Privacy Policy

ACOST is committed to providing transparency to its customers and users with respect to its practices in handling their personal information. This Privacy Policy describes how we collect, use, and disclose personal information, especially including any facial recognition data, and how this information can be consulted and corrected when necessary.

By visiting the website acost.io, downloading or using the KIAN mobile application (the “Services”), or by contacting us or agreeing to receive emails from ACOST, you accept the terms and conditions of this Privacy Policy.

When you visit or log in to our website, cookies and similar technologies may be used by our online data partners or vendors to associate these activities with other personal information they or others have about you, including by association with your email or home address. We (or service providers on our behalf) may then send communications and marketing to these email or home addresses.

Note: This Privacy Policy does not extend to websites or services operated by third parties. ACOST is not liable for the privacy practices of third parties. This Privacy Policy is incorporated into, and subject to, our Terms of Service. Capitalized terms used but not defined here have the meanings given to them in our Terms of Service.

1. What Is Our Relationship With Your Employer?

ACOST has entered into an agreement with your employer to grant you access to KIAN and related Services (the “Employer Agreement”). ACOST operates as a data processor, processing your personal information on behalf of your employer and in accordance with its lawful instructions. The information you provide to us and/or upload via KIAN (whether or not it constitutes Personal Information) will also be governed by the Employer Agreement.

For purposes of this Privacy Policy, references to “your employer” refer to the entity that entered into the Employer Agreement with us, whether or not you are legally an employee, consultant, or contractor of that entity.

2. What Information Do We Collect?

ACOST may collect various types of information about you (“Personal Information”) in order to operate and improve KIAN. This includes:

  • Information You Provide: Information you directly provide to us when using KIAN or contacting ACOST. This can include your name, contact details, login credentials, and other profile information. For example, during onboarding or account setup you may provide personal details including a profile photograph (such as an ID or headshot photo) which is stored as part of your profile on KIAN.
  • Information From Your Employer: Information that your employer provides to us about you so that we can set up and manage your account. This may include your work email, employee ID, job role, work schedule, or a profile image if one was provided by your employer for identification purposes.
  • Information Collected via KIAN: Information that is collected when you use the KIAN application and Services. This includes data about your work shifts and attendance (e.g. clock-in and clock-out times), tasks or reports you submit, images or other content you upload or capture in the app, and any communications or feedback you send through the app. For certain features, KIAN may also collect contextual information such as timestamps, device information, or location data (for example, if your employer enables location-based clock-ins).
  • Automatically Collected Information: When you use KIAN or visit our website, we automatically collect technical information such as your device type, operating system, browser type, IP address, and usage data (e.g. log information about how you interact with the app). We may use cookies or similar technologies to collect some of this information on our website or application. This information helps us ensure the Services are working correctly and securely on your device.
  • Facial Images for Identity Verification: If you use KIAN’s face-recognition Clock-In feature, the app will capture a photo of your face each time you attempt to clock in. This face photo, along with the profile photo stored in your account (from onboarding or provided by your employer), is collected solely for the purpose of verifying your identity during the clock-in process. These images constitute sensitive personal data, and we handle them with high caution as described in this Policy.

3. How Do We Use Your Information?

We use the information collected about you to operate, maintain, and improve KIAN and to fulfill our obligations to your employer. The purposes for which ACOST uses personal information include:

  • Providing and Enhancing the Services: To operate and provide all features of KIAN and related services. For example, we use your information to allow you to log in, track your work hours, submit reports, and use other application features. We also use collected data to troubleshoot issues, personalize your experience, and improve KIAN’s functionality and user interface.
  • Fulfilling Employer Instructions: To carry out the obligations and services under the Employer Agreement. This means using your information in ways your employer requires or requests in the context of managing your work (such as generating timesheets, reports, or complying with workplace policies).
  • Analyzing and Improving: To understand usage trends and improve KIAN. We may analyze aggregated usage data to optimize performance, develop new features, and enhance user experience.
  • Identity Verification & Fraud Prevention: To verify your identity and ensure the security and integrity of the Services. In particular, if you use the facial recognition clock-in feature, we use your profile photo and the photo captured at clock-in to confirm that the person clocking in is actually you. This helps prevent fraud or misuse, such as someone else attempting to clock in on your behalf (“buddy punching”). The face data is used only to authenticate your identity for timekeeping and for no other purpose.
  • Preventing Misuse: More generally, to prevent fraud, abuse, or improper use of KIAN. This includes ensuring compliance with our Terms of Service and detecting or investigating any suspicious activity that could harm our users, your employer, or ACOST.
  • Communications: To send you communications about the Services, where legally permitted. For example, we or your employer might send in-app notifications, emails or other messages regarding schedule changes, policy updates, or application updates. (We will not send you marketing emails unless you have agreed to receive them.)
  • Legal and Regulatory Compliance: To comply with applicable legal requirements, industry standards, and our own policies. For instance, we may use and retain certain information to meet record-keeping obligations, respond to lawful requests by authorities, or to exercise or defend legal claims.

4. With Whom Do We Share Your Information?

We may share your information with certain parties in the following circumstances, in accordance with this Privacy Policy and the Employer Agreement:

  • Your Employer: We share data about you with your employer (the organization that provided you access to KIAN) as needed to fulfill the purposes of the Employer Agreement. For example, your employer will have access to your work hour logs, clock-in photos, reports, and other information you input or that is collected via KIAN, since they use these details for workforce management, billing, or payroll.
  • ACOST Affiliates: We may share your information with ACOST’s affiliated companies (entities under common ownership or control with ACOST) to help us provide and support the Services. All ACOST affiliates will honor the commitments in this Privacy Policy.
  • Third-Party Service Providers: We share information with trusted third-party vendors who perform services on our behalf. These providers help us operate and support KIAN (for example, by providing cloud infrastructure, data storage, analytics, customer support tools, or identity verification technology). We only share the information that these service providers need to carry out their tasks, and they are contractually required to keep your information confidential and use it only for the specified purposes. In particular, if you use the facial recognition clock-in feature, the photo captured at clock-in will be securely transmitted to our facial recognition service provider (Amazon Web Services’ “Amazon Rekognition” service). This provider compares the live photo to your stored profile photo and returns to us a match confidence score to verify your identity. Amazon Web Services does not store or retain the face images we send for verification; it processes them only to provide the matching result.
  • Emergency Services: If we believe in good faith that sharing your information is necessary to respond to an emergency that threatens your life, health, or security (or that of another person), we may disclose information to appropriate emergency responders.
  • Law Enforcement and Legal Compliance: We may disclose your information to law enforcement agencies, government authorities, or other third parties if required to do so by law or legal process. This could include complying with a court order, subpoena, or other legal request, or sharing information when we believe it is necessary to investigate or take action regarding illegal activities, suspected fraud, or violations of our terms.
  • Business Transfers: If ACOST is involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your information may be transferred as part of that transaction. In such cases, we will ensure that your personal information remains subject to privacy protections at least as protective as those stated in this Policy, or we will notify you and/or your employer and obtain any required consents.

We do not sell or rent your personal information to third-party advertisers or unrelated parties. Any third parties with whom we share data are either acting on behalf of your employer or providing services to ACOST as described above.

5. How Do We Store and Protect Your Information?

Data Storage Locations: Your personal information (including any photos or other data collected via KIAN) may be stored and processed on secure servers located in any country where ACOST or its service providers maintain facilities. This may include servers in Australia, the United States, or other countries. By using KIAN, you understand and consent that your information may be transferred to and stored in a jurisdiction different from your home, where privacy laws may be different. Regardless of location, we protect your data as described in this Policy.

Security Measures: ACOST implements appropriate technical and organizational safeguards to protect your personal information against unauthorized access, loss, or misuse. These measures include encryption of data in transit, access controls to databases, and regular security assessments. Please note, however, that no system can be 100% secure. We strive to protect your information, but we cannot guarantee absolute security. In the event of a data breach that affects your personal information, ACOST will notify your employer (and you, if appropriate) as well as any required authorities, in accordance with applicable laws.

Data Retention: We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, or as required by your employer or applicable law. In general, most of your personal data will be retained for the duration of your employment or use of KIAN under the Employer Agreement. Some key retention details include:

  • Clock-In Photos (Facial Data): Photos captured for the face recognition clock-in process are retained for a limited period needed for verification and record-keeping. Typically, a clock-in face photo is stored in our database alongside your time entry for a short duration (often on the order of a few weeks to a few months — approximately 30 to 120 days). These photos are kept to support invoicing, payroll, or auditing processes for your employer. After this period, the clock-in photos are permanently deleted or anonymized in accordance with our data retention schedules.
  • Profile Photos: The profile photograph you or your employer provided for identity verification is retained on your account as long as you continue to use KIAN under your employer. This allows us to verify your identity each time you clock in. If your employment or use of KIAN ends and your account is deactivated, your profile photo (along with other personal data associated with your account) will be deleted or rendered inaccessible in line with the Employer Agreement. Typically, within 90 days after your employment terminates or your account is otherwise deleted, ACOST will remove or anonymize all your personal information, including profile images, from our active systems (unless we are required by law to retain it longer).
  • General Records: Other personal information (such as account info, work logs, etc.) is retained as long as your employer requires it for business purposes or legal compliance. After the end of your employment or the termination of the Employer Agreement, ACOST will delete or de-identify Customer Data, including your personal information, within 90 days, unless otherwise directed by your employer or required by law.

If you believe we are retaining data longer than necessary, please refer to Section 6 (Rights Regarding Your Personal Information) on how to request deletion.

6. Rights Regarding Your Personal Information

You may have certain rights with respect to your personal information, subject to local data protection laws. For example, if you are in the European Union or other regions with similar laws, you may have the right to access information we hold about you, correct or update your information, request deletion of certain data, or object to certain processing. ACOST processes your information under the direction of your employer, so the procedures for exercising these rights may be coordinated through your employer.

If you wish to access, correct, or delete your personal information (including any face photos or biometric data collected via KIAN), or if you have any inquiries or objections regarding your data, please contact your employer (e.g., your HR department or supervisor) with your request. We will work with your employer to promptly address your concerns in accordance with applicable law and the Employer Agreement. In general, upon your employer’s instruction, we will correct or delete your data (unless an exception applies under the law).

Please note that if you request deletion of certain information, this could affect your ability to use KIAN or your employer’s ability to maintain your work records. We will notify your employer if any such impact arises from a request.

7. Children’s Privacy

KIAN and the Services are not intended for children under 16 years of age. ACOST does not knowingly collect personal information from anyone under 16. If we become aware that we have inadvertently collected personal data from a child under 16, we will take steps to delete such information as soon as possible. If you are a parent or guardian and believe that a minor has provided personal information through KIAN, please contact us so we can investigate and address the issue.

8. Updates to This Privacy Policy

We may update or revise this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes, we will update the “Last Updated” date at the top of the Privacy Policy. If the changes are significant, we will notify your employer (and/or you, where appropriate) by email or through KIAN, or by other required means. Continued use of KIAN after an updated Privacy Policy has been posted constitutes your acceptance of the revised terms, to the extent permitted by law.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

9. Contact Us

If you have any questions, comments, or complaints regarding this Privacy Policy or our handling of your personal information, please reach out to us. You can contact our Privacy Officer at:

Email: helpdesk@acost.io

Address: ACOST Privacy Office, 468 – 470 Victoria Street, Wetherill Park 2164. We will respond to inquiries or concerns as quickly as reasonably possible. If you contact us directly about your personal information, please note that we may need to coordinate with your employer to properly address your request, due to our role as a service provider to your employer.