# Privacy Policy — GCC TBC Attendance App
**Effective date:** 30 April 2026
**Last updated:** 31 May 2026
**Service operator:** GCC TBC Attendance App (attendance platform for private training institutes)
**App name:** GCC TBC Attendance App
**Contact (privacy & support):** [MSCEGCCTBCSUPPORT@GMAIL.COM](mailto:MSCEGCCTBCSUPPORT@GMAIL.COM)
This Privacy Policy explains how the **GCC TBC Attendance App** (“App”, “we”, “us”) collects, uses, stores, and shares information when **authorised staff at private training institutes** use the App on **iPhone, iPad**, and other supported devices.
The App is for **private institutes** that deliver **GCC-TBC** (Government Certificate in Commerce – Typewriting & Shorthand in English) and related vocational training. It is **not for the general public** — only institutes we provision and their authorised administrators, instructors, and attendance staff may use it.
---
## 1. What this App does
The App helps **private training institutes** manage:
- Student rosters and search
- Daily **entry/exit attendance**
- Optional **GPS zone** checks (when the institute configures a site boundary)
- Optional **camera / face matching** for attendance and student enrolment (when the institute turns these features on)
- Reports for institute supervisors
Each institute’s data is kept **separate**; staff only see students belonging to their own institute.
---
## 2. Information we collect
### 2.1 Account and profile
- Email, name, role (administrator, instructor, attendance staff)
- Institute ID and sign-in credentials
- Optional **Face ID / Touch ID** on your device — handled by Apple on the device; we do not receive your biometric template from Apple
### 2.2 Institute data
- Institute name, codes, settings, GPS attendance zone, and operational data entered by authorised users
### 2.3 Student data
- Names, roll/serial numbers, batch/class, subjects, contact details (if recorded), and other fields the **institute** enters
### 2.4 Camera and photographs
- Still images for entry/exit attendance, face enrolment, and identity checks when enabled
- **Not** used for ads, social media, or unrelated purposes
### 2.5 Face data (when enabled by your institute)
| Type | What it is |
|------|------------|
| **Attendance photos** | Photos of the learner’s face at entry or exit |
| **Face embeddings** | Numeric vectors derived from a face photo to answer “is this the enrolled student?” — not a stored video |
| **Match results** | Similarity scores used for attendance decisions |
**On your device:** Google **ML Kit** (face detection) and **TensorFlow Lite / MobileFaceNet** (embeddings) run on the phone/tablet. We do **not** keep endless live video on our servers — we use captured stills or short processing steps for verification.
We **do not** sell face data or use it for advertising.
### 2.6 Location
If the institute enables GPS attendance, we use location to check that marking happens at or near the **institute’s approved site**.
### 2.7 Device / technical data
- Device type, OS version, app version, and limited logs needed for security and reliability
---
## 3. Why we use your information
- Run attendance, enrolment, and institute administration
- Verify identity when the institute enables face matching
- Apply GPS checks only when the institute enables them
- Protect accounts and reduce misuse
- Provide reports to institute staff
- Meet legal or audit needs where applicable
---
## 4. Face data — retention, sharing, and third parties
*For App Store and privacy law transparency.*
### 4.1 Do we retain face data?
**Yes**, for real attendance operations — **not forever by default**.
| Data | Typical retention | Why |
|------|-------------------|-----|
| **Entry/exit photos** | For the institute’s active training period and up to **24 months** after, unless law or a dispute needs longer | Proof of attendance, disputes, institute review |
| **Face embeddings** | While the student is **enrolled** at that institute, plus up to **90 days** after leaving unless the institute asks to delete sooner | Faster check-in without daily re-enrolment |
| **Short-term processing** | Usually removed within **30 days** unless linked to a saved attendance record | Processing only |
Institutes may request deletion subject to legal or legitimate record-keeping needs.
### 4.2 Why we store face data
- Confirm the person at the gate is the enrolled student
- Reduce duplicate or fake attendance
- Let institute managers review records
- Keep the service working for returning students during enrolment
### 4.3 Third parties
| Provider | Purpose | Face-related data | They store it? |
|----------|---------|-------------------|----------------|
| **Supabase, Inc.** | Database & authentication | Embeddings, attendance records, IDs | **Yes** — as our cloud database |
| **Backblaze, Inc. (B2)** | Photo/file storage | Attendance JPEG files | **Yes** — until we delete per retention |
| **Google LLC (ML Kit)** | On-device face detection in the App | Processed **on device**; we do not send your attendance photos to Google for this feature | **No** (from us, for this path) |
| **Apple Inc.** | iOS, App Store, optional Face ID | Per Apple’s policies for the device | Per Apple |
Providers may **not** use this data for their own marketing or unrelated AI training.
### 4.4 Why we share with them
- Host and back up institute data securely
- Run the App reliably
- Comply with law if required
### 4.5 Provider privacy links
- Supabase: [https://supabase.com/privacy](https://supabase.com/privacy)
- Backblaze: [https://www.backblaze.com/company/privacy.html](https://www.backblaze.com/company/privacy.html)
Data region: as configured for our cloud project **[e.g. ap-south-1 (Mumbai)]**.
---
## 5. Camera (short summary)
The camera is only for attendance, enrolment, and identity verification your institute enables. Photos and related face data go to our servers **only** for those features.
---
## 6. Where data is stored
- **Database / login:** Supabase (encrypted in transit)
- **Photos:** Backblaze B2 (or equivalent secure object storage we configure)
- **Access:** Locked to the correct institute and role
---
## 7. Who can see data
- **Your institute’s** authorised admins and staff (their students only)
- **Our platform operator** and hosting providers — only to run and secure the service, not for unrelated marketing
- **Not** the general public
Students normally do not log into the App; the institute manages their records.
---
## 8. Security
We use access control, secure sign-in, staff PIN options, and monitoring appropriate to attendance and face data. Protect your password, PIN, and device.
---
## 9. Your rights and contact
You may ask for **access, correction, or deletion** where the law allows, subject to institute records or legal holds.
**Email:** [MSCEGCCTBCSUPPORT@GMAIL.COM](mailto:MSCEGCCTBCSUPPORT@GMAIL.COM)
**Subject:** `GCC TBC Attendance — Privacy request`
We may verify that you represent the institute or data subject.
---
## 10. Students / minors
**Private institutes** are responsible for telling students and parents how attendance data is used, as required by local rules. We process data **on the institute’s instructions** to provide the App.
---
## 11. International transfers
If data is stored outside India, we use safeguards consistent with applicable law and our provider agreements.
---
## 12. Policy updates
We may update this page and change the **Last updated** date. Continued use after changes may mean acceptance where the law allows.
---
## 13. Apple App Store
This App is on the **Apple App Store**. Apple’s terms apply to the store and your Apple ID. For Apple’s own data practices, see Apple’s privacy notice.
---
**GCC TBC Attendance App** — Attendance platform for **private training institutes**