GDPR information
Tidportal is designed with privacy by design in line with the EU General Data Protection Regulation (GDPR).
Encryption
Personal data and sensitive fields are encrypted at rest with AES-256-GCM. Biometric data is stored separately encrypted and is permanently deleted on user deletion.
Retention
Default retention is two years, after which data may be anonymized per organization policy. Biometric data is deleted immediately when a user is removed.
Data export
Users can request an export of their data from the profile page. Exports include profile, presence, absence, and schedule data but not biometric data.
Deletion
Users can request deletion of their data. Administrators may initiate deletion per organization procedures. Biometric data is hard-deleted immediately.
Data protection
Contact your organization's data protection officer or administrator for GDPR-related questions.