Last updated · 2026-05-15T00:00:00.000Z

Surveillance notice — public explainer

This page describes Punctual’s compliance posture around workplace surveillance. It is not the legal notice itself.

Under the NSW Workplace Surveillance Act 2005 and the ACT Workplace Privacy Act 2011, the obligation to give workers written notice at least 14 days before GPS surveillance starts rests with the employer (the boss), not with Punctual. We provide the template and the automation that makes giving that notice straightforward — but the legal duty stays with the boss.

If you are a boss using Punctual, the in-app onboarding flow will walk you through generating, sending, and confirming acknowledgement of the notice before any GPS is captured for your team. If you skip or short-circuit this step, your team’s GPS data will not be activated.

If you are a worker whose boss uses Punctual, you should have received a 14-day notice before any GPS was captured. If you didn’t, please contact your boss first, then privacy@punctualgroup.app if it isn’t resolved.

What Punctual captures, exactly

The app captures:

• A GPS coordinate at the moment you press Clock In
• A GPS coordinate at the moment you press Clock Out
• The GPS accuracy at each of those moments
• The site you’ve selected (a named work site)
• The server-side timestamp of each event

The app does not capture:

• Continuous location while you are clocked in
• Background location when the app isn’t open
• Movement between Clock In and Clock Out
• Any location whatsoever when you are not clocked in
• Location when you are on break (break is treated as clocked-out for surveillance purposes)
• Audio, video, screen recordings, biometrics, or any other surveillance signal

If a future feature would change this — for example, automatic Clock In via geofencing — it would require a fresh round of notice before being enabled for any worker.

Why we capture what we capture

• Validate the worker was at the agreed site at the agreed time — this is the core promise of GPS-verified time tracking
• Detect mock locations — Android and iOS provide integrity APIs that flag spoofed GPS; Punctual reads these flags and refuses to record events from spoofed devices
• Provide tamper-evident timesheets for payroll — so neither side can later dispute that the work happened

What workers can see

• Every clock event you have ever submitted, with the location captured
• The right to question or dispute any clock record (in-app)
• The right to download your full data history (in-app export, JSON or CSV)
• Your worker rights under the Privacy Act 1988 (Cth) APPs

What bosses CANNOT see

• Worker location at any time other than the clock events
• Worker movement
• Whether a worker is at home, with family, at a doctor’s appointment, or anywhere else — outside of clock events the app has no idea
• Whether the app is open or closed (no telemetry pings)

This is intentional. The product is designed not to be a surveillance tool. See “For your workers” on the landing page for the four promises baked in.

NSW Workplace Surveillance Act 2005

For workers in NSW, the WSA requires:

• Written notice at least 14 days before surveillance starts
• The notice must specify:
  • The kind of surveillance (camera, computer, tracking)
  • How it will be carried out
  • When it will start
  • Whether it will be continuous or intermittent
  • Whether it will be for a specified or indefinite period

Punctual’s onboarding flow generates this notice from a template, the boss reviews and delivers it (email, printed handout, or in-app message), and each worker acknowledges receipt before their GPS is enabled in the app.

The legal obligation to give the notice — and to ensure it complies with the statute — rests with the boss. Punctual is a tool that helps; it does not absolve the boss.

ACT Workplace Privacy Act 2011

For workers in the ACT, the WPA requires:

• Notice and consent for tracking
• A right for workers to access information collected about them

Punctual’s flow covers both — the same notice template includes consent capture, and workers can access their data in-app at any time.

Other Australian jurisdictions

Vic, Qld, SA, WA, Tas, and NT do not currently have specific workplace surveillance legislation, but the Privacy Act 1988 (Cth) Australian Privacy Principles (APPs) still apply — particularly APP 3 (collection), APP 5 (notification of collection), APP 6 (use and disclosure), and APP 11 (security).

Punctual applies the same notice + acknowledgement flow across all states by default, because it’s the safer baseline and the user experience is the same regardless of jurisdiction.

Mock location detection

If the device’s OS reports that the GPS source is spoofed (developer-mode mock provider, Xposed module, jailbreak hook, etc), Punctual will:

• Refuse to record the clock event
• Display a clear message to the worker that mock locations are not accepted
• Log the attempt server-side (without storing the spoofed coordinate)

This is necessary to keep timesheets tamper-evident. It is not a punishment; it just blocks the bad event.

Data retention

• Clock events, including the GPS coordinate captured at the moment of each event: 7 years — to comply with Fair Work record-keeping obligations for employee records
• GPS coordinate accuracy and metadata: same 7-year window
• Mock location detection attempts (without coordinate): 90 days for security analysis, then deleted

When the app launches, every worker will be able to export and delete their own data (subject to the Fair Work retention obligation on the employer’s copy — that copy is kept regardless).

Where data lives

• AU region of Supabase (our primary data store for the app — Phase 1+)
• Encrypted at rest with AES-256
• Encrypted in transit with TLS 1.3
• Access limited via Row Level Security (RLS) policies — workers see their own data, bosses see their own team

Workers’ rights summary

• Access: see all your data, in-app, at any time
• Question or dispute: any clock record, in-app
• Correction: ask for inaccuracies to be fixed (APP 13)
• Complaint: to the Office of the Australian Information Commissioner (OAIC) at <oaic.gov.au>

Contact

For questions about how Punctual handles surveillance compliance:

• Email: privacy@punctualgroup.app

For questions about how your specific boss is using Punctual to surveil you, please contact your boss first. If unresolved, contact us.

Effective date: 2026-05-15

Status: Draft pending Australian employment-law solicitor review. Substantive review will be commissioned before public app launch.