Effective date: [2 June 2026]
Last Updated: [4 June 2026 / 4 June 2026 ]
This Privacy Policy explains how the Cesstant Cloud application (application ID com.aistudio.barcodegun.vscztr, the “App”), developed and operated by TheVirus Information and Technology Co., Ltd. All rights reserved (“we”, “us”), collects, uses, and discloses information.
This is a business-to-business (B2B) tool that works with the customer’s own ERP/POS system. The App connects to a server operated by the user’s own
organization (the domain configured during license activation). Most operational data is transmitted to and stored on the ERP server of the employer/license holder, who acts as the
data controller.
1. Information We Collect and Why
|
Data type
|
Purpose
|
Sent off device?
|
|
Precise location (GPS)
|
Recorded when clocking in/out to verify the attendance location
|
Yes — sent to the license holder’s ERP server
|
|
Device ID (Android ID) and device make/model
|
Fraud detection / preventing proxy clock-ins (anti-fraud audit)
|
Yes — sent to the ERP server
|
|
Username and password
|
Authentication to the ERP system
|
Sent to the ERP server for
login; if biometric login is enabled, stored encrypted on the device
|
|
Employee profile data (name, nickname, birthday, religion, phone, email, address)
|
Displaying the user’s profile in the App (retrieved from the ERP server)
|
Received from the ERP server for display
|
|
Camera / barcode image
|
Scanning product barcodes, processed on-device only
|
No — images are not stored or transmitted; only the decoded barcode value is used
|
|
Screenshots (only when the user taps capture)
|
Saving screenshots to the gallery and sharing at the user’s request
|
Stored on device; shared only when the user chooses to share
|
2. Permissions and Justification
-
Location — records coordinates when clocking in/out (used only while the App is in use; no background access)
-
Camera — scanning product barcodes
-
Bluetooth — connecting to a thermal receipt printer
-
Internet / Network state — communicating with the ERP server
-
Vibrate — feedback on a successful barcode scan
The App always requests the location permission with an explanation before the attendance feature, and uses it only when you tap to clock in/out.
3. How We Use Information
We use the above data to provide the App’s functions: login, clock in/out, product lookup, receipt printing, and fraud prevention (e.g., proxy clock-ins). We do not use your data for
advertising, and we do not sell your data.
4. Disclosure and Third-Party Sharing
Operational data is transmitted only to the ERP server of the license-holding organization/employer, per the configured domain. Data handling on that server is the
responsibility of that organization. We do not share your data with other third parties for marketing purposes, except where required by law.
The App uses the following third-party services for core functionality: Google Play Services (Location) for positioning, and Google ML Kit (on-device processing) for barcode reading.
5. Data Storage and Security
- Settings data (domain, employee ID, token) are stored in on-device SharedPreferences.
- If biometric login is enabled, the username/password are encrypted using the Android Keystore (AES).
- All data transmitted between the App and the server uses an encrypted SSL/TLS (HTTPS) connection only. The App enforces HTTPS from the license-activation step and rejects
connections to non-HTTPS servers.
6. Data Retention
Data stored on the device is removed when you log out, clear the App’s data, or uninstall the App. Data stored on the ERP server is governed by the license holder’s policies.
7. Account and Data Deletion
User accounts are created and managed by the organization’s ERP system, not registered through the App directly. To delete an account or personal data, please contact your organization’s
administrator or contact us at the email below. You can delete locally stored data by logging out or clearing the App’s data.
8. Children’s Privacy
This App is a tool for organizational use, is not directed at children under [13/18], and we do not knowingly collect data from children.
9. Your Rights
You may request access to, correction of, or deletion of your personal data as provided under applicable data protection law (e.g., Thailand’s Personal Data Protection Act, PDPA) by contacting
us below.
10. Changes to This Policy
We may update this policy from time to time. Changes take effect when posted on this page with an updated date.
11. Contact Us
If you have questions about this Privacy Policy, contact:
TheVirus Information and Technology Co., Ltd.
Email: support@thevirus.in.th
Address: 8/1 Soi Lat Phrao 101, Soi 42, Yaek 17 (Thepthawee 5), Khlong Chan, Bang Kapi, Bangkok 10240, Thailand
