Privacy Policy

Hajri: A product of Tupple Application

Effective Date: 22 May 2026 | Last Updated: 22 May 2026

1. Introduction

Welcome to Hajri (“Hajri”, “we”, “our”, or “us”). Hajri is a Human Resource Management System (HRMS) and workforce management platform operated by Tupple Application that helps organisations manage attendance, location tracking, facial recognition–based check-ins, and automated payroll for their employees.

This Privacy Policy explains how we collect, use, store, share, and protect personal information when you visit https://hajri.app (the “Website”), use our mobile applications, or use the Hajri service in any form (collectively, the “Service”). It also describes the rights available to you regarding your personal data.

Hajri is primarily offered to businesses in India and is also available to customers in other jurisdictions. We are committed to complying with India’s Digital Personal Data Protection Act, 2023 (“DPDP Act”), the Information Technology Act, 2000 and rules thereunder, and, where applicable, the EU General Data Protection Regulation (GDPR) and other regional privacy laws.

By accessing or using the Service, you confirm that you have read, understood, and agreed to this Privacy Policy. If you do not agree, please do not use the Service.

2. Our Role: Controller vs. Processor

Hajri serves two categories of individuals, and our role with respect to personal data differs for each:

2.1 Visitors and Customer Account Holders

When you visit our Website, sign up for a trial, book a demo, subscribe to our Service, or otherwise interact with us directly as a customer, Hajri acts as the data controller (or, under the DPDP Act, the “Data Fiduciary”) of your personal data.

2.2 Employees and End Users of Our Customers

When an organisation (our “Customer”) uses Hajri to manage its workforce, that organisation is the data controller / Data Fiduciary of its employees’ data. Hajri acts as a data processor (or “Data Processor” under the DPDP Act) and processes employee data strictly on the instructions of the Customer and as necessary to provide the Service.

If you are an employee using Hajri at the direction of your employer and have questions about how your data is being used, please contact your employer first. We will support our Customer in responding to your request as required by applicable law.

3. Information We Collect

We collect the following categories of information:

3.1 Information You Provide Directly

Account and Contact Information: Name, business name, work email address, phone number, designation, billing address, and payment-related information when you register, request a demo, or subscribe.
Employee Profile Information: Provided by Customers about their employees, including name, employee ID, photograph, designation, department, work location, shift details, joining date, and contact details.
Communications: Information you share when you contact our support team, respond to surveys, or otherwise communicate with us.

3.2 Biometric Information (Facial Data)

Hajri offers AI-based facial recognition for attendance verification. When this feature is enabled by a Customer:

Facial Templates: We process images of employees’ faces to create a unique mathematical representation (a “facial template” or “face embedding”) that is used to verify identity at check-in.
Selfies / Check-in Photos: A selfie captured at the time of attendance marking may be stored as part of the attendance record.

Biometric information is treated as sensitive personal data. It is collected and processed only on the lawful instructions of the Customer (employer), who is responsible for obtaining the required consent or other lawful basis from each employee before enabling this feature. Employees may decline to provide biometric data and request alternative attendance methods from their employer.

3.3 Location Information

Where the Customer enables location-based features (GPS attendance, geo-fencing, live location tracking, route replay):

We collect GPS coordinates, location accuracy, and timestamps from employee devices during working hours or shift times as configured by the Customer.
Location may be captured at the moment of check-in / check-out, periodically during shifts, or continuously for field staff, depending on the Customer’s configuration.
Employees are notified within the Hajri mobile app when location tracking is active.

3.4 Attendance, Shift, and Payroll Data

Check-in and check-out times, break durations, shift completion records, overtime, late marks, and half-day records.
Leave applications, approvals, and balance information.
Salary structure, deductions, allowances, statutory contributions, and pay slips, where the payroll feature is used.

3.5 Device, Technical, and Usage Information

Device identifiers, operating system, app version, IP address, mobile network information, and crash logs.
Log data such as login timestamps, features used, pages visited, and actions performed within the Service.
Cookies and similar tracking technologies on our Website (see Section 9).

3.6 Information from Third Parties

Payment confirmation data from our payment processors.
Information from analytics providers about how our Website and apps are used.
Publicly available business information used for Customer onboarding and verification.

4. How We Use Your Information

We use personal data for the following purposes:

Providing the Service: To create and manage accounts, mark and verify attendance, run facial matching, track location, calculate payroll, and deliver reports.
Authentication & Security: To verify user identity, prevent buddy-punching, detect spoofing or fraud, and secure accounts.
Customer Support: To respond to queries, troubleshoot issues, and improve user experience.
Service Improvement: To analyse usage patterns, fix bugs, develop new features, and improve performance. We use aggregated and de-identified data wherever feasible.
Billing & Payments: To process subscriptions, invoices, and renewals.
Communications: To send service-related notices, security alerts, updates, and (where permitted) marketing communications about Hajri features.
Legal Compliance: To comply with applicable laws, respond to lawful requests from authorities, enforce our terms, and protect our rights, property, and safety.

We do not sell personal data. We do not use employee biometric data, location data, or payroll data to train third-party advertising models or for advertising purposes.

