Effective Date: May 17, 2026
Last Updated: May 17, 2026
App Name: SPF ERP
Developer: Sustainable Peace Foundation — Iraq (spf-iq.org)
1. Introduction
Welcome to the SPF ERP mobile application ("App"), developed and operated by the Sustainable Peace Foundation — Iraq
("SPF", "we", "our", "us"). This Privacy Policy describes how we collect, use, store, and protect your personal
information when you use our internal employee self-service mobile application.
This App is developed exclusively for internal use by authorized employees of the Sustainable Peace Foundation.
It is not a public application and is used to manage workplace-related functions including attendance
tracking, leave management, document access, timesheets, and internal communications.
By downloading, installing, or using the App, you agree to this Privacy Policy. If you do not agree, please do not use the App.
2. Information We Collect
2.1 Personal Information
When you use the App, we may collect the following information provided by your employer:
- Full name, employee ID, and job title
- Email address (work email)
- Department, project assignment, and office location
- Profile photograph (if uploaded)
- Emergency contact information
2.2 Attendance & Location Data
For attendance management purposes, the App may collect:
- GPS coordinates at the time of check-in and check-out to verify presence at authorized work locations
- Timestamps of check-in and check-out events
- Geo-fence validation status (whether you are within an authorized work zone)
Important: Location data is collected only at the moment of attendance punch-in/punch-out and is
not continuously tracked in the background.
2.3 Device Information
- Device model and operating system version
- Unique device identifier (for single-device session enforcement)
- Push notification token (for receiving work notifications)
2.4 Usage Data
- App feature usage patterns (for improving the user experience)
- Error logs and crash reports (for debugging purposes)
3. How We Use Your Information
We use the collected information for the following purposes:
- Authentication: To verify your identity and maintain secure access to your account
- Attendance Management: To record and verify work attendance, including location-based check-in/check-out
- Leave Management: To process leave requests, track leave balances, and manage approvals
- Document Access: To provide secure access to your employment-related documents
- Timesheet Management: To track and submit work hours
- Push Notifications: To send you work-related reminders and updates
- File Management: To manage shared files and project documents via the Drive feature
- App Improvement: To improve the App's performance, security, and user experience
4. Data Storage & Security
We implement industry-standard security measures to protect your data:
- All data is transmitted over encrypted HTTPS connections (TLS 1.2+)
- Authentication tokens are stored securely using the device's secure keychain (iOS) or encrypted storage (Android)
- Server-side data is protected by Laravel Sanctum token-based authentication
- Single-device session policy: only one active session per employee at a time
- Automatic session expiration after prolonged inactivity
Your data is stored on secure servers managed by SPF Iraq. We do not store data on third-party cloud services
outside our controlled infrastructure.
5. Data Sharing & Disclosure
We do not sell, rent, or trade your personal information to third parties. This App is for internal organizational use only.
Your data may be shared only in the following limited circumstances:
- Within the Organization: With authorized HR and management personnel of the Sustainable Peace Foundation for legitimate workplace purposes
- Legal Compliance: When required by law, regulation, or legal process
- Security: To protect the rights, safety, or property of the Sustainable Peace Foundation or its employees
We do not use any third-party analytics, advertising, or tracking SDKs in the App.
6. App Permissions
The App may request the following device permissions:
-
Location
Precise location — Required only during attendance check-in/check-out to verify you are at an authorized work site. Not used for continuous tracking.
-
Notifications
Push notifications — To send attendance reminders and work-related alerts. Can be disabled in device settings.
-
Camera
Camera access — For uploading profile photos or scanning documents (optional features).
-
Storage
File access — For downloading and viewing documents from the App.
All permissions are requested at the time of use and can be revoked at any time through your device settings.
7. Data Retention
Personal data is retained for the duration of your employment with the Sustainable Peace Foundation. Upon separation
from the organization, your data will be retained in accordance with applicable labor laws and internal record-keeping
policies, after which it will be securely deleted or anonymized.
Attendance and timesheet records may be retained for the legally required period as per Iraqi labor regulations.
8. Your Rights
As an employee and user of the App, you have the right to:
- Access: Request a copy of your personal data stored in the system
- Correction: Request correction of inaccurate or incomplete data via your HR department
- Deletion: Request deletion of your data (subject to legal retention requirements)
- Opt-out: Disable push notifications through your device settings at any time
- Withdraw Consent: Revoke any previously granted permissions through your device settings
To exercise any of these rights, please contact your HR department or reach out to us at the contact information below.
9. Children's Privacy
This App is intended for use by authorized employees only and is not designed for or directed at children under the
age of 16. We do not knowingly collect personal information from children.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we make changes, we will update the "Last Updated" date
at the top of this page. We encourage you to review this policy periodically.
For significant changes that affect your rights, we will notify you through the App or via your work email.
If you have any questions, concerns, or requests regarding this Privacy Policy, please contact us: