Privacy Policy

1. Scope

This Privacy Policy applies to the Smart Workforce & Route Management System (SWRMS), a pilot deployment operated by the Brihanmumbai Municipal Corporation (BMC) Solid Waste Management Department for Chembur (M-East) Ward. It covers all personal information processed by the system in connection with daily field operations - attendance, route tracking, photo verification, and the audit logs generated alongside them. The policy applies to every authorised user of SWRMS regardless of role (sanitation staff, ward supervisor, or BMC administrator) and remains in effect for as long as you hold an active account.

2. Data we collect

• Identity: Employee ID, name, role, ward assignment, contact phone.
• Authentication: Password (stored as bcrypt hash, never in plain text).
• Biometric (face embedding): 128-dimensional numeric vector derived from your enrollment photo, used for identity verification at field photo submissions.
• Location at check-in: GPS coordinates captured at the moment of attendance check-in and at each photo submission.
• Live tracking during shift (opt-in): If you press Start Shift Tracking on your home screen, your device sends GPS samples every ~30 seconds while you are on the route. Tracking automatically stops when you press Stop Tracking, when you mark your route 100% complete, or when your shift end time passes. A pulsing green indicator and the words “Tracking: ON” are shown the entire time pings are flowing. Tracking is not silent and is never enabled without your explicit action.
• Device metadata: User agent, platform string, and (on Android) the operating system's mock-location flag, for audit purposes.
• Operational records: Attendance logs, route progress updates, geotagged photos, GPS pings during opted-in tracking.

3. How we use it

All data is used solely for verifying field staff presence at assigned routes, monitoring waste collection completion, detecting route deviations and idle periods during shift, and supporting workforce reallocation decisions by authorized supervisors. Data is not sold, rented, or shared with any third-party advertiser, recruiter, or analytics provider; the only external party that ever touches operational data is the OpenStreetMap routing service (OSRM), and only the route start/end coordinates of newly created routes are sent there for road-snapping - never personal information.

GPS pings collected during live tracking are used in two ways: first, to power the supervisor's real-time map showing which workers are on or off route; and second, to run automatic deviation and idle detection. Alerts generated by these checks are reviewed by your supervisor and recorded in the verification log. The system applies a 15-minute cooldown per (worker, alert kind) pair so that a single off-route episode produces one entry and not a flood of duplicates.

4. Who can access your data

• You (your own attendance, photos, and route data via your account).
• Your assigned supervisor (your attendance, photos, and verification flags for your route).
• BMC SWM administrators (aggregate data and verification logs across all wards in pilot scope).

5. Data retention

Operational data (attendance, photos, logs) is retained for 365 days for audit purposes, after which it is archived or deleted per BMC records policy. Face embeddings are retained for the duration of your active employment in SWRMS.

GPS pings from live tracking are retained for 90 days for incident investigation and GPS-replay reviews, then deleted. Aggregated anonymous statistics (e.g. average shift completion percentage per ward) may be retained indefinitely.

6. Security

Passwords are hashed using bcrypt before storage and are never written to disk in plain text. Authenticated sessions use signed JSON Web Tokens with a 24-hour expiry, after which re-login is required. Every API endpoint is protected by role-based access control, so a staff account cannot read another worker's data and a supervisor account cannot modify administrator-only configuration. The application database runs on encrypted MongoDB Atlas infrastructure with TLS in transit and at-rest disk encryption provided by the platform.

In addition to the access controls above, every supervisor or administrator action that modifies stored data - user creation, route edits, reallocation approvals, log resolutions - is recorded to a tamper-evident audit log capturing the actor's identity, role, IP address, browser user-agent, and a before-and-after diff of any changed fields. Records are never hard-deleted; user accounts and routes are deactivated via a status flag so the historical trail remains queryable for any future review.

7. Your rights

Under applicable Indian data protection regulations, including the Digital Personal Data Protection Act 2023, you have the right to access, correct, or request deletion of your personal data held by SWRMS, and to receive a clear explanation of how that data has been used. Requests are routed through the BMC SWM Department and are typically acknowledged within five working days. To exercise any of these rights - or to register a privacy concern - contact the M-East Ward SWM Office using the address below or the BMC Citizen Helpdesk on 1916.

8. Contact