Orbit

How Chughtai Lab collects, uses, and protects personal data through the Orbit mobile app, distributed under two Android applicationIds: com.chughtailab.orbitapp (Google Play) and com.chughtailab.orbitapp.sideload (EC2-hosted APK). Both are the same app and follow this policy identically.

Effective date: 26 May 2026

1.About this app

Orbit is an internal employee app used exclusively by staff of Chughtai Lab. It is not a public consumer app — accounts are created and managed by HR, and you cannot sign up from inside the app. Employees use it to:

Mark daily check-in and check-out (manually or automatically via geofencing)
View personal attendance, leave balance, payslips, and HR letters
Apply for leave, loans, work-from-home, outdoor duty, and other workflow requests
Receive HR notifications and announcements

2.Data controller

Chughtai Lab is the data controller for personal data processed through this app. For any privacy question or request, contact:

Email: arslan.10530@cll.edu.pk

3.What data we collect (and why)

We collect only the data the app needs to perform its HR and attendance functions. The categories below match the Google Play Data Safety form.

3.1 Personal info

Data	Purpose	Required
Name	Identification on payslips, letters, and attendance	Required
Employee ID	Authenticate against HR records	Required
Department, designation, grade, employee type	Drive HR workflows (leave entitlements, approvals, payroll)	Required
Date of birth, gender, religion	Compute holiday entitlements and statutory benefits	Required (held by HR)
Profile photo	Visual identification on profile screens	Optional

3.2 Financial info

Data	Purpose	Required
Bank account number, IBAN, bank name	Salary disbursement	Required for payroll
Payroll history (gross, deductions, net, tax)	Payslip display and statutory record-keeping	Required
Loan balances and repayment schedule	Loan management module	Only if you apply for a loan

3.3 Location

Location is the most sensitive data we collect, so we want to be explicit:

Data	Purpose	Required
Precise location (foreground)	Verify that a MANUAL check-in / check-out happens at an authorised office site. Captured only at the moment you tap the check-in button.	Required for manual punches
Precise location (background)	Automatic check-in / check-out via geofencing — the app detects when you enter or leave an assigned office radius and writes the attendance row for you.	Optional. Only collected if you enable auto-attendance and grant "Allow all the time" location permission.

We do not track your location continuously when you are outside an assigned office geofence. The Android OS only wakes the app when you cross the boundary of an office site that HR has configured for you. The app does not access, store, or transmit your location while you are at home or any other private location.

Location data is used solely for the attendance purpose above. It is never sold, shared with advertisers, or used for any non-HR purpose.

3.4 Device and other IDs

Data	Purpose	Required
Device model, manufacturer, Android version	OEM-specific battery / background-restriction guidance; debugging	Required
App installation identifier	Bind your account to a single approved phone so a stolen credential cannot punch from another device. This is a UUID generated by us — it is NOT the Android Advertising ID, IMEI, or any system-wide identifier.	Required

3.5 App activity

Data	Purpose	Required
Crash logs (via Sentry)	Diagnose and fix bugs	Required for stability
Notification interactions	HR can see which announcements have been read	Required
Feature usage / screen views	Improve the app	Required

Sensitive fields (auth headers, request bodies) are scrubbed before any crash report leaves the device.

3.6 Files and media (optional)

Data	Purpose	Required
Files you explicitly pick (e.g., leave-supporting documents)	Forward to HR with the request	Optional

We use Android's system file picker. We do not scan or index your photo library, camera roll, contacts, calendar, or any media you do not explicitly select.

3.7 Data we do NOT collect

Contacts
SMS or call logs
Microphone audio
Camera content (other than files you explicitly pick)
Web-browsing history
Health or fitness data
Other apps installed on your phone
Calendar entries

4.How we use your data

We use your data only for purposes related to your employment at Chughtai Lab:

Verify your identity when you log in.
Record attendance accurately and prevent attendance fraud.
Compute leave balances, deductions, payroll, taxes, and other statutory items.
Route approval workflows (leave, loans, outdoor duty, etc.) to the correct supervisor / HR officer.
Send HR notifications (new payslip, leave approved, urgent announcement).
Improve app stability via crash reports and performance metrics.
Comply with Pakistan labour, tax, and statutory record-keeping requirements.

We do NOT:

Sell your data to third parties.
Use your data for behavioural advertising.
Profile you outside of HR-related decisions you are notified about (e.g., probation outcomes, leave approvals).

5.Sharing with third parties

Your data is shared only with the recipients below — never with marketers, social networks, or analytics brokers.

