Have questions or need support? Visit our Contact Us page →
Last Updated: April 7, 2026
1. Introduction
DBK Clock-in ("the App," "we," "us," or "our") is a workforce management mobile application operated by DBK Construction. The App is designed for use by authorized employees ("workers") and administrators ("admins") of DBK Construction to facilitate time tracking, job-site documentation, and team management.
This Privacy Policy describes what personal information we collect, how we use it, how we store and protect it, and your rights regarding that information. By creating an account or using the App, you agree to the practices described in this policy.
The App is intended solely for authorized employees and contractors of DBK Construction. New user accounts require administrator activation before use.
2. Data We Collect
We collect the following categories of data:
| Data Category | Specific Data | Purpose |
|---|---|---|
| Identity & Account | First name, last name, email address, profile photo (if provided via Google/Apple sign-in), user role (worker or admin) | Account creation, identification, and role-based access control |
| Authentication | Google or Apple Sign-In tokens; optional encrypted PIN (4–6 digits) for Easy Login | Secure authentication and quick re-login |
| Precise Location Background | GPS coordinates, accuracy, altitude, speed, heading, timestamps | Geofence arrival/exit detection, travel tracking between job sites, clock-in verification |
| Time & Shift Data | Clock-in/out timestamps, travel start/end times, shift durations, device date, timezone | Payroll time tracking, timesheet generation, weekly reports |
| Audio Data | Voice memo recordings (voluntarily captured by the user) | AI-powered transcription for job-site documentation and notes |
| Photos & Videos | Job-site images and videos (voluntarily captured by the user) | Project documentation, progress tracking, compliance records |
| Compliance Documents | OSHA cards, driver's licenses, insurance cards, W-9 forms (uploaded voluntarily or at admin request) | Regulatory compliance, employee record-keeping |
| Device Information | Device model, OS version, app version, push notification token, battery level | Push notifications, troubleshooting, feature compatibility |
| Usage Data | App interaction events (clock-in actions, navigation), crash logs | App improvement, bug detection, reliability monitoring |
3. How We Use Your Data
We use the collected data exclusively for the following purposes:
- Time Tracking & Payroll: Recording clock-in/out times, calculating shift durations, and generating timesheets and weekly reports for payroll processing.
- Geofencing & Travel Detection: Automatically detecting when you arrive at or depart from a job site, and tracking travel time between sites to ensure accurate time records.
- Job-Site Documentation: Storing photos, videos, and transcribed voice memos as project records and compliance documentation.
- Employee Compliance: Maintaining records of required documents (OSHA cards, licenses, insurance, W-9 forms) as required by applicable regulations.
- Push Notifications: Sending shift reminders, clock-in/out alerts, and administrative messages.
- App Functionality: Authenticating users, managing roles and permissions, syncing data across devices, and maintaining app reliability.
- Administrative Oversight: Enabling administrators to view workforce status, manage projects, and generate reports.
We do not sell, rent, or share your personal data with third parties for advertising or marketing purposes. We do not use your data for user tracking or behavioral profiling across other apps or websites.
4. Location Data Sensitive
4.1 Why We Collect Location Data
Location data is central to the App's core functionality. We use precise GPS location to:
- Detect when you arrive at or leave a designated job site (geofencing)
- Automatically log travel time between job sites
- Verify that clock-in events correspond to physical presence at a work location
- Generate accurate travel and time records for payroll
4.2 Background Location Access
The App requests "Always" location permission to detect geofence entry and exit events while the App is in the background or closed. This is necessary because workers may arrive at or leave job sites without actively opening the App.
When background location is active, iOS displays a blue status bar or location indicator to inform you. You may revoke background location access at any time through your device Settings, though this will disable automatic geofence detection.
4.3 How Location Data is Stored
Location coordinates are stored in our secure database associated with time events (e.g., "arrived at job site at [coordinates] at [time]"). Raw GPS samples used for geofence calculations are processed locally on your device and are not continuously uploaded to our servers. Only meaningful events (arrivals, departures, travel starts) are recorded.
4.4 Opting Out
You can disable location access at any time via your device's Settings > Privacy & Security > Location Services > DBK Clock-in. Disabling location will prevent automatic geofence detection and travel tracking. Manual clock-in/out will remain available.
5. Audio & Voice Memos
The App allows you to voluntarily record voice memos for job-site documentation. When you record a memo:
- The audio file is uploaded to our secure server
- The audio is sent to OpenAI's Whisper API for speech-to-text transcription
- The transcribed text is saved and associated with the relevant project
- The original audio file is stored securely on Google Drive
Audio recording is entirely voluntary and only occurs when you explicitly tap the record button. The App never records audio in the background or without your active initiation. Microphone access can be revoked at any time through your device Settings.
