ImelBIS ERP softverPrivacy Policy — PULSE Application
Last updated: March 16, 2026
Imel d.o.o. Lukavac (“we”, “us”, “our”) has developed the PULSE application as a commercial (B2B) solution for employee time tracking, access control, and attendance management. This Privacy Policy precisely explains what data we collect, how we use it, how we protect it, and with whom we share it when you use our mobile application.
By using the PULSE application, you agree to the collection and use of data in accordance with this policy.
1. Who This Application Is Intended For
PULSE is exclusively a B2B (business-to-business) solution. The application is installed on Android devices managed by an employer (a company or institution), or on personal devices of employees who have consented to using the application for business purposes. The application is not intended for children or the general public.
In terms of data protection, the employer (Imel d.o.o.’s client) is the data controller for employee data, while Imel d.o.o. acts as the data processor in accordance with a data processing agreement signed with the employer.
2. Data We Collect
2.1 Location Data (GPS)
The application collects precise GPS coordinates (latitude and longitude) of the device in real time, and only while the application is actively running in the foreground.
What is collected: – Precise GPS location (ACCESS_FINE_LOCATION) at high accuracy – Approximate location (ACCESS_COARSE_LOCATION) as a fallback option
Purpose: Location data is used to: – Verify that the device is within an authorized geographic area (geofencing) using the Haversine formula, before allowing an attendance registration – Transmit GPS coordinates as part of every clock-in or clock-out record (NFC or mobile check-in) to the employer’s server – Optionally calibrate the device’s position (updating the registered device’s coordinates on the server)
Mock location detection: The application automatically rejects locations identified as simulated (mock location) and does not transmit them to the server.
Note: The application does not track location in the background. Tracking is active only while the user is on the terminal screen.
2.2 Persistent Device Identifier (Device UUID / Android ID)
The application generates and permanently stores a unique device identifier.
What is used: – Primary: Android ID (Settings.Secure.ANDROID_ID) — a hardware identifier unique to the device – Fallback: A randomly generated UUID stored locally, used only if the Android ID is unavailable
Where it is stored: Encrypted locally on the device (EncryptedSharedPreferences, AES-256-GCM)
Where it is transmitted: This identifier is sent to the server as part of every API communication: during license activation, validation, with every attendance record, and during coordinate calibration.
Purpose: Secure identification and binding of the license to a specific device; prevention of unauthorized use of a license on another device.
Important: The identifier remains stored on the device after license deactivation, enabling future reactivation without re-setup.
2.3 Technical Device Information
During license activation, the application automatically collects and transmits the following data to the server:
- Device model (e.g., “Samsung Galaxy S21”)
- Android OS version (e.g., “Android 13”)
Purpose: Recording the devices used under a license, compatibility verification, and technical support.
2.4 NFC Card Data
When an employee uses an NFC card (NTAG 424 DNA) to clock in or out, the application reads the following data via the device’s NFC reader:
Card UID — a unique 7-byte hardware identifier of the card (permanent and immutable)
CNT (command counter) — a 3-byte dynamic counter that increments with each card read (used to prevent replay attacks)
TAG (CMAC signature) — an 8-byte cryptographic signature generated by the card’s chip, used by the server to verify the card’s authenticity
Purpose: Cryptographically secure employee identification and prevention of abuse (card cloning or replay of recorded NFC signals).
Data transmitted to the server: UID, CNT, and TAG together with GPS coordinates, device identifier, event code, timestamp, and the HMAC request signature.
2.5 Mobile Check-In Data (Without NFC Card)
When mobile check-in is enabled, an employee can clock in or out directly through the application on their own device, without an NFC card. The application license then serves as the employee’s digital identity.
Data transmitted to the server during mobile check-in: – Device identifier (Device UUID) – License identifier – Precise GPS coordinates – Event code (e.g., clock-in / clock-out) – Timestamp (Unix timestamp) – HMAC-SHA256 digital signature of the request
2.6 Attendance Records (Time Tracking Events)
Every successfully registered arrival or departure results in a record stored on the employer’s server. The record contains:
- Timestamp (date and exact time)
- GPS coordinates at the time of check-in/check-out
- Device and work area identifier
- Event type (clock-in / clock-out / other defined events)
- Card identifier (UID) or mobile device identifier
- Authentication confirmation
- These records form the basis of the attendance log and are managed exclusively by the employer.