5. Legal Basis for Processing

We rely on the following legal bases, depending on the jurisdiction and category of data:

Contract: Processing necessary to provide the Service to our Customers and the users they enrol.
Consent: For biometric processing, location tracking, marketing communications, and other purposes where consent is legally required. Consent can be withdrawn at any time, subject to legal and contractual restrictions.
Legitimate Interests: To secure our Service, prevent fraud, and operate and improve our business, where this does not override your fundamental rights.
Legal Obligation: To comply with applicable tax, employment, accounting, and other laws.

6. How We Share Information

We share personal data only as described below:

6.1 With Our Customers (Employers)

Employee data collected through the Service — including attendance, location, photos, biometric verification results, and payroll information — is accessible to the Customer organisation that has enrolled the employee. Access controls within the Customer organisation are managed by the Customer.

6.2 Service Providers and Sub-processors

We use trusted third-party service providers to operate the Service. These may include:

Cloud hosting and infrastructure providers (for storage and compute).
Facial recognition / computer vision technology providers.
Map and geolocation service providers.
Payment processors and billing providers.
Communication providers (email, SMS, push notifications).
Analytics and crash-reporting providers.
Customer support and CRM tools.

Sub-processors are contractually required to protect personal data, use it only for the purposes we authorise, and follow security standards consistent with this Policy and applicable law.

6.3 Legal Disclosures

We may disclose personal data when required by law, court order, or government request, or when we believe disclosure is necessary to protect our rights, the safety of users, or to investigate fraud or security incidents.

6.4 Business Transfers

If Hajri or Tupple Application is involved in a merger, acquisition, restructuring, or sale of assets, personal data may be transferred as part of that transaction. We will notify affected users and ensure the receiving party honours the commitments in this Policy.

7. International Data Transfers

Hajri is operated from India, and personal data may be stored and processed on servers located in India or in other jurisdictions where our service providers operate. Where personal data is transferred outside the user’s country of residence, we put appropriate safeguards in place, including contractual protections such as standard contractual clauses, and we comply with the cross-border transfer requirements of the DPDP Act, GDPR, and other applicable laws.

8. Data Retention

We retain personal data only as long as necessary for the purposes described in this Policy:

Active accounts: For the duration of the Customer’s subscription and the employee’s enrolment.
Attendance and payroll records: Retained as required by applicable labour, tax, and employment laws, typically for several years after the relevant financial year.
Biometric data: Retained only while the employee is active on the platform with facial recognition enabled. Facial templates are deleted within a reasonable period after the employee is offboarded or the feature is disabled, except where retention is required by law.
After account termination: Customer data is deleted or anonymised within a reasonable period after termination, subject to legal retention requirements and reasonable backup cycles.

9. Cookies and Tracking

Our Website uses cookies and similar technologies to operate the site, remember preferences, analyse traffic, and improve user experience. You can manage cookies through your browser settings. Some features may not function correctly if you disable cookies.

We typically use:

Strictly necessary cookies: Essential for the Website to function.
Analytics cookies: To understand how visitors use the Website (e.g., Google Analytics).
Functionality cookies: To remember preferences and personalise the experience.

10. Data Security

We implement industry-standard technical and organisational measures designed to protect personal data, including:

Encryption of data in transit using TLS / HTTPS.
Encryption at rest for sensitive data, including biometric templates.
Role-based access controls and the principle of least privilege.
Regular security reviews, vulnerability scanning, and patching.
Logging and monitoring of access to sensitive data.
Background checks and confidentiality obligations for personnel with access to personal data.

No method of transmission or storage is 100% secure. While we strive to protect personal data, we cannot guarantee absolute security. Users and Customers are responsible for maintaining the confidentiality of their credentials and access devices.

11. Your Rights

Subject to applicable law and your relationship with us, you may have the following rights:

Right to Access: Request a copy of the personal data we hold about you.
Right to Correction: Request that inaccurate or incomplete data be corrected.
Right to Erasure: Request deletion of your personal data, subject to legal and contractual exceptions.
Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.
Right to Grievance Redressal: File a grievance with our Grievance Officer (see Section 14) under the DPDP Act and IT Rules.
Right to Nominate: Under the DPDP Act, you may nominate another individual to exercise your rights in the event of your death or incapacity.
Additional Rights under GDPR: If you are in the EEA or UK, you also have the right to restrict or object to processing, the right to data portability, and the right to lodge a complaint with a supervisory authority.

If you are an employee of one of our Customers, please direct your rights requests to your employer first. We will assist the Customer in fulfilling such requests as a processor.

12. Children’s Privacy

Hajri is a workforce management tool intended for use by businesses and adult employees. The Service is not directed to children under the age of 18, and we do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without appropriate consent, we will delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations. The updated version will be posted at https://hajri.app with a revised “Last Updated” date. Material changes will be communicated through the Service or by email where appropriate. Your continued use of the Service after the changes take effect constitutes acceptance of the updated Policy.

14. Contact Us and Grievance Officer

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Hajri – a product of Tupple Application

Email (General Privacy Queries): privacy@hajri.app

Email (Support): support@hajri.app

Website: https://hajri.app

Grievance Officer (India)

In accordance with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023, the following Grievance Officer has been designated:

Name: Suraj Ahir

Email: grievance@hajri.app

Address:419, Platinum Point, Sudama Chowk, Mota Varachha, Surat, Gujarat 394101

The Grievance Officer will acknowledge complaints within the timelines required by law and resolve them within the statutory time frame.