🔒 Official Privacy Policy — Comprehensive Version

Privacy Policy & Data Protection

Last updated: June 2026 — Applies to three parties: Subscribed companies, their employees, and their clients

🏢 Subscribed Companies
👤 Company Employees
🤝 Company Clients

📋 Table of Contents

01

Operator Identity & Scope

This policy describes how MOU International Group ("we") collects, processes, and protects personal data through the Clicker BOS platform — a Multi-Tenant SaaS Business Operating System — via the website, mobile app (Flutter), or APIs.

This policy applies to three independent parties, each with a different relationship with the platform and different data.

ItemDetails
Operator NameMOU International Group
Websitehttps://clicker.mouig.com
Privacy Emailprivacy@mouig.com
Last UpdatedJune 2026
Primary Geographic ScopeHashemite Kingdom of Jordan & MENA region
02

The Three Parties & Their Roles

🏢 Party 1: Subscribed Company (Tenant)

  • Company or organization subscribed to Clicker BOS
  • Represented by: Admin — one person per company
  • Full access to: HR, payroll, accounting, invoices, projects, clients, evaluations
  • Responsible for its employees' and clients' data within the platform

👤 Party 2: Company Employees

  • Employees of subscribed company — 2 roles: supervisor / employee
  • Access via: web portal + mobile app (JWT)
  • GPS attendance, tasks, leaves, payroll
  • Supervisor permissions customizable by admin

🤝 Party 3: Company Clients

  • External clients of the tenant company — not direct Clicker clients
  • 3 roles: owner / member / viewer
  • Access via: standalone client portal (client_login.php)
  • See: roadmaps, deliverables, files, meetings
  • Can: approve/reject/comment on workflow blocks

⚠️ Client Portal Relationship: The client deals with the tenant company subscribed to Clicker BOS, not directly with MOU International Group. The tenant company bears primary responsibility for disclosure to its clients.

03

Data We Collect Per Party

A. Subscribed Company (Tenant) Data

DataPurpose
Company name, type, industryTenant account setup
Admin data: name, email, bcrypt passwordAuthentication & access
Invoice settings: logo, colors, contact infoCustom invoice generation
Financial data: revenue, expenses, payrollAccounting & financial reports
Plan & subscription: type, expiry dateSubscription & permissions management
Client portal settings: logo, accent color, welcome messageClient portal white-labeling

B. Company Employee Data

DataSensitivityPurpose
Full name, emailNormalAccount & identity
Password (bcrypt hash)Sensitive — encryptedSecure authentication
Job title, department, hire dateNormalHR management
⚠️ GPS Location (lat/lng)Sensitive — foreground onlyAttendance verification only
⚠️ Attendance selfie — optionalSensitive — optionalIdentity verification at check-in
Check-in/out records with timestampsOrganizationalAttendance & administrative oversight
Base salary, allowances, deductionsFinancial sensitivePayroll processing
JWT Token (encrypted, 7 days)TechnicalMobile app authentication
FCM Token for notificationsTechnicalPush notifications
IP address, audit logsSecuritySecurity & fraud prevention

C. Company Client Data (Client Portal Users)

DataDatabase TablePurpose
Email & bcrypt passwordclient_usersClient portal login
Role: owner / member / viewerclient_users.client_rolePermission control
Client company nameclientsBusiness identity
Subscription details: plan, renewal date, quotaclient_subscriptionsDisplay contract status with company
Remember-Me token (hashed)client_remember_tokensSession persistence
Approval/rejection actionsapprovalsImmutable audit trail
Comments on workflow blocksblock_commentsCommunication with company team
Internal notificationsclient_notificationsTask & deliverable alerts
JWT Token for mobile app (future)In-memory / secureFlutter authentication
04

Sensitive Permissions — GPS & Camera

📍 Applies to Party 2 only (Company Employees). Subscribed companies and their clients are not subject to GPS or camera requests.

