Privacy Policy

Introduction

PunchAlert is an automated employee shift reminder service developed and operated by 605 Media LLC (“605 Media,” “we,” “us,” or “our”), a Maryland limited liability company. PunchAlert sends SMS reminders to employees before they are required to check in or out of state-mandated workforce management applications.

This Privacy Policy describes how 605 Media LLC collects, uses, stores, and protects information in connection with the PunchAlert service. It applies to:

• Organizations (“Clients”) that deploy PunchAlert to manage employee shift reminders
• Employees (“End Users”) who receive SMS reminders through PunchAlert
• Visitors to punchalert.605media.net

By using PunchAlert, you agree to the practices described in this Privacy Policy.

Data Controller and Processor Roles

Self-Hosted Deployment

When a Client deploys PunchAlert on their own infrastructure using their own Twilio account and credentials, the Client organization is the data controller. The Client is solely responsible for how employee data is collected, stored, and used within their deployment. 605 Media LLC acts only as the software developer and does not have access to, process, or store any employee data in this model.

Hosted / SaaS Deployment

When 605 Media LLC hosts PunchAlert on behalf of a Client organization through our online portal, 605 Media LLC acts as a data processor on behalf of the Client, who remains the data controller. 605 Media LLC processes employee data only as directed by the Client and in accordance with this Privacy Policy and any applicable Data Processing Agreement.

Information We Collect

Employee information (provided by Client administrators)

• Full name (first and last)
• Mobile phone number
• Work schedule (shift start and end times per day of week)
• Program or location assignment

SMS interaction data

• Message delivery status (sent, delivered, failed)
• Opt-out status (if employee replies STOP)
• Timestamp of each reminder sent

Administrator account information

• Username and hashed password
• IP address at login (for security purposes)
• Session activity logs

How We Use Information

Information collected through PunchAlert is used exclusively for the following purposes:

• Sending automated SMS shift reminders to enrolled employees
• Processing opt-out (STOP) and opt-in (START) requests
• Maintaining SMS delivery logs for audit and compliance purposes
• Providing the administrator dashboard and reporting features
• Diagnosing delivery failures and technical issues
• Complying with applicable laws and carrier regulations

We do not use employee information for marketing, advertising, or any purpose other than shift reminder delivery.

SMS Messaging and Twilio

PunchAlert uses Twilio, Inc. as its SMS delivery provider. When a Client deploys PunchAlert using their own Twilio account (self-hosted or hosted with own credentials), Twilio’s own privacy policy governs the handling of message data by Twilio. When 605 Media LLC delivers SMS on behalf of a hosted Client using our managed Twilio account, Twilio processes message data as a sub-processor.

Employees may opt out of receiving SMS reminders at any time by replying STOP to any message. To re-enroll, reply START or contact your employer administrator. Message and data rates from your mobile carrier may apply.

Data Retention

• Employee records are retained for the duration of the Client’s use of PunchAlert
• SMS delivery logs are retained for 90 days by default, configurable by the Client
• Upon termination of a Client’s deployment, all associated data is deleted within 30 days
• Opt-out records (STOP requests) are retained indefinitely to honor employee preferences

Data Security

605 Media LLC implements the following security measures to protect employee data:

• All data is stored in encrypted databases
• Administrator access requires authenticated login with bcrypt-hashed passwords
• All data in transit is encrypted via TLS/HTTPS
• Twilio API credentials are stored as environment variables, never in source code
• Access to production systems is restricted to authorized 605 Media LLC personnel

No method of transmission or storage is 100% secure. We encourage Clients to implement appropriate access controls within their own deployments.

Data Sharing and Disclosure

605 Media LLC does not sell, rent, or share employee personal information with third parties except as follows:

• Twilio, Inc. — SMS delivery sub-processor
• Cloud infrastructure providers — for hosted deployments only
• Law enforcement or regulators — when required by applicable law
• Successor entities — in the event of a merger, acquisition, or sale of assets

Employee Rights

Employees whose information is processed through PunchAlert have the following rights, subject to applicable law:

• Right to know what personal information is held about them
• Right to opt out of SMS communications at any time by replying STOP
• Right to request correction of inaccurate information
• Right to request deletion of their information

To exercise these rights, employees should contact their employer administrator. For hosted deployments, Clients may contact 605 Media LLC at travis@605media.net.

Children's Privacy

PunchAlert is designed for use by adult employees and is not directed at individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor’s information has been submitted to PunchAlert, please contact us immediately at travis@605media.net.

Changes to This Policy

605 Media LLC may update this Privacy Policy from time to time. We will notify Clients of material changes by posting the updated policy at punchalert.605media.net/privacy.html and updating the Effective Date above. Continued use of PunchAlert after changes are posted constitutes acceptance of the updated policy.

Contact Information

For questions, concerns, or requests related to this Privacy Policy, please contact: