Privacy Policy
SpaceMonk — Facility Management ERP
Effective Date: February 13, 2026
This application is operated by PharmacyOne Network Private Limited.
1. Introduction
SpaceMonk is a business-to-business (B2B) mobile application designed for facility management. It is intended exclusively for employees of organizations that subscribe to SpaceMonk services. User accounts are created by the subscribing organization's administrator — there is no self-registration or public access. The subscribing organization pays for the service; employees use it at no cost. This Privacy Policy applies only to the SpaceMonk application and its services.
2. Information We Collect
We collect the following categories of information:
- Account Information: Phone number and profile photograph — provided during account setup by the organization's administrator.
- Facial Photograph: A single photo captured via the device camera for attendance verification (detailed in Section 3).
- Location Data: GPS coordinates collected during active app use for geofenced attendance verification, route tracking, delivery management, and facility check-ins.
- Usage Data: Feature interaction logs, timestamps of actions, and session durations.
- Crash and Performance Data: Crash reports and performance metrics collected via Firebase Crashlytics.
- Analytics Data: Anonymized app usage patterns collected via Firebase Analytics.
- Push Notification Tokens: Device tokens for Firebase Cloud Messaging to deliver notifications.
3. Face Data Collection and Use
What face data we collect: SpaceMonk captures a single facial photograph (standard JPEG/PNG image) via the device camera each time an employee performs an attendance check-in or check-out. We do not extract facial embeddings, biometric templates, facial geometry, or any mathematical representations of facial features from the photograph.
How we use face data: The photograph is used solely for employee attendance verification — to confirm the identity of the employee marking attendance at a facility. The photograph is paired with the GPS location and timestamp of the check-in/check-out event. No automated facial recognition processing or biometric analysis is performed.
Third-party sharing: Facial photographs are not shared with any third parties. They are accessible only to the subscribing organization's authorized administrators and the Company's secure server infrastructure.
Storage: All facial photographs are stored on the Company's physical hardware servers. Data is encrypted in transit using TLS 1.2+ and encrypted at rest. Access is restricted through role-based access controls.
Retention: Facial photographs are retained for the duration of the employee's active account with the subscribing organization. Upon account deactivation, employee offboarding, or written request from the subscribing organization, all associated facial photographs are permanently deleted within 30 days. Employees may request deletion through their organization's administrator.
4. How We Use Your Information
We use the information we collect to:
- Provide facility management services including inventory tracking, asset management, staff and HR management, operations oversight, maintenance management, and facility monitoring.
- Verify employee attendance via facial photographs with location verification.
- Track delivery routes and manage facility check-ins.
- Send push notifications for operational alerts, shift reminders, and maintenance updates.
- Monitor app performance and resolve crashes (Firebase Crashlytics).
- Analyze usage patterns to improve the service (Firebase Analytics).
- Comply with applicable laws and regulations.
5. Third-Party Services
SpaceMonk uses the following third-party services:
- Firebase Analytics (Google): Collects anonymized usage data for service improvement. Google's privacy policy applies to data processed by Firebase.
- Firebase Crashlytics (Google): Collects crash reports including device state, stack traces, and device identifiers for debugging purposes.
- Firebase Cloud Messaging (Google): Processes device push notification tokens to deliver notifications. Message content is not stored by Firebase.
These services may collect device identifiers and usage data as described in Google's privacy policy. We do not share facial photographs, personal account information, or location data with these services.
6. Device Permissions
- Camera: Activated only when the employee initiates an attendance check-in or check-out. Used solely to capture the attendance photograph. The camera is not accessed in the background or for any other purpose.
- Location (GPS): Used during active app use for geofenced attendance verification (confirming the employee is at the designated facility), route tracking for delivery operations, and facility check-in logs. Location is not tracked when the app is not in active use.
Permissions can be revoked at any time via your device settings. Doing so will limit the functionality of the associated features.
7. Data Storage and Security
- All data is stored on the Company's physical hardware servers.
- Data is encrypted in transit using TLS 1.2+ and at rest.
- Access is controlled through role-based access controls.
- Regular security assessments are conducted.
No method of transmission over the internet or method of electronic storage is 100% secure. While we employ commercially reasonable measures to protect your data, we cannot guarantee absolute security.
8. Data Retention
- Account and personal data: Retained for the duration of active employment/account with the subscribing organization.
- Facial photographs: Retained as described in Section 3.
- Location data: Retained for up to 12 months for operational records.
- Usage and analytics logs: Retained for up to 12 months.
- Crash reports: Retained per Firebase Crashlytics default retention policy.
Upon account termination or when the subscribing organization's contract ends, personal data and photographs are deleted within 30 days. Organizations may request bulk deletion of all their employees' data at any time.
9. Your Rights
You have the right to:
- Access your personal data (through your organization's administrator).
- Request correction of inaccurate data.
- Request deletion of your data (subject to organizational policies and legal requirements).
- Know what data is collected about you.
Requests may be routed through the subscribing organization's administrator or submitted directly to support@1pharmacy.io.
10. Children's Privacy
SpaceMonk is a workplace application and is not intended for anyone under the age of 18. We do not knowingly collect personal data from minors. If we discover that data has been collected from a person under 18, it will be deleted immediately.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Updates will be posted on this page with a revised effective date. Subscribing organizations will be notified of material changes via email. Continued use of SpaceMonk after changes are posted constitutes acceptance of the revised policy.
12. Contact Us
PharmacyOne Network Private Limited
5, 3rd Main Rd, Gayathri HBCS Layout, Industrial Workers Layout, Shankar Nagar, Nandini Layout, Bengaluru, Karnataka 560096
Email: support@1pharmacy.io
GSTIN: 29AAMCP3441P1ZP