Privacy Policy

Last updated: February 11, 2026

Thamming Co., Ltd. ("we", "us", or "our") operates the Humix mobile application (the "App"). This Privacy Policy explains how we collect, use, and protect your personal information when you use the App.

1. Information We Collect

We may collect the following types of information:

• Account Information: Name, email address, phone number, and employee ID provided during registration or by your organization's administrator.
• Location Data: GPS location data when you use clock-in/clock-out features, with your permission.
• Camera and Photos: Selfie photographs captured during clock-in/clock-out for attendance verification, with your permission. See Section 2 for details on face data.
• Device Information: Device model, operating system version, and unique device identifiers for authentication and security purposes.
• Usage Data: App interaction data to improve our services.

2. Face Data Collection, Use, and Retention

The App uses the device camera to capture a selfie photograph during clock-in/clock-out. The following explains how face data is handled:

• What we collect: The App captures a selfie photograph (JPEG image) only. Face detection is performed entirely on your device using Google ML Kit to confirm that a face is present in the photo (a simple yes/no check). The App does NOT collect, extract, or store any biometric identifiers such as face embeddings, facial geometry, facial landmarks, contours, or faceprints.
• How we use it: The selfie photo is used solely as visual proof of attendance for clock-in/clock-out records. On-device face detection ensures a real person is present when recording attendance (liveness check). No face comparison, face matching, or facial identity verification is performed, either on the device or on the server.
• No training or profiling: The collected selfie photos are NOT used for training any machine learning models, facial recognition systems, or AI algorithms. They are NOT used for user profiling or any purpose other than attendance verification.
• Where it is stored: Selfie photos are uploaded to your organization's secure server as part of attendance records. On-device face detection data is processed in real-time and immediately discarded after the presence check — it is never stored or transmitted.
• Third-party sharing: Selfie photos are shared only with your employing organization through the Humix platform. No face data or selfie photos are shared with any other third parties for any purpose. Google ML Kit runs entirely on-device and does not send any image or face data to Google's servers.
• Retention: Selfie photos are retained as part of attendance records for as long as your employee account is active or as required by your organization's record-keeping policies. When your account is deactivated, selfie photos will be deleted along with other personal data within a reasonable period, unless retention is required by applicable labor laws or regulations.

3. How We Use Your Information

We use the collected information to:

• Provide and maintain the App's HR management features (attendance tracking, leave management, scheduling).
• Verify attendance during clock-in/clock-out using selfie photos with on-device face detection (see Section 2 for details).
• Verify your location for attendance purposes.
• Send notifications about schedules, approvals, and important updates.
• Improve and optimize the App's performance and user experience.

4. Data Sharing

We do not sell your personal information. We may share your data with:

• Your Organization: Your employer/organization that uses Humix as their HR management platform, including selfie photos as part of attendance records.
• Service Providers: Third-party services that help us operate the App (e.g., cloud hosting, analytics). Note: selfie photos and face data are NOT shared with these providers.
• Legal Requirements: When required by law or to protect our legal rights.

5. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including encryption of data in transit and at rest. Selfie photos are transmitted over encrypted connections (HTTPS/TLS) and stored securely on the server.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide services. Selfie photos used for attendance verification are retained as part of employment records. When your account is deactivated, we will delete or anonymize your data, including selfie photos, within a reasonable period, unless retention is required by law.

7. Your Rights

You have the right to:

• Access your personal data, including any selfie photos stored as attendance records.
• Request correction of inaccurate data.
• Request deletion of your data, including selfie photos.
• Withdraw consent for data collection (e.g., location, camera).

8. Children's Privacy

The App is not intended for use by children under 13 years of age. We do not knowingly collect personal information from children under 13.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date.

10. Contact Us

If you have any questions about this Privacy Policy, please contact us at:

• Email: support@thamming.com
• Company: Thamming Co., Ltd.