Dashboard



Privacy Policy for Employee Quest

Effective date: 7 February 2025 | Last updated: 6 April 2026

Introduction

Employee Quest ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile applications on Android and iOS, our web services, and related features (collectively, the "Service").

Please note: Employee Quest is currently only available and published in South Africa. This Privacy Policy is designed to comply with South African data protection laws, including the Protection of Personal Information Act (POPIA), Act 4 of 2013.

By using our Service, you agree to the collection and use of information in accordance with this policy.

Information we collect

Personal information

We collect information that you provide directly to us, including:

  • Account information: Email address, username, name, and profile picture
  • Company information: Company name, company ID, and role within the company
  • Authentication data: Information provided when you sign in using Google Sign-In
  • Profile images: Photos you upload for your profile picture

Location information and its usage

Employee Quest is available on Android and iOS. This section applies to location use on both platforms unless stated otherwise.

When we use location

  1. On Android and iOS, when you perform a check-in, we use your device's location to verify you are at the chosen company location.
  2. On Android only, if you allow "always" or background location, we may use location while the app is in the background only to detect when you are near a company location and to show you a local "You're nearby" notification. On iOS, we do not use background location for this purpose; location is used when the app is in use (e.g. for check-in and maps).

What we store

  • Check-in records sent to our servers include the name and ID of the location where you checked in, plus time, type, points, and notes.
  • We do not store or upload a continuous history of your GPS coordinates on our servers.
  • Location coordinates may be kept only on your device (e.g. for offline use).

Other location-related data

  • Address information: Business addresses and location details may be obtained through Google Places API for maps and place search.
  • Maps and places (Android and iOS): Google Maps and Google Places are used on both platforms for maps, pins, and address search/autocomplete.

Control

  • You can restrict or disable location in your device settings (Android or iOS). Limiting or disabling location may prevent check-in and proximity features from working.

Usage and activity data

We automatically collect certain information about your use of the Service:

  • Check-in data: Records of when and where you check in (location name and ID, not GPS coordinates)
  • Visit history: Information about locations you visit (as above)
  • Expense records: Expense submissions and related documentation
  • Achievement data: Points, badges, and achievements earned
  • Team information: Team memberships and team-related activities
  • Messages: Company messages and communications sent through the app
  • Issue logs: Reports and feedback you submit

We may also review company workspace activity signals, such as check-ins, expenses, issue logs, quest progress, messages, and certain admin changes, to determine whether a company account has become inactive.

Device information

We collect information about your device, including:

  • Device type: Mobile device model and operating system (Android or iOS)
  • Device identifiers: Unique device identifiers
  • App version: Version of the Employee Quest app you are using
  • Technical data: IP address, browser type (where applicable), and other technical information

Analytics data

We use Firebase Analytics to collect:

  • App usage statistics: How you interact with the app
  • Feature usage: Which features you use most frequently
  • Performance data: App performance metrics
  • Crash and error data: We use Firebase Crashlytics to collect crash reports and non-fatal errors (e.g. stack traces, device model, OS version) to fix bugs and improve stability. This data is not used to identify you personally.

How we use your information

We use the information we collect to:

  1. Provide and maintain the service: Deliver employee tracking, check-in, and management features on Android and iOS (and web where applicable)
  2. Authenticate users: Verify your identity and manage account access
  3. Verify check-ins: Use location to verify you are at a company location when you check in; on Android only, use background location only on your device to show "You're nearby" notifications
  4. Process check-ins: Record and manage employee check-ins at designated locations
  5. Manage expenses: Process and track expense submissions
  6. Gamification features: Calculate points, award badges, and track achievements
  7. Team management: Facilitate team collaboration and communication
  8. Send notifications: Deliver push notifications about important updates, messages, and reminders
  9. Improve the service: Analyse usage patterns to enhance app functionality
  10. Customer support: Respond to your inquiries and provide technical support
  11. Compliance: Comply with legal obligations and enforce our terms of service

Legal basis for processing (POPIA compliance)

Under South Africa's Protection of Personal Information Act (POPIA), we process your personal information based on:

  • Consent: Your explicit consent to use the Service
  • Contractual necessity: Processing necessary to provide the Service you have requested
  • Legitimate business interests: To improve our Service and ensure security
  • Legal obligations: To comply with applicable South African laws

Third-party services

We use the following third-party services that may collect information:

Google services

  • Google Sign-In: For user authentication
  • Google Maps API: For location services, mapping, and place search (Android and iOS)
  • Google Places API: For location autocomplete and business information
  • Google Mobile Ads: For displaying advertisements. These ads may collect device and usage data in accordance with Google's advertising policies. You can manage ad preferences in your device settings or via Google's settings.

Firebase services

  • Firebase authentication: User authentication
  • Cloud Firestore: Database storage
  • Firebase Storage: File and image storage
  • Firebase Analytics: Usage analytics
  • Firebase Cloud Messaging: Push notifications
  • Firebase App Check: Security and fraud prevention
  • Firebase Crashlytics: Crash and error reporting to help us fix bugs and improve app stability. Crashlytics may receive data such as device model, OS version, and stack traces; it is not used to identify you personally.

