Last updated: June 2026 — Applies to three parties: Subscribed companies, their employees, and their clients
This policy describes how MOU International Group ("we") collects, processes, and protects personal data through the Clicker BOS platform — a Multi-Tenant SaaS Business Operating System — via the website, mobile app (Flutter), or APIs.
This policy applies to three independent parties, each with a different relationship with the platform and different data.
| Item | Details |
|---|---|
| Operator Name | MOU International Group |
| Website | https://clicker.mouig.com |
| Privacy Email | privacy@mouig.com |
| Last Updated | June 2026 |
| Primary Geographic Scope | Hashemite Kingdom of Jordan & MENA region |
⚠️ Client Portal Relationship: The client deals with the tenant company subscribed to Clicker BOS, not directly with MOU International Group. The tenant company bears primary responsibility for disclosure to its clients.
| Data | Purpose |
|---|---|
| Company name, type, industry | Tenant account setup |
| Admin data: name, email, bcrypt password | Authentication & access |
| Invoice settings: logo, colors, contact info | Custom invoice generation |
| Financial data: revenue, expenses, payroll | Accounting & financial reports |
| Plan & subscription: type, expiry date | Subscription & permissions management |
| Client portal settings: logo, accent color, welcome message | Client portal white-labeling |
| Data | Sensitivity | Purpose |
|---|---|---|
| Full name, email | Normal | Account & identity |
| Password (bcrypt hash) | Sensitive — encrypted | Secure authentication |
| Job title, department, hire date | Normal | HR management |
| ⚠️ GPS Location (lat/lng) | Sensitive — foreground only | Attendance verification only |
| ⚠️ Attendance selfie — optional | Sensitive — optional | Identity verification at check-in |
| Check-in/out records with timestamps | Organizational | Attendance & administrative oversight |
| Base salary, allowances, deductions | Financial sensitive | Payroll processing |
| JWT Token (encrypted, 7 days) | Technical | Mobile app authentication |
| FCM Token for notifications | Technical | Push notifications |
| IP address, audit logs | Security | Security & fraud prevention |
| Data | Database Table | Purpose |
|---|---|---|
| Email & bcrypt password | client_users | Client portal login |
| Role: owner / member / viewer | client_users.client_role | Permission control |
| Client company name | clients | Business identity |
| Subscription details: plan, renewal date, quota | client_subscriptions | Display contract status with company |
| Remember-Me token (hashed) | client_remember_tokens | Session persistence |
| Approval/rejection actions | approvals | Immutable audit trail |
| Comments on workflow blocks | block_comments | Communication with company team |
| Internal notifications | client_notifications | Task & deliverable alerts |
| JWT Token for mobile app (future) | In-memory / secure | Flutter authentication |
📍 Applies to Party 2 only (Company Employees). Subscribed companies and their clients are not subject to GPS or camera requests.
| Aspect | Details |
|---|---|
| Why requested? | Verify employee presence at designated work location |
| When used? | Only when pressing Check-In or Check-Out — NEVER in background |
| Remote employees | GPS never requested — attendance without location |
| Hybrid employees | Registration accepted even if permission denied |
| Denying permission | Allowed — geographic verification won't work for office jobs |
| Data stored | Latitude + Longitude only — at check-in/out moment only |
The Client Portal is an independent interface allowing the tenant company's clients to track their projects and interact with deliverables. Here is its specific data:
| Data | Who sees it? | Notes |
|---|---|---|
| Roadmap | Company team + client (if shared) | Only when is_visible_to_client=1 |
| Workflow Blocks | Per block visibility setting | Tenant company decision |
| Files & Deliverables | Only is_visible_to_client=1 | Tenant company files |
| Meetings & Calls | The client linked to the meeting | Not shared with other clients |
| Approval/rejection actions | Company team + acting client | Append-only, non-deletable log |
client_id in every query| Purpose | Party | Legal Basis |
|---|---|---|
| HR, payroll & accounting services | Company | SaaS contract performance |
| Geographic attendance verification | Employee | Legitimate employer interest |
| Payroll & dues calculation | Employee | Legal obligation (Jordanian Labor Law) |
| Client project management & delivery tracking | Client | Contract between tenant and their client |
| Approvals & revisions audit trail | Client | Legitimate interest + legal record |
| Work notifications & alerts | Employee / Client | Consent + legitimate interest |
| Security, fraud prevention & breach detection | All | Legitimate interest + legal obligation |
✅ Explicit confirmation: We do NOT sell any data to third parties. We do NOT use data for targeted advertising. We do NOT use GPS outside explicit attendance registration actions.
