Privacy Policy
Last Updated: 25 May 2026
1. Introduction
This Privacy Policy explains how Eflexoft Solutions Sdn. Bhd. (Company No. 830975-A) ("we", "us", or "our") collects, uses, discloses, and protects information when you use the EHRM mobile and web application (the "App"). EHRM is a human resource management application that enables employers and employees to manage attendance, leave, payroll-related records, communications, and other HR workflows.
By installing, accessing, or using the App, you acknowledge that you have read and understood this Privacy Policy and consent to the collection and processing of your information as described below. If you do not agree, please discontinue use of the App.
2. Information We Collect
2.1 Information You Provide
- Account information: full name, email address, phone number, employee ID, profile photo, job title, department, and organization details provided by you or your employer.
- Authentication credentials: password (stored in encrypted form via Firebase Authentication), Google or Apple sign-in identifiers when you choose those sign-in options.
- HR records: attendance check-ins, leave applications, claims, documents, payroll-related forms, performance entries, training records, and other content you submit through the App.
- User-generated content: photos, files, voice notes, audio recordings, comments, and messages that you upload or send through the App.
- Support communications: information you share when you contact us for assistance.
2.2 Information Collected Automatically
- Device and technical data: device model, operating system version, unique device identifiers, language settings, time zone, app version, crash logs, and performance diagnostics.
- Usage data: features accessed, screens viewed, session duration, in-app events, and interaction patterns collected via Firebase Performance Monitoring and analytics tools.
- Log data: IP address, access times, and error reports.
- Push notification tokens: Firebase Cloud Messaging tokens used to deliver notifications to your device.
2.3 Permissions and Sensitive Data
The App requests the following device permissions to deliver its features. You can review or revoke these permissions at any time through your device settings.
| Permission / Data | Purpose |
|---|---|
| Precise & Approximate Location | Used to verify your location during attendance check-in/check-out, geofenced clock-in, site visits, and to record the location at which an HR action was performed. Location is collected only while you are using the relevant feature. |
| Camera | Used to capture profile photos, attendance selfies, scan documents/QR codes, and attach images to HR submissions such as claims and reports. |
| Microphone & Audio Recording | Used when you record voice notes, dictate text via speech-to-text, or use in-app audio features. |
| Photos / Media / Files (Storage) | Used to upload attachments (e.g., medical certificates, receipts, documents) and to download or save files you generate within the App (e.g., payslips, PDF reports). |
| Notifications | Used to deliver approvals, reminders, announcements, messages, and other HR-related alerts. |
| Internet / Network | Required to communicate with our backend services, sync your data, and deliver real-time features. |
| App Tracking Transparency (iOS) | On iOS, we request your permission before using any identifier for advertising or cross-app tracking purposes. You may decline without losing core functionality. |
3. How We Use Your Information
We process your information for the following purposes:
- To create and authenticate your account and verify your identity.
- To provide, operate, and maintain HR features such as attendance, leave, claims, payroll views, performance, training, and internal communications.
- To validate location-based attendance and ensure HR records are accurate.
- To send transactional notifications, approvals, reminders, and announcements.
- To respond to your requests, provide customer support, and resolve technical issues.
- To monitor and improve the performance, stability, and security of the App.
- To detect, investigate, and prevent fraud, abuse, or unauthorized access.
- To comply with applicable laws, regulations, and lawful requests from authorities.
4. Legal Basis for Processing
We process your personal data on the basis of (a) your consent, (b) the performance of a contract between you (or your employer) and us, (c) compliance with legal obligations, and (d) our legitimate interests in operating, securing, and improving the App.
5. How We Share Information
We do not sell your personal data. We share information only in the following circumstances:
- With your employer / organization: EHRM is provided to employees on behalf of their employer. HR records, attendance, leave, claims, and similar data are accessible to authorized administrators within your organization.
- With service providers: trusted third parties that help us operate the App, including:
- Google Firebase (Authentication, Cloud Firestore, Cloud Functions, Cloud Storage, Cloud Messaging, App Check, Performance Monitoring, Remote Config, Vertex AI) — Google LLC.
- Google Maps Platform — for map rendering, geocoding, and place lookups.
- Apple Sign-In — when you use Sign in with Apple.
- Algolia — for in-app search indexing.
- Cloud hosting and content delivery providers used by Google/Firebase.
- For legal compliance: when required by law, regulation, court order, or government request, or to protect rights, safety, or property.
- Business transfers: in connection with a merger, acquisition, restructuring, or sale of assets, subject to confidentiality protections.
- With your consent: in any other case where you have authorized the disclosure.
6. International Data Transfers
Some of our service providers (such as Google Firebase) may process your data on servers located outside Malaysia. Where such transfers occur, we rely on the contractual and security safeguards provided by these vendors to ensure your data continues to be protected to a standard comparable to that of the Personal Data Protection Act 2010 (PDPA).
7. Data Retention
We retain your personal data for as long as your account is active and for as long as needed to provide the services, comply with our legal obligations, resolve disputes, and enforce our agreements. HR records may be retained by your employer in accordance with applicable employment, tax, and statutory record- keeping laws. When data is no longer required, it is deleted or anonymized.
You or your employer (whichever holds account ownership) may request deletion of your account and associated data by contacting us at the email below.
8. Account & Data Deletion
To request deletion of your account or your personal data, please email [email protected] with the subject "EHRM Account Deletion" and include your registered email and organization name. We will process verified requests within a reasonable timeframe, subject to any records your employer is legally required to retain.
9. Security
We implement industry-standard administrative, technical, and physical safeguards to protect your information, including:
- Encrypted transport (HTTPS / TLS) for all data in transit.
- Encryption at rest provided by Google Firebase infrastructure.
- Firebase App Check and authentication-based access controls.
- Role-based access within organizations and least-privilege internal access for our staff.
- Secure on-device storage using platform keystores (Flutter Secure Storage).
Despite our efforts, no method of transmission or storage is completely secure. You are responsible for keeping your login credentials confidential.
10. Your Rights
Subject to the Personal Data Protection Act 2010 (Malaysia) and other applicable laws, you have the right to:
- Access the personal data we hold about you.
- Request correction of inaccurate or incomplete data.
- Withdraw consent for processing where consent is the legal basis.
- Request deletion of your data, subject to legal and contractual retention requirements.
- Object to, or restrict, certain processing activities.
- Lodge a complaint with the relevant data protection authority.
To exercise any of these rights, please contact us at [email protected].
11. Children's Privacy
The App is intended for use by employees, contractors, and authorized personnel of organizations using EHRM. It is not directed at children under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal information, please contact us so we can remove it.
12. Third-Party Links and Services
The App may contain links to or integrations with third-party services. We are not responsible for the privacy practices or content of such third parties. We encourage you to review their privacy policies before providing any information.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the features of the App. When we do, we will revise the "Last Updated" date above and, where appropriate, notify you within the App. Your continued use of the App after the changes take effect constitutes acceptance of the updated Policy.
14. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact:
Eflexoft Solutions Sdn. Bhd. (Company No. 830975-A)
Email: [email protected]
Website: www.eflexoft.com