3. Data We Do NOT Collect
PULSE does not collect the following:
- Communication content (messages, emails, calls)
- Photos, video, or audio content
- Phone book contacts
- Internet browsing data
- Health or physical activity data
- Financial information
- Passwords or credentials for other applications or services
- Background location (outside of an active app session)
4. Data Security
Protecting your data is our priority. We apply the following security measures:
Local storage: – All sensitive data on the device (server URL, admin PIN, license key, secret HMAC key, NFC master keys) is stored in Android EncryptedSharedPreferences with AES-256-GCM encryption.
Network transmission: – All communication between the application and the server takes place exclusively over HTTPS (TLS encryption). – Every attendance registration request is digitally signed with the HMAC-SHA256 algorithm using a secret key unique to each activated device. – Every request uses a one-time nonce (a token generated by the server that is valid for one request only) to prevent replay attacks.
NFC authentication: – NTAG 424 DNA cards generate a dynamic CMAC cryptographic signature with each read, making it impossible to clone or replay recorded NFC signals. – Card keys are derived (diversified) uniquely for each card based on its UID.
Tamper detection: – The application rejects GPS coordinates identified as simulated (mock location).
We note that no system for data transmission and storage can guarantee absolute security.
5. Sharing Data With Third Parties
Imel d.o.o. does not sell, rent, or share personal data with third parties for commercial or marketing purposes.
Data is only shared with:
- The employer (data controller): All attendance records, GPS data, and device identifiers are transmitted to a server controlled by the employer, in accordance with the service agreement.
- Google LLC (Google Play Services): The application uses the Google Play Services Location API (FusedLocationProviderClient) to collect GPS data. Google’s privacy policy is available at: https://policies.google.com/privacy
6. Device Administration Mode (Kiosk Mode)
The PULSE application may be configured as a Device Administrator exclusively for the purpose of activating Kiosk Mode — an operating mode in which the Android device is locked and dedicated solely as a PULSE terminal.
What Kiosk Mode does: – Prevents exiting the application (disables Back and Home buttons) – Prevents launching other applications – Prevents unauthorized use of the device for other purposes
Activation: Kiosk Mode is activated by the company administrator via a protected PIN within the application. Employee terminal users cannot activate or deactivate it themselves.
Deactivation: An administrator who knows the PIN can deactivate Kiosk Mode at any time.
Note: Kiosk Mode is used exclusively for the purpose of operating the device as a dedicated terminal — it does not serve as a tool for employee surveillance, activity monitoring, remote data deletion, or restriction of employees’ personal data.
7. Data Retention
Local data on the device: Configuration data (server URL, license identifier, device identifier) remains stored on the device for the duration of the business relationship. Upon license deactivation, the active secret key (session key) is deleted, but configuration data remains for potential future reactivation.
Data on the server: Employee attendance records are stored on the server managed by the employer. The retention period is determined by the employer in accordance with applicable labor law regulations and internal policies, typically in line with the minimum statutory periods for retaining work time records.
Imel d.o.o. does not have direct access to end-users’ attendance records — that data is the property and responsibility of the employer.
8. Your Rights
Since PULSE is used in a corporate environment where the employer is the data controller, for all questions regarding access to, correction, transfer, or deletion of personal data generated through PULSE, please contact your employer directly (the HR department or system administrator).
For questions relating to the application itself, the technical processing of data, or this Privacy Policy, please contact us at the address provided in Section 11.
9. Children
The PULSE application is not intended for persons under 18 years of age or for children. We do not knowingly collect data from minors.
10. Changes to This Privacy Policy
We reserve the right to update this Privacy Policy. We will notify users of any changes by publishing a new version at https://imel.ba/pulse-privacy-policy/ and updating the date at the top of the document. We recommend reviewing this policy periodically.
11. Contact Us
For any questions regarding this Privacy Policy, please contact us:
Imel d.o.o. Lukavac – Address: Skendera Kulenovića bb, 75300 Lukavac, Bosnia and Herzegovina – Email: software@imel.ba – Website: https://imel.ba