PunchIn AI
Privacy Policy
Privacy Policy · Last updated: March 26, 2026
com.Shahawi.punchai) available on Android and iOS. By using the
app, you agree to the practices described below. If you do not agree, please do not
use the app.
1. Who We Are
PunchIn AI is developed by Shahawi Apps. For privacy-related inquiries, contact us at: privacy@shahawiapps.com
2. Information We Collect
2.1 Data You Provide Directly
2.2 Data Collected Automatically
2.3 Optional Cloud Features (requires Google Sign-In)
drive.file scope, which means the app
can only access files it created — it cannot read or modify any other files on your
Drive. Backup files remain on your Google Drive and are not stored on our servers.
3. AI Features & Data Sent to Our Server
PunchIn AI includes optional AI-powered features (Smart Insights, Anomaly Detection, Schedule Suggestions, Chat Assistant). These features send a portion of your local attendance data to our AI backend server at https://attend.shahawiapps.com for processing.
What is sent to the AI server:
- Your attendance record dates (e.g., "Saturday 1 March 2025")
- Check-in and check-out times (e.g., "08:30", "17:00")
- Daily total hours (e.g., "08:30")
- Optional notes (only if you attached them to a record)
- Your preferred language (Arabic or English) for localised responses
- A Firebase authentication token (if signed in) to validate requests
What is NOT sent to the AI server:
- Your real name, email, or phone number
- Your device's contacts, location, camera, or microphone data
- Any financial information
The AI backend uses HuggingFace Inference to process requests using open-source language models. Your attendance data is sent over HTTPS to HuggingFace's servers for processing and is not stored permanently. Your data is not shared with any other third-party AI provider such as OpenAI or Google.
4. Permissions Requested
5. Advertising (Google AdMob)
PunchIn AI displays banner advertisements and rewarded video advertisements provided by Google AdMob. AdMob may collect and use data to serve personalised ads based on your interests, including a device advertising ID. You can opt out of personalised ads at any time through your device settings:
- Android: Settings → Google → Ads → Opt out of Ads Personalisation
- iOS: Settings → Privacy → Apple Advertising → Personalised Ads (off)
AdMob's data practices are governed by Google's Privacy Policy: https://policies.google.com/privacy.
6. Data Storage & Security
- Local data (attendance records, notes, monthly totals) is stored in an SQLite database within the app's private storage — inaccessible to other apps without root access.
- Cloud data (Google Drive backups) is stored on your own Google Drive account under your control. Firebase Realtime Database is used for optional cloud features and is protected by Firebase Security Rules requiring authentication.
- AI requests are transmitted over HTTPS (TLS 1.2+) to our server. No attendance data is retained on the server after the response is returned.
- We do not sell, rent, or share your personal data with third parties for marketing purposes.
7. Data Retention
- Local attendance data is retained until you delete it manually within the app or uninstall the application.
- Google Drive backups are retained on your own Google Drive until you delete them manually from the app or from Google Drive directly.
- Analytics and crash reports are retained by Google as per their own retention policies (typically 14 months for Analytics).
- AI request data is not retained after the request completes.
8. Children's Privacy
PunchIn AI is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided personal information through our app, please contact us and we will delete it promptly.
9. Account Deletion
You can delete your account and associated cloud data at any time:
- In-app: Tap the ⋮ menu on any screen → "Delete Account" → confirm. Your Firebase account and all cloud data are deleted immediately.
- Web: Visit our account deletion page to submit a deletion request. Requests are processed within 72 hours.
Account deletion removes your Firebase authentication profile, AI analysis history, and any cloud-synced data. Your local attendance data and Google Drive backups are not affected — they remain on your device and your personal Google Drive respectively.
10. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you
- Request correction or deletion of your data
- Withdraw consent for optional cloud features at any time by signing out
- Export your local attendance data using the built-in Excel export feature
- Delete all your data by clearing app data or uninstalling the app
To exercise these rights or to request deletion of your cloud data, contact: privacy@shahawiapps.com
11. Third-Party Services
The app integrates the following third-party services, each governed by their own privacy policy:
- Google Firebase — Authentication, Realtime Database, Analytics, Crashlytics
- Google AdMob — Advertising
- Google Sign-In — Optional authentication
- Google Drive API — Optional cloud backup (drive.file scope only)
- HuggingFace — AI inference processing
12. Changes to This Policy
We may update this Privacy Policy from time to time. The updated policy will be posted at this URL with a revised "Last updated" date. Continued use of the app after changes constitutes acceptance of the updated policy.
13. Contact Us
For any questions, concerns, or data requests regarding this Privacy Policy: