10 (1)
Get App
Legal

Privacy Policy

Last updated: April 13, 2026

Overview

Paylalo (“we”, “our”, or “the app”) is a Daily Time Record (DTR) and payroll management application for small and medium enterprises. This Privacy Policy explains how we collect, use, store, and protect your personal information.

Age Restrictions

Paylalo is designed for business use and is intended for users aged 18 and above. We do not knowingly collect personal information from children under 18. If we become aware that we have collected data from a child under 18, we will promptly delete it.

Biometric Data (Face Data)

We collect facial biometric data for employee identity verification during clock in/out. This section describes in detail how your face data is collected, processed, shared, and stored.

What We Collect

  • Facial images are captured during registration and each clock in/out event
  • These images are used to generate mathematical face feature vectors (biometric templates) for identity matching

Third-Party Processing of Face Data

We share your face data with Amazon Web Services (AWS) for processing and storage. Specifically:

  • AWS Rekognition — We send facial images to AWS Rekognition, Amazon’s cloud-based facial recognition service, to generate face feature vectors and perform identity matching (comparing a clock-in photo against your registered face). AWS Rekognition processes your facial images in real time to create and compare biometric templates. AWS Rekognition does store your face feature vectors (biometric templates) in a dedicated collection associated with your organization. These feature vectors are stored for the sole purpose of enabling fast face-to-face matching during clock in/out verification. Face feature vectors remain stored in AWS Rekognition until we explicitly delete them, which occurs when an employee is removed from their organization, when an employee or administrator requests deletion, or when an organization account is closed. AWS does not use your face data for any purpose other than providing the Rekognition service to us. For more information, see the AWS Rekognition Privacy FAQ and the AWS Privacy Notice.
  • AWS S3 (Simple Storage Service) — Original facial images (registration photos and clock in/out photos) are stored in an encrypted AWS S3 storage bucket. These images are stored to provide an auditable attendance record and to allow re-registration if needed. Images are retained for the duration of the employee’s active employment within their organization. When an employee is removed from their organization or requests deletion, their registration photo is permanently deleted from S3. Clock in/out attendance photos may be retained for a reasonable period for audit and compliance purposes before permanent deletion. AWS S3 encrypts all stored data at rest and in transit. AWS does not access or use stored images for any purpose beyond providing the storage service. For more information, see the AWS S3 Privacy Documentation and the AWS Privacy Notice.

We share face data with AWS solely because their services provide the facial recognition and secure storage capabilities required for our attendance verification system. We do not share your face data with any other third parties.

Consent and Deletion

You may withdraw biometric consent at any time by requesting face data deletion through your organization administrator or by contacting us at support@paylalo.com. Upon receiving a deletion request, we will delete your face feature vectors from AWS Rekognition and your registration images from AWS S3. Note that withdrawing consent may prevent you from using clock in/out features that require face verification.

Location Data

We collect location data to enforce workplace geofencing:

  • GPS coordinates are captured at the time of clock in and clock out only
  • Location is compared against your assigned workplace geofence boundaries
  • We do not track your location in the background or outside of clock events
  • Location data is stored as part of your attendance record

Personal & Employment Data

We collect and store the following personal and employment information:

  • Name, email address, and profile picture
  • Employment details: role, schedule, assigned location, manager
  • Salary information and payroll records
  • Attendance history including timestamps and photos
  • Leave, overtime, and time correction requests

Government Identification

For payroll processing of Philippine government deductions (SSS, PhilHealth, Pag-IBIG), we may collect:

  • SSS number, PhilHealth number, and Pag-IBIG number
  • TIN (Tax Identification Number)
  • These are used solely for computing government-mandated deductions and are stored securely

Data Storage & Security

  • All data is transmitted over encrypted HTTPS connections
  • Data is stored in secure databases with row-level security policies
  • Face images are stored in encrypted cloud storage
  • Access to employee data is restricted by role-based permissions
  • Push notification tokens are stored for delivering app notifications only

Third-Party Services

We use the following third-party services to operate the app:

  • Amazon Web Services (AWS) — facial recognition processing (AWS Rekognition) and facial image storage (AWS S3). See the “Biometric Data” section above for full details.
  • Supabase — database hosting, authentication, and real-time data services. See the Supabase Privacy Policy.
  • Expo / Firebase Cloud Messaging — push notification delivery. See the Expo Privacy Policy and Google Privacy Policy.
  • Google Maps — geofence location display on maps. See the Google Privacy Policy.
  • Google Gemini AI — powers the AI support chatbot. No biometric or payroll data is shared. See the Google Privacy Policy.

Data Sharing

We do not sell, rent, or share your personal data with third parties for marketing purposes. Data is shared only with:

  • Third-party service providers listed above, solely for core app functionality.
  • Your organization’s authorized managers and administrators as required for workforce management.
  • Law enforcement or regulatory authorities if required by applicable law.

Data Retention & Deletion

  • Active employee data is retained for the duration of employment.
  • When an employee is removed, their face data is permanently deleted from our systems.
  • Historical attendance and payroll records are retained for compliance and audit purposes.
  • You may request complete deletion of your account and associated data by contacting your organization administrator or our support team.

Your Rights

You have the right to:

  • Access your personal data stored in the app
  • Request correction of inaccurate personal information
  • Request deletion of your account and personal data
  • Withdraw consent for biometric data processing (note: this may prevent clock in/out functionality)

Changes to this Policy

We may update this Privacy Policy from time to time. We will notify users of material changes through the app. Continued use of Paylalo after changes constitutes acceptance of the revised policy.

Contact

For privacy-related questions or requests, contact us at support@paylalo.com.

AI Facial Recognition & GPS DTR. Audit-Ready Payroll for Philippine Businesses

Product

Company

Legal

© 2026 Paylalo Philippines, Inc. All rights reserved. | FaceSense® AI • LiveSync® • Payroll Automation