Hospitality / HRWeb app · time tracking20263 weeks

Auresta RCP

Time & attendance system with offline-first kiosk, automatic payroll and full GDPR compliance.

IndustryHospitality / HR

Project typeWeb app · time tracking

Year2026

Duration3 weeks

01—Objectives

Project objectives

No more paper

Time tracking in one system, with no paper attendance sheets and no copying into Excel.

Identity verification

Automatic payroll

Regular hours, 50 and 100 percent overtime and night work calculated on their own, with Polish holidays and the Europe/Warsaw timezone.

Offline operation

The PWA kiosk queues punches on weak WiFi and syncs them once the network is back.

GDPR compliance

Data retention, right to erasure, employee data export and access auditing from day one.

Open API

A public REST API v1 with tokens and webhooks for payroll and HR integrations.

02—Client

About the client

Auresta RCP is a time and attendance project for the same hotel. It covers reception, kitchen, SPA and housekeeping staff, who often work in shifts.

Auresta RCP: terminal kioskowy z logowaniem kodem QR lub PIN, zegarem i statusem online

Auresta RCP: zdalne odbicie czasu pracy PIN-em pracownika

Auresta RCP: wymuszona akceptacja wersjonowanej klauzuli informacyjnej RODO przy pierwszym logowaniu

Auresta RCP: panel HR z podsumowaniem godzin regularnych, nadgodzin 50 i 100 procent oraz nocnych

Auresta RCP: logowanie administratora i pracownika z dostępem tylko z sieci wewnętrznej

03—Process

Process

1
Auditing the records
We traced how the hotel counts work time, where errors appear and which rules come from the Labour Code.
2
Kiosk and login
We built a PWA terminal with a dynamic, single-use QR code and a PIN with an escalating attempt limit up to a 24 hour lockout.
3
Offline mode
We added a Service Worker and IndexedDB with idempotent sync so punches survive a dropped connection.
4
Payroll engine
We coded overtime, night hours and 16 absence types compliant with the Labour Code.
5
Evidence workflow
We created an 8-step monthly flow, from opening through manager and HR review to the employee signature and dispute handling.
6
Security and GDPR
We enabled multi-tenant isolation via Postgres RLS, data export, automatic retention with anonymization and encrypted backups.

04—Challenge

Challenges

Tamper-proof login was the key problem. A static code could be photographed and used for an absent colleague, so the QR token is single-use and short-lived. The second challenge was offline work. The terminal has to accept a punch with no internet and avoid duplicating it after sync, so every operation carries an idempotency key written atomically to the database (INSERT ... ON CONFLICT DO NOTHING).

Stack

Technologies

Node.js

Express

PostgreSQL

Web Push

Docker

Benefits

Success factors

database tables

paper attendance sheets

offline

kiosk works with no network

auto

payroll + overtime + night hours

05—Outcome

Business outcome

The hotel completely eliminated paper-based attendance tracking. Employees clock in on a tablet at the reception — even when the internet goes down, the system queues punches offline and syncs when connectivity returns. Overtime, night hours and contract norms are calculated automatically. The manager reviews evidence in a workflow, employees accept the month or file a dispute — all with a full audit log. The system passed a GDPR audit successfully.