basis (typically explicit consent from each employee, or an alternative basis permitted by applicable law) before enrolling anyone.
How it works
- Each employee captures one photograph on the paired tablet during enrolment.
- We compute a fixed-length numeric vector ("face embedding") from the photograph. The embedding is mathematically irreversible, it cannot be transformed back into a recognisable face image.
- The raw enrolment photograph is discarded by default; the customer may optionally retain a low-resolution thumbnail for QR badge printing.
- At check-in, the tablet computes a fresh embedding from the live camera and compares it numerically with stored embeddings. Match results are written to attendance records.
- No face data is shared with third parties.
Storage modes
- Server mode (default): embeddings are stored centrally on Tapsence servers and can be replicated to paired tablets.
- Tablet-only mode: embeddings live exclusively on the paired tablets; nothing is stored centrally.
Right to withdraw
- An employee may withdraw consent at any time. On withdrawal, their embedding is deleted from the central store and the next tablet sync removes it from all paired devices.
- The customer may disable Face Recognition for the entire Workspace at any time, choosing either to retain embeddings for later re-enable, or to wipe them permanently.
07 Sub-processors
We engage the following sub-processors to deliver the Service. Each is bound by a written agreement that imposes data-protection obligations no less protective than those set out in this Policy.
| Sub-processor | Purpose | Location of processing |
|---|---|---|
| PayPal Inc. / PayPal (Europe) S.à r.l. | Payment processing, fraud screening (customers outside Indonesia) | US / EU |
| Paddle.com Market Ltd | Payment processing, fraud screening (customers outside Indonesia) | UK / EU |
| PT Midtrans | Payment processing, local methods (VA, e-wallet, QRIS) for customers in Indonesia | Indonesia |
| Google LLC (Google OAuth 2.0) | Optional "Sign in with Google" authentication | US |
| Speraverim (Hopi Digital) infrastructure | Application hosting, database, backups | Indonesia |
We will give 30 days' prior notice in the in-app dashboard before adding or replacing a sub-processor. If you object to a new sub-processor, you may terminate the affected Service in accordance with the Terms of Service.
08 International transfers
Personal data is primarily processed and stored in Indonesia. Where data is transferred outside Indonesia or the EU/EEA (for example, when our PayPal, Paddle, or Google sub-processors process data outside Indonesia), we rely on one or more of the following safeguards:
- Standard Contractual Clauses adopted by the European Commission (Decision 2021/914) or equivalent local mechanism.
- Adequacy decisions where applicable.
- The sub-processor's own certification (e.g. EU-US Data Privacy Framework where relevant).
- For UU PDP transfers, recipient countries with comparable data-protection levels or written consent of the data subject as required.
A copy of the relevant safeguard is available on request at [email protected].
09 Storage & security
We implement technical and organisational measures designed to protect personal data, including:
- Encryption in transit using TLS 1.2 or higher between client and server.
- Encryption at rest for database backups.
- Per-tenant logical isolation, no Workspace can query another's data; access enforced at the application and database layers.
- Hashed and salted passwords (bcrypt / Odoo's standard password hashing).
- Least-privilege admin access, with audit logging of privileged actions.
- Routine patching, vulnerability scanning, and dependency monitoring.
- Operational backups with documented restoration procedures.
No system is perfectly secure. We use measures appropriate to the nature of the data and the risk, and we continuously improve our security posture.
10 Breach notification
In the event of a confirmed personal-data breach affecting your Workspace, we will notify the affected customer without undue delay and, where feasible, within 72 hours of becoming aware. The notice will include, to the extent known at the time, the nature of the breach, the categories and approximate number of data subjects and records affected, the likely consequences, and the measures we have taken or propose to take to address it.
Where you are required to notify data subjects or a supervisory authority under your applicable law, you remain the party responsible for such notification; we will support you with reasonable information and cooperation.
11 Retention
| Data | Retention |
|---|---|
| Active customer account | For the duration of the contract |
| Closed customer account (personal data) | Deleted within 90 days of closure |
| Visitor records inside a Workspace | Configurable per Workspace; default 90 days |
| Face embeddings | Deleted on withdrawal of consent or on Face Recognition disable (immediate or 30-day grace, customer's choice) |
| Tax invoices and accounting records | 10 years (statutory retention under Indonesian tax law) |
| Operational backups | Rotated within 30 days |
| Application and access logs | 90 days, unless retained longer for security investigation |
12 Your rights
Subject to applicable law, you have the following rights regarding your personal data:
- Access, obtain confirmation that we process your data and a copy of it.
- Rectification, request that inaccurate or incomplete data be corrected.
- Erasure, request deletion, subject to legal-retention exceptions.
- Restriction, request that we temporarily limit how we use your data.
- Portability, receive your data in a structured, commonly used, machine-readable format.
- Objection, object to processing based on legitimate interest or for direct marketing.
- Withdraw consent, where processing is based on consent, withdraw it at any time without affecting prior lawful processing.
- Not be subject to solely automated decisions, that produce legal or similarly significant effects. We do not perform such automated decision-making.
How to exercise your rights
- If you are an employee or visitor whose data sits inside a customer's Workspace, contact that customer (the controller) first. We will support them in fulfilling your request.
- If you are a Tapsence customer or otherwise interacting with us directly, email [email protected] with the subject "Privacy Request".
- We will acknowledge receipt within 7 days and respond substantively within 30 days (extendable by a further 60 days for complex requests, with notice).
- We may need to verify your identity before disclosing personal data.
We do not charge a fee unless your request is manifestly unfounded or excessive, in which case we will tell you in advance.
13 Children
Tapsence is a business workplace tool. The Service is not directed to children under the age of 16, and we do not knowingly collect personal data from anyone under 16. If you believe we have collected data from a child, contact us at [email protected] and we will delete it.
14 Cookies
We use the minimum set of first-party cookies required for the Service to function. We do not use third-party advertising or behavioural-tracking cookies.
| Cookie | Purpose | Lifetime |
|---|---|---|
session_id | Maintains your authenticated session | Session; cleared on logout |
csrf_token | Cross-site request forgery protection | Session |
frontend_lang | Stores your selected language | 1 year |
You can control cookies through your browser settings, but disabling required cookies will prevent the Service from functioning correctly.
15 Marketing communications
Transactional emails (verification, receipts, payment notifications, security alerts) are part of the Service and cannot be opted out of while you have an active account.
We will only send you marketing emails (product updates, occasional newsletters) with your explicit opt-in consent, and you can withdraw consent at any time using the unsubscribe link in the email or by emailing [email protected].
16 Updates to this Policy
We may update this Policy from time to time. The "Effective" date at the top of this page indicates the most recent version. Material changes will be notified through the in-app dashboard or by email at least 14 days before they take effect.
17 Contact & complaints
For any privacy-related question, request, or complaint:
- Speraverim (Hopi Digital), [email protected]
- Operating address: Manado, North Sulawesi, Indonesia
If you are not satisfied with our response, you have the right to lodge a complaint with the competent supervisory authority in your jurisdiction, for example, the Indonesian data-protection authority designated under UU PDP, or, if you are in the EU/EEA, your national data-protection authority.