Privacy policy
Last updated July 10, 2026
Heimdal is a face-recognition clock-in and clock-out service. This page explains, in plain words, what personal data passes through it, what we do with that data, and when it is deleted. We process personal data in line with the Philippine Data Privacy Act of 2012 (Republic Act No. 10173) and its implementing rules.
Each organization that uses Heimdal decides who to enroll and why — in Data Privacy Act terms, the organization is the personal information controller, and Heimdal processes data on its behalf.
What we collect, and from whom
- Administrators and managers: name, email address, and a password. These are the people who run an organization's account.
- Members (the people who clock in and out): name, group assignment, a roster photo, and a face data. Each clock event records the time, direction (in or out), a camera snapshot, and the kiosk's approximate location.
- Watch link viewers: nothing. A watch link shows a member's clock events without asking the viewer to register, log in, or provide any personal details.
- Access requests: if you submit the request form on our website, we keep the name, email, organization, and details you send so we can respond.
Consent comes before enrollment
A member enrolls through an invite link on their own device. Before any face capture, they are shown the organization's consent notice and must agree to it. The agreement is stored with a timestamp as evidence of consent. Organizations write their own consent notice; if you were enrolled and have questions about the purpose of collection, your organization's administrator is the right first contact.
How face recognition handles your face
The camera image is converted into a face template on the device doing the capture. Recognition at the kiosk compares templates — the template cannot be reversed into a photograph. The roster photo and clock-event snapshots are ordinary images kept for identification and dispute resolution, not for any other purpose. We do not sell personal data, use it for advertising, or use it to train machine-learning models.
When data is deleted
- Clock-event snapshots are deleted automatically 90 days after they are taken.
- Face templates and roster photos are permanently erased when a member is removed from the organization.
- Push subscriptions are removed when the viewer unsubscribes or the watch link is rotated.
- Account and attendance records are deleted on the organization's request when it stops using the service.
Payments
We never see or store card numbers or e-wallet credentials. Payments in the Philippines are processed by PayMongo (QR Ph); payments from elsewhere are processed by Lemon Squeezy, which acts as the merchant of record. Each processor handles payment data under its own privacy policy.
Service providers
Heimdal runs on a small set of infrastructure providers that process data on our instructions: Supabase, Vercel, Resend, PayMongo and Lemon Squeezy.
Your rights
Under the Data Privacy Act you may ask for access to, correction of, or erasure of your personal data, and you may withdraw consent. Members should direct requests to their organization's administrator, who can act on them directly — removing a member erases their biometric data immediately. You can also reach us at heimdal@bearlog.app, and you have the right to lodge a complaint with the National Privacy Commission.
Changes
If this policy changes, the date above changes with it, and material changes are announced to organization administrators by email.