Privacy Policy

How we collect, use, and protect your data at ClockBase

NDPA 2023 Compliant

No Biometric Storage

Staff fingerprints never leave their device

Encrypted Data

AES-256 encryption at rest and in transit

Your Rights Protected

Access, correct, or delete your data anytime

Table of Contents

01 Introduction 02 Data Controller 03 Data We Collect 04 Biometric Auth 05 How We Use Data 06 Legal Basis 07 Data Sharing 08 International Transfers 09 Data Retention 10 Data Security 11 Your Rights 12 Cookies 13 Children's Privacy 14 Policy Changes 15 Contact Us 16 Supervisory Authority
1

Introduction

Wakato Technologies ("we", "our", or "us") operates ClockBase, a comprehensive attendance management platform for organizations, educational institutions, staff, students, and parents. This Privacy Policy explains how we collect, use, store, and protect personal data in compliance with the Nigeria Data Protection Act (NDPA) 2023 and other applicable data protection laws.

This policy applies to:

Staff Members
Students
Parents/Guardians

By using ClockBase, you consent to the data practices described in this policy.

Last updated: April 17, 2026

2

Data Controller

The data controller responsible for your personal data is:

Wakato Technologies
House 15, Road 5A, Solia Adekoya Street, Off Lekki-Epe Express Way, Ibeju Lekki, Lagos, Nigeria
hello@wakatotech.com
wakatotechnologies@gmail.com
3

Data We Collect

We collect different categories of personal data depending on your role:

Staff Data

  • Identity Data: Name, employee ID, photograph, job title, department
  • Contact Data: Work email address
  • Attendance Data: Clock-in/out timestamps, attendance records, work hours
  • Location Data: Real-time GPS verification at check-in/check-out only (not stored - see Section 4)
  • Authentication Data: FIDO2/WebAuthn public keys (not biometric data - see Section 4)
  • Device Data: Browser type, device identifiers for authentication

Student Data

  • Identity Data: Name, student ID, photograph, class/grade
  • Attendance Data: Check-in/check-out timestamps, attendance records
  • Pickup Data: Pickup timestamps, designated picker information

No Biometrics for Students

We do not collect any biometric data from students. Student attendance is recorded through non-biometric methods.

Parent/Guardian Data

  • Identity Data: Name
  • Contact Data: Email address, phone number
  • Relationship Data: Link to child(ren) via secure code
  • Pickup Data: Pickup requests, designated picker assignments, pickup history
  • Location Data: Real-time proximity verification only during active pickup (not stored)
4

Biometric Authentication & Location Data

Your Biometrics Stay With You

ClockBase does NOT store fingerprints or biometric data on our servers. Your biometric data never leaves your device.

For staff authentication, we use the FIDO2/WebAuthn standard. This means:

  • Your fingerprint or face scan is processed entirely on your own device
  • Only a cryptographic public key is sent to and stored on ClockBase servers
  • This public key cannot be used to reconstruct your biometric data
  • Your actual biometric data never leaves your device

GPS Location: Real-Time Only, Zero Storage

GPS coordinates are used only for real-time geofencing verification at the moment of check-in/check-out. Location data is NOT logged or stored on our servers. Once verification is complete, the location data is discarded.

Students & Parents

We do not collect or process any biometric data from students or parents. Only non-biometric authentication methods are used. Parent location is verified in real-time during pickup only and is not stored.

5

How We Use Your Data

We process personal data for the following purposes:

Staff

  • Recording and managing workforce attendance
  • Verifying employee identity during clock-in/out
  • Generating attendance reports for your organization
  • Real-time geofencing verification to confirm work location
  • Sending transactional notifications (e.g., password resets, shift alerts)

Students

  • Recording daily attendance
  • Managing student pickup and release
  • Generating attendance reports for schools and parents

Parents

  • Providing access to child's attendance records
  • Managing pickup requests and designated pickers
  • Real-time proximity verification during student pickup
  • Generating pickup receipts and history
6

Legal Basis for Processing

We process your data based on:

  • Contractual Necessity: Processing required to provide our services to your organization or school
  • Legitimate Interest: System security, fraud prevention, child safety, and service improvement
  • Consent: Where specifically required, such as location access during pickup verification
  • Legal Obligation: Where required by law, such as maintaining attendance records for educational institutions
7

Data Sharing

We share personal data only with:

  • Your Organization/School: Attendance data is accessible to authorized administrators
  • Parents: Can view their own child's attendance and pickup data only
  • SendGrid: Name and email for transactional email delivery only
  • Render Inc.: Our hosting provider (data stored on servers in Oregon, USA)

We do not sell personal data to third parties.

8

International Data Transfers

Your data is stored on Render Inc. servers located in Oregon, USA. These transfers are protected by:

  • Standard Contractual Clauses (SCCs) as required by NDPA Sections 43-44
  • Encryption in transit (TLS 1.3) and at rest (AES-256)
  • Data Processing Agreements with our service providers
9

Data Retention

We retain personal data for the following periods:

Data Type Applies To Retention Period
Attendance Records Staff Student 5 years (audit requirements)
FIDO2 Public Keys Staff Deleted on off-boarding
GPS Location Data Staff Parent Not stored (real-time only)
Pickup Records Student Parent 3 years
Account Data Staff Parent Duration of relationship + 1 year

After the retention period, data is securely deleted or anonymized for statistical analysis.

10

Data Security

We implement appropriate technical and organizational measures including:

  • Encryption of data in transit and at rest
  • Secure session management with HttpOnly, Secure, and SameSite cookie flags
  • Rate limiting to prevent brute-force attacks
  • Regular security assessments
  • Access controls limiting data access to authorized personnel
  • Secure parent-child linking via unique codes
11

Your Rights

Under the Nigeria Data Protection Act (NDPA), you have the right to:

Access
Request a copy of your personal data
Rectification
Request correction of inaccurate data
Erasure
Request deletion of your data
Restriction
Request limited processing of your data
Portability
Receive your data in a machine-readable format
Objection
Object to processing based on legitimate interests

To exercise these rights, contact your organization's administrator or email us directly. Parents may request access to their child's data.

12

Cookies

ClockBase uses essential cookies required for:

  • User authentication and session management
  • Security features

We do not use advertising or tracking cookies.

13

Children's Privacy

ClockBase processes student data only with appropriate organizational consent from schools and educational institutions. We take special care to protect children's data:

  • No biometric data is collected from students
  • No GPS tracking of students
  • Parent access is verified through secure linking codes
  • Student data is only accessible to authorized school administrators and linked parents
  • Pickup verification ensures child safety during release
14

Changes to This Policy

We may update this Privacy Policy periodically. We will notify users of significant changes through the platform or via email. The "Last updated" date at the top indicates when the policy was last revised.

15

Contact Us

For questions, concerns, or to exercise your data protection rights, contact:

Data Protection Officer
Wakato Technologies
hello@wakatotech.com
wakatotechnologies@gmail.com
House 15, Road 5A, Solia Adekoya Street, Off Lekki-Epe Express Way, Ibeju Lekki, Lagos, Nigeria
16

Supervisory Authority

You have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC) if you believe your data protection rights have been violated.

© 2026 Wakato Technologies. All rights reserved.

Back to ClockBase