Security

• Organization isolation: customer data is scoped by organization.
• Least privilege: users only receive the access required for their role.
• Auditability: attendance, corrections, exports, and admin actions are designed to be reviewable.
• Secure rollout: Starter uses GPS geofencing, device binding, random selfie audits, and offline punch sync; Pro adds BLE/iBeacon proof of presence.

• Authentication-backed dashboard and mobile access.
• Role-aware permissions for owner, admin, manager, and employee users.
• Employee users should not access administrative controls.
• Device binding helps reduce account sharing and buddy punching.
• Backend access controls and validation are used to reduce cross-tenant access risk.

Authorized PHELTIX personnel may access customer data only where necessary to provide, support, secure, troubleshoot, maintain, or improve the services; respond to support requests; investigate abuse or security incidents; comply with legal obligations; or manage billing and account administration.

Super-admin access is not for casual browsing. Access should be restricted, reviewed, and used only for legitimate operational purposes.

• GPS geofence validation for location-based punch checks.
• GPS degraded-mode review where GPS signals are unreliable or inconsistent.
• Optional random selfie audits where enabled by the customer.
• Pro BLE/iBeacon validation for stronger proof of presence.
• Offline punch queueing with later sync when the device reconnects.

• Role and organization-scoped access patterns.
• Security-focused access controls and backend validation.
• Audit-oriented event logging for important operational changes.
• Controlled support access for troubleshooting and client assistance.
• Subprocessor review through the public Subprocessors page.

Report suspected vulnerabilities, unauthorized access, or security concerns to support@pheltix.com. Please do not include unnecessary employee personal data in security reports.