Sijil — Privacy Policy
How the Sijil mobile app handles your data
Effective date: 2026-05-25 · Last updated: 2026-05-25
Sijil ("the App") is published by Pro Comrades for Computer Activities Co. W.L.L. ("Pro Comrades", "we", "us"). This policy describes what data the App handles and how.
Plain-English summary
Sijil is a thin client. It sends your data to your employer's own Odoo server so you can self-serve HR tasks (payslips, leaves, attendance, etc.). Pro Comrades does not receive your personal HR data. Nothing is sold to anyone.
2. Who is the data controller
Your employer (the company running the Odoo instance you connect to) is the data controller. They decide what data to keep and how long. Pro Comrades is a software provider; we do not host your employer's database.
If you have data-access or deletion requests, contact your employer's HR department.
3. What the App collects and why
| Data type | Purpose | Where it goes |
|---|---|---|
| Login credentials (username, password, or biometric) | To authenticate you to your employer's Odoo server | Your employer's Odoo server |
| Employee profile (name, employee number, department, job title, work email, work phone) | Display in the app, send updates to your HR record | Your employer's Odoo server |
| Personal contact info (private phone, email, address, emergency contact) | Editable by you for HR records | Your employer's Odoo server |
| Payroll data (payslips, salary breakdown, allowances, deductions, loans) | Show your compensation history | Your employer's Odoo server |
| Attendance (check-in/out timestamps, optional GPS coordinates, optional photo) | Record your work attendance for payroll | Your employer's Odoo server |
| Leave requests (dates, types, reason) | Submit leaves to HR for approval | Your employer's Odoo server |
| Government documents (civil ID, passport, visa, work permit, expiry dates) | Track your government registration and notify before expiry | Your employer's Odoo server |
| Device biometric (Face ID / Touch ID) | Unlock the app | Stays on your device — never transmitted |
| Server URL + API key | Connect to your employer's Odoo instance and stay logged in | Stored encrypted on your device using iOS Keychain / Android Keystore |
| Crash diagnostics (device model, OS version, app version, stack trace) via Firebase Crashlytics | Help us diagnose and fix bugs | Google (Firebase Crashlytics). No personal HR data is included. |
| Push notification token via Firebase Cloud Messaging | Deliver notifications (e.g., leave approval, document expiry) | Google (FCM). Token only — message content is generated by your employer's server. |
We do not collect: your contacts, calendars, photos library, microphone audio, advertising identifier, browsing history, or location while the app is closed.
4. Permissions Sijil requests, and what we do with them
| Permission | When | How |
|---|---|---|
| Location (foreground only) | When you tap Clock In and your employer enabled GPS geofencing | Used once per check-in to verify you are within an approved geofence. Coordinates are sent to your employer's server with the attendance record. We do not track location in the background. |
| Camera | When you tap Clock In and your employer enabled photo verification, or when you upload a document | Photo is sent to your employer's server with the attendance record. We do not access your photo library. |
| Face ID / Touch ID | When you opt in to biometric app unlock | Verification happens locally on your device. Sijil never receives your biometric template. |
| Notifications | When you accept the system prompt | To notify you about approval status, document expiries, payroll updates. Only your employer's server can trigger them. Delivered via Firebase Cloud Messaging. |
You can revoke any permission at any time in iOS / Android settings. The app will gracefully degrade.
5. Third-party services
| Provider | Purpose | Data shared |
|---|---|---|
| Apple App Store / Google Play | App distribution | Standard install metrics (controlled by Apple/Google) |
| Google Firebase Crashlytics (Google LLC) | Diagnose crashes so we can fix bugs | Anonymized crash stack traces, device model, OS version, app version. No personal HR data, no login credentials, no server URL. |
| Google Firebase Cloud Messaging (Google LLC) | Deliver push notifications | A device push token. Notification content is created by your employer's Odoo server and routed through Google to your device. |
| Your employer's Odoo server | Everything functional in the App | All HR data described above |
Google's processing of Firebase data is governed by the Firebase Privacy Policy and Google's Privacy Policy.
Sijil does not integrate with analytics SDKs (no Google Analytics, no Mixpanel, no Amplitude), advertising networks, or any third-party tracking services beyond the two Firebase products listed above.
6. Data retention
Sijil retains the minimum needed to operate:
- Your server URL, API key, and language preference are stored on your device until you log out or uninstall.
- All other data is read live from your employer's Odoo server and not cached longer than needed for the current session.
When you log out or uninstall the App, locally stored credentials are deleted.
7. Children
Sijil is not directed to anyone under 16. It is intended for employed adults.
8. International transfers
HR data goes only to your employer's Odoo server. Your employer chooses where that server is hosted and is responsible for cross-border-transfer compliance. Crash diagnostics and push tokens are processed by Google's global Firebase infrastructure.
9. Your rights
For your HR records (held by your employer), contact your HR department.
For the small amount of data Sijil stores on your device (server URL, API key, language preference): uninstall the App or use Settings → Logout to delete all of it.
10. Security
- All API traffic uses HTTPS (TLS 1.2+).
- Credentials and API keys are stored using iOS Keychain / Android Keystore.
- Biometric verification happens entirely on-device using the operating system's secure enclave.
- Sijil does not embed any cryptographic backdoors or third-party tracking SDKs beyond Firebase Crashlytics and Cloud Messaging.
11. Changes to this policy
If we change this policy, we will update the date at the top and, for material changes, prompt you in-app.
12. Contact
Pro Comrades for Computer Activities Co. W.L.L.
Email: info@procomrades.com
Address: Kuwait City, Kuwait
For data held by your employer, contact your employer directly.
© 2026 Pro Comrades for Computer Activities Co. W.L.L. · Sijil HR