Privacy Policy — Omni HR
Last updated: 26 May 2026
This Privacy Policy explains how Omnisoft Technologies Pte. Ltd. (“Omnisoft,” “we,” “us,” “our”) collects, uses, shares, and protects personal data in connection with the Omni HR mobile application and related services.
Omni HR is a human-resource management platform that we provide to your employer (“the Company”). Your employer decides what employee data is collected and used for HR purposes. We operate the technical platform on your employer’s behalf.
This policy describes our practices as the technology provider. Your employer is a separate data controller for the records that belong to your employment with them; for questions about the records themselves (your attendance entries, leave history, payslip data, etc.), please contact your HR administrator first.
1. Who we are
- Legal name: Omnisoft Technologies Pte. Ltd.
- UEN: 202126087E
- Registered office: 6 Eu Tong Sen Street, #08-03, The Central, Singapore 059817
- Contact: privacy@omnisoftsolution.com
2. Data we collect
2.1 Account & profile data
- Your name, work email, login identifier, employee role, and your reporting manager — provided by your employer when they set up your account.
- A profile picture, if your employer’s setup includes one.
2.2 Face biometric data (sensitive)
- When you enroll on the Omni HR mobile app, the front camera captures a photo of your face. This image is processed on your device for a quality check, and then uploaded to your employer’s Omni HR instance to serve as your enrolled reference.
- During subsequent check-ins, the app captures a fresh photo, processes it on your device to verify a face is present and to detect spoofing (printed-photo / screen-replay attempts), and compares it on your device with the enrolled reference.
- The face image is treated as sensitive (special category) personal data. We rely on the consent you provided at enrollment, and on your employer’s legitimate interest in identity-verified attendance, as the legal bases for processing.
2.3 Location data
- When you tap CHECK IN or CHECK OUT on the mobile app and your employer has location verification turned on, the app reads your current GPS coordinates at that moment only. The coordinates are sent to your employer’s Omni HR instance to confirm you are inside the company’s geofence.
- The app does not track your location in the background or while it is not in use. Location is sampled only at the check-in / check-out moment.
2.4 Attendance, leave and expense records
- Records you create through the app (check-in / check-out events, leave requests, expense submissions and attached receipts) are stored in your employer’s Omni HR instance. The records contain the time, the GPS coordinates if location verification is enabled, and any text or attachments you provide.
2.5 Device & technical data
- Operating system and version, app version, device identifier (used to detect lost / re-installed devices and to support push notifications in future versions), and crash / diagnostic logs.
2.6 What we do not collect
- We do not collect facial-recognition embeddings as a long-lived database. The on-device matching uses your enrolled face image directly.
- We do not read your contacts, photos, microphone, files outside the app, or any other personal data beyond what is described here.
- We do not sell personal data to third parties under any circumstances.
3. Why we collect this data
| Data category | Purpose |
|---|---|
| Account & profile data | Authenticate you to your employer’s Omni HR instance. |
| Face biometric data | Verify your identity at check-in / check-out, on your employer’s instruction. |
| Location data | Verify you are inside the company geofence at check-in / check-out, on your employer’s instruction. |
| Attendance / leave / expense records | Provide the HR services your employer has contracted for. |
| Device & technical data | Keep the service secure and reliable; investigate problems you or your colleagues report. |
4. Legal bases (GDPR / equivalent regimes)
- Consent — for the processing of face biometric data, given by you at enrollment. You may withdraw it at any time by clearing your enrolled face from the Profile screen, or by deleting your account (see Section 9).
- Contract — to perform the HR services your employer has engaged us to provide.
- Legitimate interest — for security, fraud prevention, and the operation of the technology platform.
- Legal obligation — where applicable (tax records, statutory retention).
5. How long we keep it
- Face image: retained for as long as your account is active. Removed when you clear your enrollment from the Profile screen, or when you delete your account, or when your employer offboards you.
- Location data: stored as part of the specific check-in / check-out record. Retained alongside that record (typically for the statutory employment record retention period in your jurisdiction).
- Attendance / leave / expense records: retained by your employer for statutory and audit purposes; deletion is at your employer’s discretion.
- Device & technical data: crash logs and diagnostics for up to 90 days; aggregate analytics indefinitely with no personal identifier.
6. Who has access to your data
- Your employer’s authorised HR administrators, via the Omni HR web interface.
- Omnisoft staff, only to the extent necessary to operate the platform, investigate incidents, or comply with legal obligations. Access is logged.
- Sub-processors, listed in Section 8.
- Authorities, only if required by law and only to the minimum extent necessary.
We do not share your personal data with marketing networks, ad networks, or unrelated third parties.
7. Where your data is processed
Omni HR is hosted on infrastructure operated by Cloudpepper (registered Odoo SaaS partner). Servers are located in Singapore. Some support tools (email, error reporting) may transfer limited data outside Singapore; in such cases we use Standard Contractual Clauses or equivalent safeguards.
8. Sub-processors
| Sub-processor | Role | Location |
|---|---|---|
| Cloudpepper | Hosting & Odoo SaaS platform | Singapore |
| Google Firebase Cloud Messaging | Push notifications (when enabled) | Global |
| Apple Push Notification service | Push notifications (when enabled) | Global |
We update this list as our infrastructure evolves. Material changes will be reflected in the next revision of this policy.
9. Your rights
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you.
- Correct inaccurate data.
- Delete your account and the personal data tied to it (see below).
- Restrict or object to certain processing.
- Withdraw consent to face biometric processing.
- Data portability — receive a copy of your data in a structured format.
- Lodge a complaint with your supervisory authority (e.g. PDPC in Singapore, the relevant Data Protection Authority in the EU).
How to exercise these rights
- For data your employer controls (your HR records, attendance entries, leave history): contact your HR administrator first. Your employer is the controller for that data.
- For your account on the Omni HR mobile platform: open the app → Profile → Delete my account. This will sign you out of every device and request that your face biometric data and active mobile sessions be removed.
- If you cannot access the app (lost phone, locked out): use the Account Deletion Request page or email us at privacy@omnisoftsolution.com.
We will respond within 30 days of a verified request, in accordance with applicable law.
10. How we protect your data
- All network traffic between the mobile app, the Omni HR backend, and our SaaS coordinator is encrypted in transit (TLS 1.2+).
- Your face biometric data, attendance records, and HR records are stored on isolated, per-customer Odoo databases.
- Access to production systems is restricted to a small set of named staff and is audit-logged.
- On-device data (cached profile, enrolled face) is stored in the app’s private sandbox; it is wiped when you log out, clear your local cache, or delete your account.
11. Children
Omni HR is intended for use by employees of our customer companies. We do not knowingly collect personal data from anyone under the age of 16. If you believe a minor’s data has been provided to us, contact us and we will delete it.
12. Changes to this policy
We may update this policy from time to time. Material changes will be communicated through the app or by email. The “Last updated” date at the top reflects the most recent revision.
13. Contact us
For privacy questions or to exercise the rights described above:
- Email: privacy@omnisoftsolution.com
- Post: Omnisoft Technologies Pte. Ltd., 6 Eu Tong Sen Street, #08-03, The Central, Singapore 059817.
This policy is provided in plain English for clarity. Where it conflicts with applicable law, the law prevails.