PHELTIX

Legal & trust

DPA Summary

This page summarizes the main data-processing terms PHELTIX expects to include in a Data Processing Addendum (“DPA”) for customer deployments. It is a public summary, not the full signed DPA.

For employee attendance data, the customer organization normally acts as the controller and PHELTIX normally acts as the processor or service provider.

Last reviewed: 11 June 2026

Trust notes

Customer as controller
PHELTIX as processor
Signed DPA available

1. Processing scope

  • Account, employee, role, organization, and device-binding data.
  • Attendance punches, timestamps, locations/sites, and audit metadata.
  • GPS/geofence validation data and optional BLE/iBeacon validation data.
  • Optional selfie verification data where enabled by the customer, with selfie images retained for 90 days by default unless otherwise agreed in writing.
  • Support, diagnostic, security, and operational logs.

2. Customer instructions

PHELTIX processes customer data to provide, secure, support, troubleshoot, maintain, and improve the services; to perform billing and account administration; and to comply with legal obligations or customer instructions documented in the agreement.

3. Security measures

  • Organization-level separation and role-aware access controls.
  • Authentication-backed access for dashboard and mobile users.
  • Audit-oriented logging for important platform events.
  • Server-side validation for critical attendance operations.
  • Controlled support and super-admin access for legitimate operational needs.

4. Subprocessors

PHELTIX may use trusted subprocessors for infrastructure, authentication, service delivery, operational communications, support, security, and optional intelligence features. The public summary is available on the Subprocessors page.

5. Deletion and return of data

At termination or upon authorized request, PHELTIX will support deletion, export, or access removal for customer data, subject to technical limits and legitimate retention needs. See the Data Deletion & Retention Policy.

6. DPA requests

To request the latest DPA template and security pack, email support@pheltix.com.