Korea Software HRD Center ("KSHRD", "we", "us", or "our") is a non-profit IT training institute established in April 2013 under a cooperation agreement between the Korea International Cooperation Agency (KOICA) and Webcash Co., Ltd. Located at #12, St. 323, Sangkat Boeung Kak II, Khan Toul Kork, Phnom Penh, Cambodia, KSHRD has trained more than 13 generations of Cambodian software engineers, helping graduates secure careers at local and international IT companies, government agencies, and graduate-level scholarship programs abroad.

We operate the RDA mobile application (package: com.kshrd.rda) to help our staff and students record and manage daily attendance digitally. For on-site attendance verification, RDA accesses and collects precise device location (latitude and longitude) only when you start check-in or check-out. This Privacy Policy explains what personal data we collect when you use RDA, why we collect it, how we use and protect it, and what rights you have over your data.

By installing or using RDA you agree to the practices described in this policy. If you do not agree, please uninstall the application and contact us to remove your account data.

RDA collects the minimum data necessary to deliver its attendance management features, including precise device location during check-in and check-out flows that you start. The table below summarises each data type, its purpose, and whether it is required to use the app.

Because RDA supports on-site attendance verification, precise location is one of the most sensitive data types we handle. Here is exactly how it works:

• What is collected — Your device's latitude and longitude, obtained via the Google Play services Fused Location Provider. We do not read raw GPS sensor data directly.
• When it is collected — Only during the check-in or check-out flow that you actively start inside the app. A user-visible location-in-use indicator is shown by the operating system during this process, as required by platform policy (Android/iOS).
• How it is used — Your coordinates are compared on-device against an organisation-configured centre point and allowed radius. If you are within range, check-in proceeds. Raw coordinates are not stored locally beyond the active flow.
• Biometric confirmation — After the location check passes, you may be asked to confirm your identity using fingerprint, face unlock, or device passcode through the standard system dialog. Your biometric templates are never transmitted to KSHRD or any third party; matching is performed entirely by the device operating system (Android/iOS).
• Your control — You can revoke location permission at any time via Settings › Apps › RDA › Permissions. Geo-validated check-in will not function without it, but all other app features remain available.

• Provide the service — Record and display daily attendance for staff and students at KSHRD, enabling administrators to view, export, and act on attendance data.
• Authentication & security — Verify your identity at sign-in and on each API request using short-lived bearer tokens so your account remains protected.
• Notifications & reminders — Send push notifications for attendance reminders, schedule changes, and important centre announcements via Firebase Cloud Messaging.
• App stability — Analyse anonymised crash reports through Firebase Crashlytics to detect, prioritise, and fix bugs quickly.
• Fraud prevention — Use your device ID and location to reduce the risk of proxy check-ins or account sharing.

We do not use your data for advertising, sell it to third parties, or use it for any purpose beyond operating the RDA attendance service.

RDA relies on a small number of Google services to function. Each service processes only the data necessary for its specific role:

For details see the Firebase Privacy and Security page and the Google Privacy Policy. We do not integrate advertising SDKs or any analytics platform beyond those listed above.

The following section describes mobile platform permissions used by RDA across Android and iOS. Android technical permission names are listed where applicable, and equivalent iOS runtime prompts are requested only when features need them. This also mirrors the data disclosures submitted in app-store privacy forms.

Protecting the data of our students and staff is a core responsibility for KSHRD. We implement the following measures:

• Encryption in transit — All communication between the RDA app and our backend API uses HTTPS (TLS 1.2 or higher). Credentials are never sent over plain HTTP.
• Token storage — Access and refresh tokens are stored in app-private SharedPreferences on your device, inaccessible to other apps. They are cleared completely when you log out.
• Password handling — Passwords are transmitted only during the login request and are never logged or stored in plain text on our servers.
• Biometric data — Biometric matching is performed exclusively by the device operating system (Android/iOS). The RDA app receives only a pass/fail result; no biometric template ever leaves your device.
• Access controls — Backend access to personal data is restricted to authorised KSHRD administrators, protected by role-based access controls.

If you suspect unauthorised access to your account, change your password immediately and contact us at penhseyha4980@gmail.com.

• Account & profile data — Retained for the duration of your enrolment or employment at KSHRD, plus up to one year afterward, unless you request earlier deletion.
• Attendance records — Kept for the duration required by KSHRD's internal policy and applicable Cambodian labour and education regulations.
• Location data — Used transiently during the check-in flow. Raw coordinates are not persisted locally. Any server-side record is limited to the check-in result (pass/fail) and timestamp.
• Crash & diagnostic logs — Retained by Firebase Crashlytics for up to 90 days per Google's standard retention policy.
• Local app data — All locally cached profile data, tokens, and preferences are cleared when you log out or uninstall the application.

• Access — Request a copy of the personal data we hold about you.
• Correction — Ask us to correct inaccurate or incomplete profile information.
• Deletion — Request that we delete your account and associated personal data. Email penhseyha4980@gmail.com. We will confirm receipt within 5 business days and complete deletion within 30 days, subject to legal retention requirements.
• Permissions — Manage location, notification, and alarm permissions at any time via Settings › Apps › RDA › Permissions.
• Push notifications — Disable or customise notification channels in device Settings or within the RDA app.
• Logout — Signing out immediately clears all locally stored tokens and cached profile data.

RDA is designed for adult staff, instructors, and enrolled students at Korea Software HRD Center. We do not knowingly collect personal information from children under the age of 13 (or the applicable minimum age in your jurisdiction).

If you are a parent or guardian and believe your child has registered without your consent, contact us at penhseyha4980@gmail.com and we will promptly delete the account and associated data.

KSHRD is based in Phnom Penh, Cambodia. Google Firebase — which powers our push notifications and crash reporting — may process and store data on servers located in the United States or other countries with different data protection laws than your home country.

Where such transfers occur, we rely on the standard contractual and legal mechanisms provided by those services to ensure your data remains protected to a standard equivalent to this policy. By using RDA you acknowledge and consent to this transfer.

The table below maps directly to the answers submitted in store privacy disclosures. Reviewers can use this to verify that the policy and store listings are consistent.

For iOS distribution, equivalent disclosures are provided in Apple App Store Connect under App Privacy. Data categories and purposes are kept aligned with this policy.

* Precise location is processed on-device by platform location services; raw coordinates are not forwarded to Google/Apple servers by RDA. The check-in result (pass/fail + timestamp) may be recorded on the KSHRD backend.

We may update this Privacy Policy as the app evolves, legal requirements change, or we integrate new features. When we make material changes we will:

• Update the "Last updated" date and version badge at the top of this page.
• Display an in-app notice the first time you open RDA after the change takes effect.
• Email registered users if the change significantly affects how we use personal data.

Continued use of RDA after the effective date of a revised policy constitutes acceptance of the updated terms.

If you have questions about this Privacy Policy, wish to exercise your data rights, or want to report a privacy concern, please reach out: