Privacy Policy — Clock in Control

Last updated: April 8, 2026

This Privacy Policy explains how the Clock in Control application processes personal data, including data handling practices designed to support compliance with applicable data protection laws.

1. Identification and roles

• Controller: Master Cleaning, Inc.
• Privacy contact: app@clockincontrol.com
• Address: 8 THE GRN STE A, DOVER, DE 19901, United States
• Data protection contact: until a formal DPO is appointed, privacy requests should be sent to the email above.

In B2B use cases, the employer/customer may also act as a controller for data processed in its own internal operations.

2. Scope

This policy applies to the use of the Clock in Control mobile app, including time tracking and operational evidence features.

3. Data processed, purposes, and legal grounds

The app currently processes the following personal data categories:

• Approximate location
• Precise location
• Photos
• Videos

These data may be collected and, when necessary, shared for the following purposes:

• App functionality (time tracking, attendance validation, activity evidence):
  legal grounds: contract performance and/or pre-contractual procedures.
• Security (account protection, traceability, misuse prevention):
  legal grounds: legitimate interest and security-related purposes.
• Compliance (legal, regulatory, and contractual obligations):
  legal grounds: legal/regulatory obligation and establishment, exercise, or defense of rights.
• Fraud prevention (detection and prevention of irregular conduct):
  legal grounds: legitimate interest and establishment, exercise, or defense of rights.

Where consent is legally required for a specific operation, it will be requested in a clear and specific manner.

4. Data sharing

Data may be shared, as required and with an appropriate legal basis, with:

• service providers and processors (infrastructure, technical support, and security);
• corporate customers using the service (when applicable);
• public, judicial, or administrative authorities when legally required.

We do not sell personal data.

Tracking and App Tracking Transparency (ATT)

Clock in Control does not track users across third-party apps or websites for advertising purposes.

Location, photos, videos, and related metadata (such as date/time and geolocation) are processed only to support app features like time tracking, attendance validation, activity evidence, security, and fraud prevention.

Clock in Control does not use these data for third-party behavioral advertising and does not share personal data with data brokers for tracking. For this reason, the iOS App Tracking Transparency prompt is not displayed in the current version of the app.

5. International data transfers

If data is processed on infrastructure located outside Brazil, we will adopt measures to ensure an adequate level of data protection and legal compliance.

6. Retention and disposal

Data is retained only for as long as needed to:

• fulfill the purposes described in this policy;
• comply with legal and regulatory obligations;
• protect rights in administrative, arbitration, or judicial proceedings.

After the applicable retention period, data is deleted or anonymized, unless legal preservation is required.

7. Information security and incidents

We adopt reasonable technical and organizational measures to protect personal data against unauthorized access, loss, alteration, disclosure, or improper destruction.

In the event of a security incident that may result in relevant risk or damage, we will take appropriate measures, including legally required notifications.

8. Data subject rights

Under applicable law, you may request, when applicable:

• confirmation that processing exists;
• access to personal data;
• correction of incomplete, inaccurate, or outdated data;
• anonymization, blocking, or deletion of unnecessary, excessive, or unlawfully processed data;
• data portability, when applicable;
• information about data sharing;
• information about the possibility of denying consent and related consequences;
• withdrawal of consent (where consent is the legal ground);
• review of automated decisions, when applicable;
• complaint/petition to the competent data protection authority.

To exercise your rights, contact app@clockincontrol.com. We may request additional information to verify your identity and protect personal data.

9. Contact

• Controller/Company: Master Cleaning, Inc.
• Address: 8 THE GRN STE A, DOVER, DE 19901, United States
• Privacy email: app@clockincontrol.com

10. Changes to this policy

This Privacy Policy may be updated periodically to reflect legal, regulatory, technical, or operational changes. The current version will always include the latest update date.