GDPR information

Tidportal is designed with privacy by design in line with the EU General Data Protection Regulation (GDPR).

Encryption

Personal data and sensitive fields are encrypted at rest with AES-256-GCM. Biometric data is stored separately encrypted and is permanently deleted on user deletion.

Retention

Default retention is two years, after which data may be anonymized per organization policy. Biometric data is deleted immediately when a user is removed.

Data export

Users can request an export of their data from the profile page. Exports include profile, presence, absence, and schedule data but not biometric data.

Deletion

Users can request deletion of their data. Administrators may initiate deletion per organization procedures. Biometric data is hard-deleted immediately.

Data protection

Contact your organization's data protection officer or administrator for GDPR-related questions.