| Party | Data | Reason |
|---|---|---|
| Hostinger (Hosting Provider) | All stored data | Infrastructure — GDPR compliant |
| SMTP Provider (Email) | Email addresses + message content | Notifications & reports |
| Firebase / Google FCM | Device FCM Token only | Mobile push notifications |
| Tenant Company | Its employees' and clients' data | This is the system's core purpose |
| Legal Authorities | Only what's legally required | Legal compliance only |
⚠️ For employees and clients: The tenant company (employer / service provider to its clients) has full access to your data within the platform. This access is lawful and inherent to the system nature.
| Measure | Implementation |
|---|---|
| Transport Encryption | HTTPS / TLS — All communications |
| Password Hashing | bcrypt — Both employees and clients |
| JWT Auth | 3 independent types: Admin / Employee / Client — each has different actor_type |
| Multi-tenant isolation | Every query scoped by tenant_id — cross-tenant access impossible |
| Client data isolation | Every query scoped by client_id + tenant_id |
| SQL Injection Protection | PDO Prepared Statements — All queries |
| Audit Logs | Every sensitive action logged with: actor_type + actor_id + IP + timestamp |
| Credentials | Stored outside webroot (/home/u.../clicker_env.php) |
| Approvals append-only | Approval log immutable — cannot be modified or deleted |
| Data Type | Party | Duration | Reason |
|---|---|---|---|
| Payroll records | 7 years | Tax/accounting requirements | |
| Attendance records | 5 years | Jordanian Labor Law | |
| Attendance selfies | 1 year / contract end | Limited verification window | |
| Personal account data | Until subscription end + 90 days | Export grace period | |
| Approval records | 5 years from action date | Legal & commercial record | |
| Block comments | Client relationship duration + 2 years | Business communication context | |
| FCM Tokens / Remember-Me | Until logout or expiration | Temporary by nature | |
| Security & audit logs | All | 2 years | Incident investigation |
Any party may request deletion of their deletable data (not subject to legal retention) via:
| Right | Company | Employee | Client | How to Exercise |
|---|---|---|---|---|
| Data access | ✅ | ✅ | ✅ | Portal / Email |
| Data correction | ✅ | Via admin | Via company | Portal / Email |
| Data deletion | ✅ | ✅ | ✅ | data_deletion.php |
| Data portability (JSON/CSV) | ✅ | ✅ | ✅ | Email request |
| Withdraw consent | ✅ | ✅ | ✅ | Device settings / Email |
| Object to processing | ✅ | ✅ | ✅ | Email request — each case reviewed |
🚫 Clicker BOS is exclusively for corporate environments. Persons under 18 are not accepted in the platform (as employees or client portal users). If we discover minor data exists, we delete it immediately. Report to: privacy@mouig.com
The Client Portal operates white-label: the company's client sees the tenant company's identity, not Clicker's.
| Cookie / Technology | Type | Party | Duration |
|---|---|---|---|
| PHPSESSID | Essential | All | Session |
| clicker_theme (localStorage) | Functional | Employee / Admin | Permanent (local) |
| JWT Bearer Token | Essential | Employee / Client | 7 days |
| Remember-Me Token (hash) | Optional functional | Employee / Client | 30 days |
✅ We do NOT use: advertising cookies, Google Analytics, Facebook Pixel, or any marketing tracking tools.
For material changes: we update this page + send email notice to all admins + display in-app notification. Continued use means acceptance.