AiLock
← Back to home

Privacy Policy

Last updated: 6 May 2026

Summary

AiLock is a workplace attendance and focus-management tool deployed by your employer. We collect only the data needed to record clock-in / clock-out events and to enforce the focus or secure modes your employer has configured for your work location. We never collect data outside an active work session, never sell your data, and never track you for advertising.

Who controls your data

Your employer is the data controller. AiLock acts as a data processor on their behalf. Questions about your specific attendance records, locked-app reports, or account access should go to your workplace administrator.

For technical questions about how AiLock handles data overall, contact us at andrius55338@gmail.com.

What we collect

During an active work session, we collect:

  • Account identifiers — email address, employee ID, business ID. Stored to authenticate you and link sessions to your employer.
  • Attendance events — clock-in time, clock-out time, duration, security mode, location ID, and platform (iOS, Android, Windows, Mac).
  • Location — coarse and precise GPS coordinates captured at clock-in / clock-out for verification. A reverse-geocoded address (e.g. "123 King St, Sydney") is stored for the admin dashboard. Location is NOT tracked between clock-in and clock-out.
  • Focus-break events — when you tap a blocked app, dismiss the shield, or attempt to bypass focus mode, we log the event type (e.g. "shield_dismiss_app") and a timestamp. We do not log the specific app name on iOS (Apple's FamilyControls API does not expose app identities to us). On Android and desktop, the package or process name of the blocked app is logged so the admin can see which app was attempted.
  • Heartbeat pings — every 30 seconds while a session is active, the app pings the server so your employer can detect offline devices and remotely release a stuck session.

We do NOT collect:

  • Your location outside an active work session
  • The contents of any app, message, web page, or document
  • Your contacts, photos, calendar, or microphone
  • A list of installed apps on iOS (Apple's API forbids this)
  • Any data for advertising, analytics, or third-party tracking

Why we ask for each permission

  • Camera — only used to scan a workplace QR code at clock-in. No photo or video is captured or stored.
  • Location — captured at clock-in / clock-out only, to verify you are at your assigned work location and to record an address. Not tracked while you are working.
  • Screen Time / FamilyControls (iOS) — required to shield distracting app categories during a locked work session. Apple processes this on-device; AiLock never sees your installed apps.
  • Display over other apps (Android) — required to show the AiLock blocking overlay when a restricted app is opened during a locked work session.
  • Usage access (Android) — required to detect which app is in the foreground so the focus / secure shield can be enforced. Used only during an active session.
  • Notifications — used to inform you that focus mode has activated, that an app was blocked, or that a session has ended.

Where data is stored

All AiLock data is stored in Supabase (PostgreSQL database, hosted in the AWS region selected by your employer). Row-Level Security policies ensure that an employee can only read their own records, and that admins can only access records belonging to their business.

Transit encryption: all client-server traffic uses HTTPS (TLS 1.2+). Data at rest is encrypted by Supabase / AWS using AES-256.

How long we keep data

  • Attendance records — kept for as long as your employer's account is active. Retention period after employment ends is determined by your employer's policy and applicable labour laws.
  • Focus-break events — kept for the same period as attendance records.
  • Authentication tokens — refreshed automatically and discarded when you sign out or your employer revokes access.

Who we share data with

We share your data only with:

  • Your employer's admin users — through the AiLock web admin dashboard, scoped to your business
  • Supabase (our infrastructure provider) — for database hosting only; Supabase does not access or process your data
  • Apple / Google — for app distribution and authentication (Sign in with Apple is not used; we use email + password)

We do not share data with advertisers, data brokers, or analytics services.

Your rights

You have the right to:

  • Access the personal data your employer has stored about you
  • Request correction of inaccurate data
  • Request deletion of your account and associated data (subject to your employer's record-keeping obligations)
  • Object to or restrict processing
  • Lodge a complaint with your local data-protection authority

To exercise these rights, contact your workplace administrator first. If they cannot help, email us at andrius55338@gmail.com and we will assist.

Children

AiLock is a workplace tool designed for adult employees. It is not intended for, marketed to, or knowingly used by anyone under 18. We do not knowingly collect data from children.

Changes to this policy

We may update this policy occasionally. Material changes will be announced through the app or via your employer's admin. The "Last updated" date below always reflects the current version.

Contact

AiLock — Privacy Inquiries
Email: andrius55338@gmail.com

This policy applies to AiLock Employee mobile apps (iOS / Android), AiLock Desktop (Windows / macOS), and the AiLock admin web dashboard.