These services have their own privacy policies governing the collection and use of your information. We encourage you to review their privacy policies:

Data transfers: Some of these services may process your data outside of South Africa. We ensure that appropriate safeguards are in place to protect your information in accordance with POPIA requirements.

Data storage and security

Data storage

Your information is stored securely using:

  • Firebase Cloud Firestore: Encrypted database storage
  • Firebase Storage: Secure file storage for images and documents
  • Local device storage: Some data may be cached locally on your device (Android or iOS) for offline functionality

Security measures

We implement appropriate technical and organisational security measures to protect your information, including:

  • Encryption of data in transit and at rest
  • Secure authentication mechanisms
  • Regular security audits and updates
  • Access controls and authentication requirements
  • Compliance with POPIA security requirements

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

Data sharing and disclosure

We do not sell your personal information. We may share your information in the following circumstances:

  1. With your company: Your employer and authorised company administrators can access your check-in, location (as in location name/ID), and activity data as part of the employee tracking service
  2. Service providers: We may share information with third-party service providers who perform services on our behalf (e.g. hosting, analytics, customer support), subject to appropriate confidentiality agreements
  3. Legal requirements: We may disclose information if required by South African law or in response to valid legal requests from South African authorities
  4. Business transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred, subject to this Privacy Policy
  5. With your consent: We may share information with your explicit consent

Your rights under POPIA

As a data subject under South Africa's Protection of Personal Information Act (POPIA), you have the following rights:

  • Right of access: Request access to your personal information we hold
  • Right to correction: Request correction of inaccurate, irrelevant, excessive, out of date, incomplete, misleading, or unlawfully obtained information
  • Right to deletion: Request deletion of your personal information (subject to legal retention requirements)
  • Right to object: Object to the processing of your personal information in certain circumstances
  • Right to complain: Lodge a complaint with the Information Regulator of South Africa

To exercise these rights, please contact us using the information provided in the "Contact us" section below. We will respond to your request within a reasonable timeframe and in accordance with POPIA requirements.

Location services

You can control location sharing through your device settings (Android or iOS). However, disabling location services may limit the functionality of the app, as location is used to verify check-ins and, on Android, for optional "You're nearby" notifications.

Push notifications

You can manage push notification preferences through your device settings or within the app settings.

Information regulator

If you have concerns about how we handle your personal information, you have the right to lodge a complaint with the Information Regulator of South Africa:

Information Regulator (South Africa)
33 Hoofd Street, Forum III, 3rd Floor, Braampark, Braamfontein, Johannesburg
Tel: 012 406 4818
Email: inforeg@justice.gov.za
Website: https://www.justice.gov.za/inforeg/

Children's privacy

Our Service is not intended for children under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

Data retention

We retain your personal information for as long as necessary to:

  • Provide the Service to you
  • Comply with legal obligations under South African law
  • Resolve disputes
  • Enforce our agreements

When you delete your account, we will delete or anonymise your personal information in accordance with POPIA requirements, except where we are required to retain it for legal purposes. We also retain data for as long as your employer requires for work-related tracking. If you leave your company, your data may be deleted or anonymised as per the employer's policy.

If a company shows no detected activity for 30 consecutive days, we may email the registered owner to warn that the company may be deleted if no new activity is detected in the following 15 days. If inactivity continues after that notice period, we may suspend or delete the inactive company workspace and associated data, subject to any legal or operational retention requirements.

Cookies and tracking technologies

The App may use cookies or similar technologies to enhance user experience (e.g. on web). You can manage cookie settings through your device or browser preferences.

Third-party links and services

The App may contain links to third-party websites or services. We are not responsible for third-party privacy policies or practices.

Changes to this privacy policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of any material changes by:

  • Posting the new privacy policy on this page
  • Updating the "Last updated" date
  • Sending you a notification through the app or via email (if significant changes are made)

You are advised to review this Privacy Policy periodically for any changes. Your continued use of the Service after any changes constitutes your acceptance of the updated Privacy Policy.

Contact us

If you have any questions about this Privacy Policy, wish to exercise your POPIA rights, or have concerns about our data practices, please contact us:

Email: support@employeequest.co.za
Address: [Your business address in South Africa]
Phone: [Your phone number]

Consent

By using Employee Quest on Android, iOS, or web, you consent to our Privacy Policy and agree to its terms. If you do not agree with this Privacy Policy, please do not use our Service.

This Privacy Policy is effective as of the date listed above and will remain in effect except with respect to any changes in its provisions in the future, which will take effect immediately after being posted on this page.

Employee Quest is currently only available in South Africa. This Privacy Policy is designed to comply with South African data protection laws, including the Protection of Personal Information Act (POPIA), Act 4 of 2013.