Location Permission

AspectDetails
Why requested?Verify employee presence at designated work location
When used?Only when pressing Check-In or Check-Out — NEVER in background
Remote employeesGPS never requested — attendance without location
Hybrid employeesRegistration accepted even if permission denied
Denying permissionAllowed — geographic verification won't work for office jobs
Data storedLatitude + Longitude only — at check-in/out moment only

Camera Permission

05

Client Portal — Specific Data

The Client Portal is an independent interface allowing the tenant company's clients to track their projects and interact with deliverables. Here is its specific data:

Roadmap & Project Data

DataWho sees it?Notes
RoadmapCompany team + client (if shared)Only when is_visible_to_client=1
Workflow BlocksPer block visibility settingTenant company decision
Files & DeliverablesOnly is_visible_to_client=1Tenant company files
Meetings & CallsThe client linked to the meetingNot shared with other clients
Approval/rejection actionsCompany team + acting clientAppend-only, non-deletable log

Client Data Isolation

06

How We Use Data

Purpose Party Legal Basis
HR, payroll & accounting servicesCompanySaaS contract performance
Geographic attendance verificationEmployeeLegitimate employer interest
Payroll & dues calculationEmployeeLegal obligation (Jordanian Labor Law)
Client project management & delivery trackingClientContract between tenant and their client
Approvals & revisions audit trailClientLegitimate interest + legal record
Work notifications & alertsEmployee / ClientConsent + legitimate interest
Security, fraud prevention & breach detectionAllLegitimate interest + legal obligation

Explicit confirmation: We do NOT sell any data to third parties. We do NOT use data for targeted advertising. We do NOT use GPS outside explicit attendance registration actions.

07

Third-Party Data Sharing

PartyDataReason
Hostinger (Hosting Provider)All stored dataInfrastructure — GDPR compliant
SMTP Provider (Email)Email addresses + message contentNotifications & reports
Firebase / Google FCMDevice FCM Token onlyMobile push notifications
Tenant CompanyIts employees' and clients' dataThis is the system's core purpose
Legal AuthoritiesOnly what's legally requiredLegal compliance only

⚠️ For employees and clients: The tenant company (employer / service provider to its clients) has full access to your data within the platform. This access is lawful and inherent to the system nature.

08

Data Security

MeasureImplementation
Transport EncryptionHTTPS / TLS — All communications
Password Hashingbcrypt — Both employees and clients
JWT Auth3 independent types: Admin / Employee / Client — each has different actor_type
Multi-tenant isolationEvery query scoped by tenant_id — cross-tenant access impossible
Client data isolationEvery query scoped by client_id + tenant_id
SQL Injection ProtectionPDO Prepared Statements — All queries
Audit LogsEvery sensitive action logged with: actor_type + actor_id + IP + timestamp
CredentialsStored outside webroot (/home/u.../clicker_env.php)
Approvals append-onlyApproval log immutable — cannot be modified or deleted
09

Data Retention & Deletion

Data TypePartyDurationReason
Payroll records7 yearsTax/accounting requirements
Attendance records5 yearsJordanian Labor Law
Attendance selfies1 year / contract endLimited verification window
Personal account dataUntil subscription end + 90 daysExport grace period
Approval records5 years from action dateLegal & commercial record
Block commentsClient relationship duration + 2 yearsBusiness communication context
FCM Tokens / Remember-MeUntil logout or expirationTemporary by nature
Security & audit logsAll2 yearsIncident investigation

Data Deletion Request

Any party may request deletion of their deletable data (not subject to legal retention) via:

10

User Rights

RightCompanyEmployeeClientHow to Exercise
Data accessPortal / Email
Data correctionVia adminVia companyPortal / Email
Data deletiondata_deletion.php
Data portability (JSON/CSV)Email request
Withdraw consentDevice settings / Email
Object to processingEmail request — each case reviewed
11

Children's Privacy

🚫 Clicker BOS is exclusively for corporate environments. Persons under 18 are not accepted in the platform (as employees or client portal users). If we discover minor data exists, we delete it immediately. Report to: privacy@mouig.com

12

White-Label Nature of Client Portal

The Client Portal operates white-label: the company's client sees the tenant company's identity, not Clicker's.

13

Cookies & Tracking

Cookie / TechnologyTypePartyDuration
PHPSESSIDEssentialAllSession
clicker_theme (localStorage)FunctionalEmployee / AdminPermanent (local)
JWT Bearer TokenEssentialEmployee / Client7 days
Remember-Me Token (hash)Optional functionalEmployee / Client30 days

✅ We do NOT use: advertising cookies, Google Analytics, Facebook Pixel, or any marketing tracking tools.

14

Policy Changes

For material changes: we update this page + send email notice to all admins + display in-app notification. Continued use means acceptance.

15

Contact Us

Privacy Email
Response Time
5 business days
Data Deletion
Legal Operator
MOU International Group