6. Photos & Videos
The App allows you to capture photos and videos for job-site documentation. This media is:
- Captured only when you actively use the in-app camera or select from your photo library
- Uploaded to secure cloud storage (Google Drive) and linked to the relevant project
- Accessible to you, your project administrators, and authorized personnel
The App never accesses your camera or photo library without your explicit action. Camera and photo library access can be revoked at any time through your device Settings.
7. Third-Party Services
We use the following third-party services to operate the App:
| Service | Provider | Purpose | Data Shared |
|---|---|---|---|
| Firebase Authentication | Google LLC | User sign-in and identity management | Email, name, auth tokens |
| Cloud Firestore | Google LLC | Primary database for app data | All app data (encrypted in transit and at rest) |
| Firebase Cloud Functions | Google LLC | Server-side processing | Data processed on demand |
| Firebase Cloud Messaging | Google LLC | Push notifications | Device push tokens, notification content |
| Google Drive API | Google LLC | Media and document storage | Photos, videos, audio files, compliance documents |
| Google Maps SDK | Google LLC | Map display and geocoding | Location coordinates for map rendering |
| OpenAI Whisper API | OpenAI, Inc. | Audio transcription (voice memos) | Audio recordings for speech-to-text conversion |
| Apple Sign-In | Apple Inc. | Authentication (iOS) | Name, email (as chosen by user) |
| Google Sign-In | Google LLC | Authentication | Name, email, profile photo |
Each third-party service operates under its own privacy policy. We encourage you to review:
8. Data Storage & Security
8.1 Where Data is Stored
App data is stored on Google Cloud Platform servers located in the United States (us-east4 region). Media files (photos, videos, documents) are stored in Google Drive under a secured organizational account.
8.2 Security Measures
We implement the following security measures to protect your data:
- Encryption in Transit: All data transmitted between the App and our servers uses TLS (HTTPS) encryption.
- Encryption at Rest: Data stored in Cloud Firestore and Google Drive is encrypted at rest using Google's default encryption.
- PIN Encryption: Easy Login PINs are encrypted using AES-256-GCM with a dedicated encryption key before storage. PINs are never stored in plain text.
- Authentication Tokens: Secure, short-lived authentication tokens are used for API requests. Worker tokens expire after 4 hours; admin tokens expire after 8 hours.
- Role-Based Access Control: Strict Firestore security rules ensure workers can only access their own data. Only administrators can access other users' records.
- Rate Limiting: Easy Login is protected against brute-force attacks with a maximum of 5 attempts followed by a 15-minute lockout.
- Password Hashing: Where applicable, passwords are hashed using bcrypt.
8.3 Data Access
Your personal data (time events, location history, media) is accessible to:
- You — your own data through the App
- Your administrators — through the admin dashboard for workforce management purposes
- System processes — automated cloud functions for time calculations, report generation, and data cleanup
9. Data Retention
We retain your data as follows:
- Account Data: Retained for as long as your account is active, and deleted upon account deletion request.
- Time & Shift Records: Retained as needed for payroll, tax, and labor compliance purposes, typically for a minimum of 3 years as required by applicable labor laws.
- Location Data: Retained as part of time event records for payroll accuracy and dispute resolution.
- Media Files: Retained as project documentation for as long as the associated project records are active.
- Compliance Documents: Retained as required by OSHA and applicable regulatory requirements.
- Voice Memos & Transcriptions: Retained as project documentation.
When you delete your account (see Section 10), we delete your personal profile data, authentication credentials, and device information. Time records and project documentation may be retained in anonymized or de-identified form as required for business and legal compliance.
10. Your Rights
You have the following rights regarding your personal data:
10.1 Access & Portability
You can view your personal data, time records, shift history, and uploaded media directly within the App. To request a full data export, contact us using the information in Section 13.
10.2 Correction
You can update your profile information within the App. For corrections to time records, contact your administrator.
10.3 Account Deletion
You can request deletion of your account and associated personal data directly within the App through the account settings. Upon deletion:
- Your user profile and authentication credentials are permanently deleted
- Your device tokens and push notification registrations are removed
- Your personal data is removed from active systems
- Certain records (time events, compliance documents) may be retained in anonymized form as required by labor law and regulatory compliance
10.4 Withdraw Consent
You can withdraw consent for specific data collection at any time by adjusting your device permissions:
- Location: Settings > Privacy & Security > Location Services > DBK Clock-in
- Camera: Settings > Privacy & Security > Camera > DBK Clock-in
- Microphone: Settings > Privacy & Security > Microphone > DBK Clock-in
- Notifications: Settings > Notifications > DBK Clock-in
Note: Disabling certain permissions may limit App functionality (e.g., disabling location prevents automatic geofence detection).
10.5 California Residents (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell personal information. To exercise your CCPA rights, contact us using the information in Section 13.
11. Children's Privacy
The App is designed for use by employed adults and is not intended for children under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that a child under 16 has provided personal data, we will take steps to delete that information.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
- Update the "Last Updated" date at the top of this page
- Notify users through the App or via push notification for significant changes
Your continued use of the App after any changes constitutes acceptance of the updated policy.