Restaurant owner, no IT dept — I built my own compliant clock-in system

Spain has a law: you must record every employee's working hours. Every day, every clock-in and clock-out. There's also another law: collecting biometrics is illegal. No fingerprints, no facial recognition, nothing.

We run a chain of restaurants. Over a hundred employees. We were paying around four and a half thousand euros a year for a cloud-based time-tracking service. That's money that could've gone into paychecks.

I bought ten NFC stickers at a euro fifty each and a USB reader for thirty-nine. Wrote the software. Now we're launching a pilot in one restaurant. Here's what it looks like from the inside.

The problem: money and the law

When I added up what we were paying for time-tracking SaaS, it stung. Four and a half thousand euros a year. For that money: schedule building, email notifications, clock-in/clock-out. Plus you need a tablet in every restaurant. And if the schedule doesn't match — the system won't let you punch in.

Sounds reasonable until you ask: who actually uses the schedule? Our managers plan shifts in WhatsApp. The schedule in the system is a formality. We were paying four and a half thousand for a feature we used maybe a third of.

But you can't just cancel. Royal Decreto 8/2019 requires registro de jornada — mandatory work-hour recording. The labor inspectorate can walk in and ask for records going back four years. No records — fine.

First thought — fingerprints, like everyone else. But in 2023, AEPD, Spain's data protection authority, said: biometrics at work — no. No fingerprints, no face, no voice. Disproportionate invasion of privacy.

Two laws, one paradox. Track hours — but don't touch the person's body. So what can you do?

The idea: NFC with cryptography

There's a type of NFC sticker called NTAG 424 DNA. What makes them different from regular ones is real cryptography inside. AES-128. Every time a phone taps the sticker, the chip generates a unique code based on a secret key and an internal counter. The counter increments with every tap and never resets. Ever.

The concept is simple: stick it on the wall near the restaurant entrance. Employee arrives, taps their phone. The browser opens a link with an encrypted code. The server verifies the code, checks the counter against the previous value, records the clock-in. Leaving? Tap again. Clock-out.

Photographing the link and sending it to a friend won't work — the counter has already moved forward, the code is stale. Cloning the sticker is impossible — the key is baked into the chip and never leaves it. A small piece of plastic on a wall does what used to require a tablet running dedicated software.

One sticker costs a euro fifty. The programming reader — thirty-nine. For seven restaurants, you need seven stickers plus three spares. The whole kit — fifty-five euros. Once.

Habits are like seedlings. Watering them every day is boring. But then — tomatoes. Same thing here: writing software once is less exciting than paying a monthly subscription. But after a year, the difference is four and a half thousand euros.

What we came up with (and why)

A sticker with cryptography is the foundation. But a sticker alone isn't enough. If we're replacing a commercial system, we need to think about what can go wrong.

We decided to collect everything the browser is willing to share. The restaurant's WiFi network, device info, GPS, user-agent, IP address, NFC counter delta. Not because we're paranoid — because we want to spot anomalies. If someone clocks in from a desktop instead of a phone — that's weird. If the counter jumped by twenty instead of one — someone was testing the sticker at home. If the timezone doesn't match Spain — questions.

We don't block based on this data. Just log it and flag it. The idea is that an honest employee has nothing to worry about, and a dishonest one shows up in the pattern, not in a single event.

Passkeys are a separate story. WebAuthn — a thing that lets you authenticate with a fingerprint or Face ID on your phone, but the data never leaves the device. The biometrics stay on the employee's phone; the server only gets a cryptographic confirmation. No law broken — we're not collecting biometrics. The employee's phone decides on its own how to verify identity.

Reliability-wise, it's somewhere around 90–95% of a server-side fingerprint. A magnetic card can be handed to a friend in a second. A PIN — dictated over the phone. But handing someone your unlocked phone with your face registered on it — that's not an accident, that's collusion. For a restaurant where people work side by side and everyone knows each other, it's enough.

On paper, it's clean. In practice — a headache. Employee gets a new phone — passkey gone. You need a reissue process through the office. Someone loses their phone — the old key needs deactivation. All of this has to be designed, built, tested.

And the reports the law requires for inspections? We have the data — every clock-in and clock-out down to the second. Assembling a report in the right format is a couple days' work whenever we get around to it.

The pilot: what works and what doesn't

Right now we're in the pilot stage. One restaurant. The old system runs in parallel — nobody's at risk if something breaks.

The stickers arrived from Italy. We bought the reader, wrote the programming software — each sticker gets a unique key flashed onto it, tied to a specific restaurant. First restaurant is programmed.

Onboarding works. A person taps the sticker, a page opens, they register in the system. Passkeys work — currently in alpha testing. This is all live, running on a server right now.

The most honest thing I can say about the pilot: we think we thought of everything. Cryptography, metadata, anomalies, passkeys. But until employees start using this every single day — we don't know what we didn't think of. That's what the pilot is for.

What's next

One person wrote and built all of this. No IT department. The cryptography, the server side, onboarding, anomaly detection, passkeys. That's not bragging — it's a comment on how accessible the technologies are today that used to require a team.

If the pilot goes well — we scale to all 7 restaurants and cancel the subscription. €55 once instead of €4,500 every year. The difference can go into paychecks.

I don't know yet what'll come up in production. Maybe employees will find a way to game the system that I haven't thought of. Maybe passkeys will break on some 2019 Android phone. Maybe everything will just work. I'll write about it when I find out.