Asentado
ES · EN

Privacy Policy

Last updated: May 4, 2026

1. Data Controller

The Asentado application ("the App") is operated by JOSE MARIA DIAZ, with registered address in San Juan Province, Argentine Republic. Contact: info.asentado@gmail.com. Under the App's service model, Asentado acts as a data processor for field technician data on behalf of each contracting company, which acts as the data controller. For data belonging to the contracting companies' own staff who manage their accounts (commercial contact data, administrator authentication), Asentado acts as the data controller.

2. Information We Collect

We collect the following categories of personal data:

2.1 Account and Profile Data

  • Full name
  • Email address
  • Phone number
  • DNI (Argentine National Identity Document)
  • Date of birth
  • Role within the organization

2.2 Company Data

  • Company name
  • Company identifier code
  • Company plan
  • Field access PIN (stored exclusively as a SHA-256 cryptographic hash; never stored in plain text)
  • Company logo (URL)

2.3 GPS Location Data

  • Geographic coordinates (latitude and longitude) at the time of check-in and check-out
  • Real-time location pings during the work shift (if the work site has GPS tracking enabled)
  • GPS signal accuracy in meters
  • Geofencing verification (whether the field technician is within the designated work area)
  • GPS session identifier

2.4 Photographs

  • Check-in and check-out selfies (captured with the device's front camera)
  • Field photos and task evidence (captured with the rear or front camera)
  • PPE (Personal Protective Equipment) compliance photos

2.5 Work Activity Data

  • Check-in/check-out records (with timestamps)
  • Assigned tasks and their completion status
  • Values entered in the task button system (text, numbers, selections, confirmations)
  • Work site notes and reminders

2.6 Device Data

  • Permissions granted (camera, location)
  • Registration origin (PWA, app, manual)

3. How We Use Your Information

We use the collected data for the following purposes:

  • Work site management and field technician assignment
  • Attendance verification through GPS and selfie check-ins/check-outs
  • Geofencing control to confirm the technician's presence in the work area
  • Recording and tracking of assigned tasks via the dynamic task button system
  • Photographic documentation of tasks and safety compliance (PPE)
  • Generating activity reports and data exports (XLSX/PDF)
  • Sending real-time notifications about geofence alerts, absences, and status changes
  • Task planning calendar
  • Authentication and role-based access control

4. Legal Basis for Processing

For field technician data, the contracting company (as data controller) determines the applicable legal basis, typically: performance of the employment contract, compliance with legal obligations regarding workplace health and safety, and/or the employer's legitimate interest in monitoring work performance. Asentado, as data processor, operates under the contracting company's instructions.

For data belonging to administrators and contracting company personnel using the platform, Asentado acts as data controller under the following bases:

  • Data subject's consent: by registering and using the App, the administrator gives their informed consent.
  • Contractual performance: processing is necessary to provide the contracted service.

All processing is carried out in accordance with Ley 25.326 (Argentine Personal Data Protection Law No. 25.326) and its Regulatory Decree 1558/2001.

5. Storage and Security

We implement technical and organizational measures to protect personal data:

  • Data is stored in Supabase (PostgreSQL-based infrastructure) with Row Level Security (RLS) enabled on all tables, ensuring data isolation between companies (multitenancy).
  • Photographs are stored in Supabase Storage with access restricted to authenticated users.
  • Administrator authentication uses Supabase Auth (email and password with secure sessions).
  • Field technician authentication uses credentials generated via HMAC-SHA256 (derived from the DNI and company code), processed server-side.
  • The field PIN is stored exclusively as a SHA-256 hash. It is never stored or transmitted in plain text.
  • All communications are conducted over HTTPS/TLS.
  • Role-based access control with granular permissions (admin, supervisor, technician).

6. Treatment of Check-in Photographs and Personal Protective Equipment Photos

The App captures photographs in two distinct contexts, with different treatments. This section describes both in detail.

6.1 Check-in/Check-out Selfie

When a field technician checks in or out of their shift, the App captures a photograph using the device's front camera as visual evidence of the event. This image is stored as a standard photograph (JPEG file) alongside the corresponding check-in/check-out record.

Asentado does NOT perform facial recognition, face verification, biometric comparison, or any other type of facial data (face data) analysis on these images. No facial templates, face prints, embeddings, or biometric identifiers are generated, extracted, or stored. The image is treated as standard photographic content, not as biometric data.

The check-in selfie is not transmitted to any third party for processing. It is stored exclusively in the contracting company's storage infrastructure (Supabase Storage), accessible only by that company's authorized administrators.

6.2 PPE (Personal Protective Equipment) and Evidence Photographs

When the contracting company's safety protocol requires it, the safety task button system may request additional photographs from the technician as evidence (for example: a photo showing use of a hard hat, reflective vest, harness, safety footwear, or the work area). These photographs are stored alongside the corresponding task record.

When the contracting company's administrator configures automatic verification for one of these buttons (via a natural language verification prompt), the photograph is transmitted to the Google Gemini API (paid tier) for automated verification of the presence of the indicated protective element. The verification returns a boolean result (approved / not approved) with a brief textual explanation; it does not generate any biometric data or user profile.

Asentado uses the paid tier of the Google Gemini API. Under that service's terms, Google does not use inputs or outputs from paid services to train models or improve products.

This automatic verification is optional and configurable by the contracting company's administrator: if the button has no verification prompt configured, the photograph is stored without being sent to any third party.

6.3 What Asentado Does NOT Do with Any Photograph

  • We do not perform facial recognition or biometric verification.
  • We do not generate or store facial templates, face prints, embeddings, or facial feature vectors.
  • We do not compare photographs to identify individuals.
  • We do not use photographs for advertising or commercial purposes unrelated to the service.
  • We do not sell or rent photographs to third parties.

