Back to home

Privacy Policy

Last updated: 24 May 2026

This Privacy Policy describes how LOGIC INSTITUTE FOR TRAINING W.L.L (“Logic Institute”, “we”, “us”) collects, uses, and protects information about you when you use the Logic Institute mobile app or web portal (the “Service”).

We've tried to write this in plain language because legalese helps no one. If a section is unclear, please email us — contact details are at the bottom.

Who we are

Logic Institute is a training institute licensed in the Kingdom of Bahrain (CR registered). We operate logichrd.com and the back-office portal at app.logichrd.com. Our office is at Building 954, Road 3620, Block 436 Al Seef, Manama, Bahrain.

What we collect

Information you give us directly

  • CPR (Bahraini national ID) — required for identity verification on login. Bahrain labour law obliges us to keep this on file for any employment or training relationship.
  • Name, email, mobile number — to communicate with you about your attendance, leave requests, training sessions, and certificate issuance.
  • Role and employment details — your job title, department, and the institution you're employed by or learning at.
  • Password — stored securely using industry-standard one-way cryptographic methods. We cannot read your password.

Information collected automatically by the app

  • GPS location — captured only at the moment you tap Check In or Check Out, to verify you're at the workplace. The app never tracks your location in the background and never asks for “Always” location access — only “While Using the App.”
  • Push notification token — provided by Apple Push Notification Service (iOS) or Firebase Cloud Messaging (Android) so we can send class reminders and leave decision notifications. The token is a per-device identifier; it doesn't contain personal data.
  • App version, OS, device platform — sent on every API request so we can block clients running an outdated version and target bug fixes.

What we never collect

  • Biometric data. Face ID and fingerprint authentication run entirely on your device through your device's operating system. Our app only receives a confirmation that authentication succeeded or failed; we do not receive or store your biometric data.
  • Contacts, photos, microphone, and advertising identifiers. The app does not currently request or use these permissions or identifiers.
  • Background location. The app only requests “While Using the App” location access. It never tracks your location in the background, and we don't request the “Always” permission.

How we use your information

  • Authentication and account security — verifying your identity at login and maintaining your authenticated session.
  • Attendance verification — comparing your check-in location with the workplace geofence. Outside-geofence check-ins go to your HR for manual review, not automatic rejection.
  • Communication — sending push notifications for upcoming classes and leave-request decisions; sending email/SMS for password resets and account verification.
  • Service operation — generating attendance reports, calculating leave balances, issuing certificates, supporting your manager's and HR's daily workflow.
  • Legal and regulatory compliance — Bahrain Ministry of Labour reporting for employment records; Tamkeen reporting when you're enrolled in a Tamkeen-funded programme; BQA quality assurance audits.

Who we share your data with

We share your data only when one of these conditions applies:

  • Your employing or sponsoring institution. If you're an employee or learner of a specific institution, that institution's authorised HR and admin users can see your attendance, leave, and training records — but only for users within their own organisation.
  • Regulators in the Kingdom of Bahrain. Including the Ministry of Labour, Tamkeen, and the Education & Training Quality Authority (BQA), where law or contract requires it.
  • Service providers we engage to operate the Service. These include providers of cloud infrastructure, file storage, email delivery, error monitoring, and push-notification routing. Each is bound by a data processing agreement and is authorised to use your data only to deliver the service we've contracted them for. A current list of our subprocessors is available on request.

We never sell your data to third parties. We don't serve ads inside the app and we don't share data with ad networks.

Where your data is hosted

Personal data we process for the Service is primarily hosted on reputable cloud infrastructure in the European Economic Area (EEA). If any transfer outside the EEA becomes necessary, we will apply appropriate legal and security safeguards.

We maintain encrypted backups for business continuity and disaster recovery, retained in line with our internal data-retention policy and applicable legal requirements.

How long we keep your data

  • Active accounts — for as long as your relationship with your sponsoring institution is ongoing.
  • Deleted accounts — your name, email, and mobile number are anonymised promptly after deletion, within a reasonable operational timeframe. Your account record is replaced with an anonymous placeholder so that institutional records linked to it remain intact.
  • CPR (Bahraini national ID) after deletion — retained for the minimum period required by applicable Bahraini labour law (currently a minimum of five years from the end of your employment). Access is restricted to authorised administrators and logged.
  • Institutional records (attendance logs, leave decisions, enrolments, certificates) — retained for the period required by applicable regulations and the agreement with your sponsoring institution. Personal identifiers on those records are anonymised once your account is deleted.
  • Uploaded documents (CPR copies, ID photos, CVs, certificates) — kept alongside your account while the account is active. Deletion of personal documents on account deletion is governed by our retention policy and regulatory requirements.

Your rights

Under applicable Bahraini data protection law, you have the right to:

  • Access the data we hold about you (email us; we'll respond within 30 days).
  • Correct inaccurate data (most fields are editable in your account profile; otherwise email us).
  • Delete your account — in-app, from Settings → Account → Delete Account. The deletion request takes effect immediately, subject to the retention requirements described below.
  • Export a copy of your personal data in machine-readable form (email us to request).
  • Object to specific processing activities, where the law allows.

Account deletion

You can delete your account inside the app at Settings → Account → Delete Account. To confirm, you're asked to re-enter your password and type a short confirmation phrase — both checks are deliberate so an accidental tap can't end the account.

When you delete your account, the following happens promptly:

  • You're signed out of every device.
  • You stop receiving push notifications from the Service.
  • Your password and contact details are removed or rendered unusable.
  • Your account role memberships are cleared.
  • Your name, email, and mobile number are replaced with anonymous placeholders so the account can no longer be used to identify you.

For the legal reasons described above, we retain the following after deletion:

  • Your CPR (for the minimum period required by Bahraini labour law).
  • Your employee / learner code (institutional records).
  • Attendance records, leave requests, enrolments, certificates.

We log each account deletion (timestamp, method, platform) as an audit trail. You can request confirmation of your deletion at any time.

Children

The Service is not directed at children under 16. If you're a parent or guardian and believe your child has provided us with personal data, please contact us and we'll delete it promptly.

Security

We protect your data with industry-standard security measures. Connections between the app or web portal and our servers are encrypted in transit. Sensitive data (including passwords) is stored using one-way cryptographic methods so it cannot be read back. Authenticated sessions expire after a fixed period and can be revoked at any time.

Biometric quick sign-in (Face ID / fingerprint), where you choose to enable it, runs entirely within your device's operating system; your biometric credentials never leave the device and we never see them.

No system is perfectly secure. We continuously review our practices and we'll notify affected users if a security incident materially impacts them, in line with applicable law.

Changes to this policy

If we materially change how we collect or use your data, we'll notify you in the app (push notification + an in-app banner on next launch) at least 14 days before the change takes effect. The latest version is always at logichrd.com/privacy with the “Last updated” date at the top.

Questions?

If anything on this page is unclear, please reach out — we read everything that comes in.

info@logichrd.com
Privacy Policy | Logic Institute