SOCHEATA

Legal

Privacy Policy

Last updated: June 2026

1. What We Collect

We collect information necessary to provide the Service:

  • Account data — company name, email, billing address
  • Employee data — names, employee IDs, department assignments
  • Biometric data — face embeddings (512-dimensional vectors) derived from enrolled photos
  • Attendance records — timestamps, camera events, check-in/out logs
  • Usage data — access logs, feature usage for service improvement

2. How We Use Your Data

Data is used solely to operate and improve the Service: processing attendance events, generating reports, sending notifications, and providing customer support. We do not use biometric data for any purpose other than identity verification within your organisation.

3. Biometric Data

Face embeddings are mathematical representations of facial geometry — they cannot be reverse-engineered into a photograph. Embeddings are stored encrypted in our database and in FAISS vector indexes isolated per company. Enrollment photos are retained only until the embedding is generated, then deleted. You may delete any employee's biometric data at any time from the admin panel.

4. Data Sharing

We do not sell your data. We share data only with:

  • Infrastructure providers (hosting, database) under strict data processing agreements
  • ABA PayWay for payment processing
  • Authorities when required by Cambodian law

5. Data Retention

Attendance records are retained for the duration of your subscription plus 30 days. Biometric data is deleted immediately upon employee removal or account termination. You may request full data export or deletion at any time.

6. Security

We use AES-256 encryption at rest, TLS in transit, JWT authentication with short expiry, and role-based access controls. Camera RTSP credentials are stored encrypted. We conduct regular security reviews.

7. Your Rights

As a data controller, you have the right to access, correct, export, or delete all data held within your account. Contact us to exercise these rights or to request a data processing agreement (DPA).

8. Contact

Privacy questions: privacy@socheata.app