7. Data Retention

  • Account data is retained for as long as the company maintains an active account on the platform.
  • GPS location pings are automatically deleted according to the configured retention period (default: 30 days).
  • Check-in photographs and work activity records are retained for the duration of the employment relationship plus the applicable legal retention period for employment records. In the Argentine Republic, this period is five (5) years pursuant to Article 67 of Labor Contract Law No. 20.744 (Ley de Contrato de Trabajo N.° 20.744), or the equivalent in the contracting company's jurisdiction. Once this period expires, photographs are deleted.
  • The contracting company may request early deletion of specific photographs or records before the legal retention period expires, unless a regulatory obligation prevents it.
  • When a company is deleted, all associated data is cascade-deleted: profiles, technicians, work sites, tasks, check-in records, locations, notes, and stored photographs.
  • When a technician is deleted, their check-in records, locations, button logs, and associated photographs are removed from storage.
  • Users may request deletion of their data at any time by contacting the data controller, subject to any limitations imposed by applicable labor regulations.

8. Sharing Data with Third Parties

Personal data may be processed by the following service providers:

  • Supabase Inc.: Backend infrastructure, database, authentication, and file storage (including all photographs).
  • Mapbox Inc.: Map services, geocoding, and location visualization.
  • Vercel Inc.: Web application hosting and delivery.
  • Google (Gemini API, paid tier): Only PPE photographs when a contracting company's security protocol requires it and the administrator has configured automatic verification for that button. Images are processed exclusively to verify the presence of the indicated protective element. Google acts as a data processor under the paid service terms, which prohibit using this data for model training or product improvement. The check-in/check-out selfie is NEVER sent to Google under any circumstances.

We do not sell, rent, or share personal data with third parties for commercial or advertising purposes. The providers listed above process data solely to deliver the technical services required for the App to function.

All providers mentioned above are subject to contractual obligations requiring them to maintain a level of personal data protection equivalent to or higher than that established in this Policy, as required by Ley 25.326 (Argentine Personal Data Protection Law No. 25.326) and the privacy guidelines of distribution platforms (Apple App Store and Google Play).

9. International Data Transfers

Data may be stored and processed on servers located outside the Argentine Republic, particularly in the United States, through the infrastructure providers mentioned above. These transfers are carried out in accordance with the provisions of Ley 25.326 (Argentine Personal Data Protection Law No. 25.326) and appropriate contractual measures are adopted to ensure an equivalent level of protection.

10. Data Subject Rights

In accordance with Ley 25.326 (Argentine Personal Data Protection Law No. 25.326), you have the following rights regarding your personal data:

  • Right of access: Request information about the personal data we have stored.
  • Right of rectification: Request correction of inaccurate or incomplete data.
  • Right of erasure: Request deletion of your personal data.
  • Right of objection: Object to the processing of your data in certain circumstances.
  • Right to information: Know the purpose and recipients of processing.

If you are a field technician, you may exercise these rights by contacting the administrator of your contracting company (data controller) or, subsidiarily, Asentado as data processor at info.asentado@gmail.com. If you are an administrator or staff member of a contracting company, you may contact info.asentado@gmail.com directly. The National Directorate for Personal Data Protection (Agencia de Acceso a la Información Pública — Agency for Access to Public Information) is the supervisory authority for Ley 25.326 (www.argentina.gob.ar/aaip).

To revoke your consent to the processing of your data or to request deletion of your account and all associated data, you may: (i) contact us by email at info.asentado@gmail.com stating your request, or (ii) if you are an administrator, delete your account directly from the administration panel. We will process requests within no more than 10 business days, except where a legal retention obligation applies (for example, retention of employment records pursuant to Art. 67 of Labor Contract Law No. 20.744).

11. Device Permissions

The App requires the following device permissions to function correctly:

  • Camera: Required to capture check-in/check-out selfies and task evidence photographs. The front camera is used for selfies and the rear camera for field photos.
  • Location (GPS): Required to record the technician's position at check-in/check-out, verify that they are within the work area (geofencing), and perform real-time GPS tracking during the shift.

If the user denies these permissions, the check-in/check-out and evidence capture functions will not be available. The App will display an explanatory message and allow the user to request the permissions again.

12. Use by Minors

The App is not directed at individuals under 18 years of age. We do not knowingly collect personal data from minors. If we become aware that we have collected data from a minor, we will delete it immediately. If you are a parent or guardian and believe your child has provided us with personal data, please contact info.asentado@gmail.com.

13. Cookies and Similar Technologies

The App uses browser local storage (localStorage) to maintain the user session and configuration preferences. We do not use tracking cookies or third-party tracking technologies for advertising purposes.

14. Changes to This Policy

We reserve the right to modify this Privacy Policy at any time. Modifications will take effect upon publication in the App. We will notify users of significant changes through the platform. We recommend reviewing this policy periodically. Continued use of the App after changes are published constitutes acceptance of those changes.

15. Governing Law and Jurisdiction

This Privacy Policy is governed by the laws of the Argentine Republic, in particular Ley 25.326 (Argentine Personal Data Protection Law No. 25.326). For any dispute arising from this policy, the parties submit to the jurisdiction of the ordinary courts of San Juan Province, Argentine Republic.

16. Contact

For inquiries, exercise of rights, or complaints related to the processing of your personal data, please contact us at:

  • Controller: Jose Maria Diaz
  • Email: info.asentado@gmail.com
  • Registered address: San Juan Province, Argentine Republic
Also see our Terms and Conditions.