Legal
Last updated: 19 May 2026
This policy explains what data Adestio collects, why we collect it, and what rights you have over it. Because we process biometric and location data, we take this seriously.
Adestio processes biometric data (facial geometry), precise location data, and employment attendance records. We take your privacy seriously and have designed this policy to meet the requirements of the California Consumer Privacy Act (CCPA/CPRA), the Illinois Biometric Information Privacy Act (BIPA), and the EU/UK General Data Protection Regulation (GDPR), among other applicable laws. Please read it carefully.
Adestio is a free time and attendance platform available on iOS and Android. The data controller for personal data collected through this website and the Adestio application is Adestio.
Contact: hello@adestio.com
Where an employer or operator (an "Operator") sets up a site and invites workers to it, the Operator acts as a separate data controller for the attendance records of their workers. Adestio acts as a data processor on the Operator's behalf for that data. This policy covers Adestio's own data processing activities.
When you register for an Adestio account, we collect your name, email address, and, for Operators, your business name. Workers may also provide a phone number and job role.
When a worker registers their face for facial-recognition clock-in, we collect and process a biometric identifier: a mathematical representation of the worker's facial geometry. We do not store raw photographs as part of the identity-verification process; we store an encrypted facial template derived from an image captured at registration.
Biometric data is subject to special protections described in Section 3 below.
The Adestio app collects your precise GPS location when you attempt to clock in or out of a site. Location data is used solely to verify that you are within the geofence boundary configured for that site. Persistent background location tracking is not required for the core attendance function.
We store the time and date of each clock-in and clock-out event, the site to which it relates, and whether verification was successful.
Workers may upload copies of licences, certifications, or compliance documents required by an Operator's site. These are stored and checked for validity dates on each clock-in.
We collect device identifiers, operating system version, app version, and crash/error logs to maintain and improve the service.
This website may collect standard server log data (IP address, browser type, pages visited, referring URL) for security and analytics purposes.
Facial geometry and other biometric identifiers are irreplaceable. If compromised, unlike a password, they cannot be changed. We apply the following protections in compliance with the Illinois Biometric Information Privacy Act (BIPA) and equivalent state and national laws:
Informed written consent. Biometric data is only collected from a worker after they have been provided with this policy and have given their explicit consent through an in-app acknowledgement prior to registration.
No sale or profit. We do not sell, lease, trade, or otherwise profit from biometric data. We do not share biometric data with any third party except as strictly necessary to provide the verification service (e.g. a secure processing subprocessor), and never for marketing or commercial profiling.
Secure storage. Biometric templates are encrypted at rest and in transit using industry-standard encryption. Access is restricted to authorised systems only.
Retention and deletion. Biometric data is deleted no later than 3 years from the date of last use, or within 30 days of a worker's account deletion or a deletion request, whichever is sooner. Operators are notified of retention obligations when configuring their account.
Withdrawal of consent. Workers may withdraw consent for biometric processing at any time by deleting their facial template in the app settings or by contacting us. Withdrawal does not affect prior processing. If biometric verification is required by an Operator's site, an alternative clock-in method (manual supervisor verification) will be made available.
We collect your device's GPS coordinates at the point of a clock-in or clock-out attempt. We do not track your location continuously throughout your working day, nor do we use location data outside of the attendance verification function.
Location coordinates captured during clock-in events are retained as part of the attendance record for that event and are subject to the retention periods described in Section 7. Location data is accessible to the Operator who manages the relevant site.
You may revoke location permissions in your device settings. Doing so will prevent geofence verification and may prevent you from clocking in via the app.
| Purpose | Legal basis |
|---|---|
| Providing the Adestio service, including account management | Contract performance |
| Verifying a worker's identity at clock-in using facial recognition | Explicit consent (biometric); contract performance |
| Verifying a worker's location is within a site's geofence | Contract performance; legitimate interests |
| Recording attendance events and generating timesheets | Contract performance; legitimate interests of Operator |
| Syncing attendance data to accounting integrations (Xero, QuickBooks, Sage, etc.) | Contract performance; instruction of Operator |
| Checking validity of uploaded documents and certifications | Contract performance; legal obligation (where applicable) |
| Diagnosing technical issues and improving the app | Legitimate interests |
| Sending service-related communications (security alerts, policy updates) | Contract performance; legal obligation |
| Complying with legal and regulatory requirements | Legal obligation |
We do not use personal or biometric data for advertising, behavioural profiling, or the training of AI models.
| Data type | Retention period |
|---|---|
| Biometric templates (facial geometry) | 3 years from last use, or 30 days after account/template deletion request |
| Attendance records and timesheets | 7 years (to meet typical employment and tax record obligations), unless shorter period instructed by Operator |
| Account profile data | Duration of account, plus 30 days after deletion |
| Uploaded documents and certifications | Duration of account or as instructed by Operator |
| Location data (tied to attendance event) | As part of the attendance record |
| Technical logs | 90 days |
Depending on your location, you may have some or all of the following rights regarding your personal data:
To exercise any right, contact us at hello@adestio.com. We will respond within 30 days (or within the period required by applicable law). We do not charge for reasonable requests. If you are a worker and your request relates to data processed on behalf of an Operator, we may need to direct your request to that Operator.
If you believe we have not handled your data appropriately, you have the right to lodge a complaint with your local data protection authority (e.g. the ICO in the UK, the relevant supervisory authority in your EU member state, or the California Privacy Protection Agency).
Adestio operates with infrastructure hosted primarily in the United States. If you access Adestio from outside the United States, your personal data will be transferred to and processed in the US. For users in the European Economic Area (EEA) or United Kingdom, such transfers are made using appropriate safeguards, including Standard Contractual Clauses approved by the European Commission or UK equivalent transfer mechanisms.
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, destruction, or alteration. These include encryption of data in transit (TLS) and at rest, access controls, and regular security reviews.
No system is completely secure. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority as required by law.
If you believe your account has been compromised, contact us immediately at hello@adestio.com.
Adestio is not directed at children under the age of 16 (or the applicable age of majority in your jurisdiction). We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without verifiable parental consent, we will delete it promptly. If you believe a child's data has been submitted to Adestio, please contact us at hello@adestio.com.
We may update this Privacy Policy from time to time. If we make material changes — particularly to how we process biometric data — we will notify registered users by email and/or by a prominent in-app notice at least 30 days before the change takes effect. For non-material changes, we will update the "Last updated" date at the top of this page.
Your continued use of Adestio after the effective date of any updated policy constitutes your acceptance of the revised terms, except where applicable law requires a renewed consent.
For any questions about this Privacy Policy, to exercise your rights, or to raise a concern about how we have handled your data, contact:
Adestio — Privacy
Email: hello@adestio.com
We aim to respond to all privacy requests within 30 days. For biometric data deletion requests we aim to confirm completion within 7 business days.