1. Overview & Scope
WaveX Connect Pvt. Ltd. ("WaveX", "we", "us", or "our") is dedicated to protecting the confidentiality, security, and integrity of your corporate and personal data. This charter describes our data processing activities, storage methodologies, and security protocols deployed within our Unified Enterprise Authentication Gateway and workforce suite.
By accessing this portal or installing the mobile workforce application, you acknowledge and consent to the data collection and operational safety guidelines documented herein.
2. Telemetry & Data We Collect
To verify identities, prevent unauthorized entry, and automate workforce scheduling, WaveX Connect registers the following datasets:
- Corporate Credentials: Unique Employee Identification Keys, password hashes, and active session tags.
- Geographic Coordinates: Precise GPS coordinates are queried exclusively when checking in or out of workspaces to validate site presence.
- Biometric Check-in Templates: Encrypted facial validation matrices and secure QR codes. Biometric templates are stored locally on your device or fully encrypted during transit.
- Log Telemetry: IP addresses, browser agents, access times, and system actions recorded inside audit logs.
3. Geofenced Controls
Our application utilizes advanced geofencing boundaries. Operations like attendance clock-ins, payroll adjustments, task submissions, and expense reports are geolocated:
- Location coordinates are verified against the perimeter coordinates of your assigned projects.
- Continuous background location monitoring is never performed. Location lookups are triggered only when you perform transactional actions.
- Restricting actions to active worksites protects the enterprise from time-card fraud and unauthorized remote exploits.
4. Enterprise Data Shielding
We protect your portal data through a multi-tiered security system:
- Payload Encryption: All traffic between client terminals and central database engines is forced through standard SSL/TLS encryption protocols.
- CSRF Protections: Cryptographic CSRF tokens validate all submission forms to shield inputs against cross-site request forgery.
- Account Lockouts: Five consecutive failed login keys trigger a automatic 30-minute block to prevent brute-force attacks.
- Anti-Inspection Shield: Client-side console monitoring, copy/paste restrictions, and shortcut blocks prevent unauthorized scripts and scrapers.
5. Retention & User Rights
Data retention is structured around operational safety and regulatory compliance:
- Audit Logs: Authentication logs, system errors, and security events are archived for compliance verification.
- Profile Archives: Onboarding files and documents are archived securely and are accessible only to authenticated HR Managers and System Administrators.
- User Rights: You may request profile audits and data corrections through your On-Site Supervisor or by filing a ticket with the central HR Management team.