Recipient	Data shared	Reason
Your supervisor and HR	Attendance, leave, loan, and request data	Standard employer-employee disclosure for approvals
Your bank	Name, IBAN, salary amount	Salary disbursement
Pakistan FBR (tax authority)	Statutory salary and tax reports	Legal obligation
EOBI / provident-fund administrators	Contribution and identification data	Legal obligation
Sentry (crash-reporting processor)	Crash stack traces, device model, app version. PII and auth headers are scrubbed before send.	Diagnose app crashes
Google Firebase Cloud Messaging (FCM)	A device-specific push-notification token (FCM token) and the notification payload. The token cannot be used to identify you outside this app. We do not send any other personal data through FCM.	Deliver HR notifications (payslip ready, leave approved, device-change decisions) even when the app is closed
Open-Meteo (weather provider)	Latitude/longitude rounded to 2 decimal places (~1 km precision). No personal identifier.	Display weather on the home screen
AWS (Amazon Web Services)	All HRMS data, encrypted at rest. Hosted in the United States (N. Virginia region).	Backend hosting
Pakistani courts and regulators	Only if compelled by a valid legal order	Legal obligation

6.Security

All network traffic between the app and our servers is encrypted with HTTPS (TLS 1.2+).
Passwords are stored hashed with bcrypt (10 salt rounds). The app never stores your password locally.
The authentication token issued at login is stored in the app's local encrypted storage (Hive box). It expires after 12 hours.
The backend database is encrypted at rest by AWS.
Access to the database is restricted to a small set of HR-authorised admin accounts.
Payslips and PDF documents are streamed from the backend on each view — they are not cached on the device.
Login endpoints are rate-limited to prevent brute-force attacks.

If we become aware of a personal-data breach that is likely to result in a risk to you, we will notify you and the relevant regulator without undue delay, in line with applicable law.

7.Data retention

We retain your data for as long as you are an employee of Chughtai Lab plus the periods required by law:

Attendance, payroll, and tax records: 6 years after your separation date (FBR requirement)
Letters and personnel records: 7 years after separation
Approved leave records: 6 years after separation
Crash and performance logs (Sentry): 90 days
Authentication tokens: cleared on logout or after 12 hours, whichever is sooner

When you leave the company, HR initiates a Final Settlement and your portal access is automatically locked. Personal data is then retained only for the statutory periods above.

8.Your rights

You can at any time:

Access your data — the app already exposes your full profile, attendance history, payslips, letters, and request history under "Profile" and the relevant menus.
Correct mistakes — contact HR; corrections are propagated automatically and a full audit trail is maintained.
Request deletion of data that is not required by law — submit a request to HR. Statutory records (payroll, tax, attendance for the retention windows above) cannot be deleted while their retention period is active.
Withdraw consent for optional features:
- Turn off background location at any time in Android Settings → Apps → Orbit → Permissions. Automatic geofence attendance will stop; manual check-in continues to work (uses foreground location only at the moment of the tap).
- Revoke notification permission in Android Settings → Apps → Orbit → Notifications.
Object to a specific use of your data — contact HR. We respond within 30 days.
Lodge a complaint with a data-protection regulator.

9.Children's privacy

Orbit is an employee-only app and is not designed for or directed at children under 18. We do not knowingly collect data from anyone under 18.

10.Android permissions used

The app requests the following Android permissions. Each is used only for the stated purpose.

Permission	Why we ask for it
ACCESS_FINE_LOCATION	Verify the check-in / check-out happens at an authorised office. Used at the moment you tap the button.
ACCESS_BACKGROUND_LOCATION	Optional. Only requested if you opt in to automatic geofence attendance. Lets the app punch you in/out as you enter / leave an assigned office radius.
FOREGROUND_SERVICE / FOREGROUND_SERVICE_LOCATION	Keep the geofence monitor alive when the app is in the background, so a punch is never missed.
POST_NOTIFICATIONS	Show HR notifications (payslip ready, leave approved, urgent announcement) on the system tray.
INTERNET	Communicate with the Orbit backend.
ACCESS_NETWORK_STATE	Detect offline status so punches can be queued and synced on reconnect.
WAKE_LOCK	Brief wake during geofence transitions so an entry / exit is not dropped.
REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	Allow the foreground service to run reliably on aggressive OEMs (Xiaomi, Infinix, Samsung). User-granted only — never set silently.

11.Changes to this policy

If we change this policy materially (e.g., a new data type is collected, a new third-party processor is added), we will notify you in-app and update the "Effective date" at the top of this page. The latest version is always available at https://orbit.chughtailab.com/privacy.

12.Contact us

For any privacy question, request, or complaint:

Email: arslan.10530@cll.edu.pk