Back to Home

Session & Tracking Policy

Last updated: January 1, 2026

Session Management

We use secure session management to protect your account:

  • Sessions expire after 30 minutes of inactivity
  • Automatic logout on browser close (optional)
  • Single active session per user (concurrent logins disabled)
  • Secure session tokens with HTTP-only cookies
  • Session data encrypted and stored securely

Cookies & Local Storage

We use cookies and local storage for:

  • Authentication cookies: To keep you logged in securely
  • Preference cookies: To remember your theme and language settings
  • Local storage: To cache user data and improve performance
  • Session storage: For temporary data during your session

We do not use third-party tracking cookies or advertising cookies.

Location Tracking

Location data is collected for attendance verification:

  • Location access requested only during attendance marking
  • GPS coordinates verified against office location
  • Location data stored with attendance records
  • No continuous background location tracking
  • Location data retained as per attendance record retention policy

Activity Logging

We log certain activities for security and audit purposes:

  • Login and logout timestamps
  • Attendance marking events
  • Leave request submissions and approvals
  • Document uploads and downloads
  • Failed login attempts
  • Password changes and security events

What We Track

Information tracked includes:

  • IP address and device information
  • Browser type and version
  • Operating system
  • Pages visited and time spent
  • Actions performed within the portal

This data is used solely for security, troubleshooting, and improving user experience.

Your Control

You have control over your data:

  • Clear browser cookies and cache anytime
  • Revoke location permissions in browser settings
  • Request deletion of activity logs (subject to legal requirements)
  • View your session history in account settings
  • Manually logout from all devices

Data Retention

Session and tracking data retention periods:

  • Active session data: Until logout or expiration
  • Activity logs: 90 days
  • Attendance location data: 7 years (legal requirement)
  • Security logs: 1 year

Questions?

For questions about session and tracking policies, contact:

hr@zyvachime.com