Summary
Today we're launching Staff Profile Photos and a new Settings tab in the staff portal. Staff can now upload a profile photo — from their camera or gallery — and it appears everywhere they're represented in NestedClock: admin staff cards, the kiosk login screen, and the staff sidebar drawer. Combined with a new Settings page for notification preferences, this release makes the platform feel more personal and gives staff more control over their experience.
What the feature does
Profile photos put a face to a name. Once uploaded, a staff member's photo appears in three key places:
- Admin staff cards — when admins browse the team in Manage → Members, each card shows the staff member's photo alongside their name, role, and status.
- Kiosk login screen — on shared tablets running kiosk mode, staff see their photo next to their name when selecting who they are. This speeds up identification and reduces wrong-PIN errors.
- Staff sidebar drawer — in the staff portal (web or app), the navigation drawer displays the staff member's photo at the top, reinforcing that they're in their own space.
If a staff member hasn't uploaded a photo, a clean initial-based avatar is shown instead — so the interface always looks polished.
Security model: private by design
Staff photos are sensitive data, and we treat them accordingly. Here's how the security model works:
- Private S3 bucket — photos are stored in a non-public S3 bucket. There is no public URL for any photo. The bucket policy explicitly denies public access.
- Presigned URLs — when a photo needs to be displayed, the backend generates a short-lived presigned URL (valid for 15 minutes). This URL is unique per request and expires automatically.
- No public access — even if someone obtained an old URL, it would be expired and useless. Photos cannot be hotlinked or indexed by search engines.
- Tenant-isolated — each tenant's photos are stored under a tenant-specific prefix in S3. Lambda functions verify the tenant ID on every request, so one business can never access another's photos.
This architecture means staff can upload photos with confidence — their images are as protected as their timesheet data.
The new Settings tab
Alongside profile photos, we've added a Settings section to the staff portal. Right now it houses notification preferences — staff can choose which push notifications they receive:
- Shift reminders (before a rostered shift starts)
- Clock-out reminders (if you forget to clock out)
- Roster published notifications
- Leave and swap request updates
- Payslip available alerts
Each toggle is independent, so staff can keep the ones they find useful and mute the rest. Preferences sync across the web and mobile app instantly.
How to upload your profile photo
The process is simple and takes under 30 seconds:
- Open Settings — in the staff portal, tap the menu (☰) and select Settings.
- Tap Upload Photo — you'll see your current avatar (or a blank placeholder) with an Upload button beneath it.
- Choose source — select Camera to take a new photo, or Gallery to pick an existing image from your device.
- Crop to square — the built-in cropper lets you frame your face in a square aspect ratio. Drag and pinch to adjust.
- Confirm — tap Done. The photo uploads, is processed, and appears across the platform within seconds.
To change your photo later, repeat the same steps — the new image replaces the old one. To remove it entirely, tap the Remove option in Settings and you'll revert to the default avatar.
Benefits
Why does this matter? Three reasons:
- Recognition — admins managing larger teams can instantly identify staff at a glance. No more confusing "J. Smith" with "J. Smyth" on a busy Monday morning.
- Professionalism — a system with real photos feels more polished and trustworthy. It signals to staff that the business values them as individuals, not just clock-in numbers.
- Personalisation — staff feel ownership over their profile. A small thing, but it increases engagement with the platform and encourages regular use of the self-service portal.
Technical notes
For the technically curious:
- Auto-resize — uploaded photos are automatically resized to 512×512 pixels and converted to JPEG format. This keeps file sizes small (typically 30–80 KB after processing) and ensures consistent display across all screen sizes.
- Max upload size — the original file can be up to 5 MB. Anything larger is rejected with a friendly error message prompting the user to choose a smaller image or take a new photo.
- Format support — JPEG, PNG, HEIC (iPhone), and WebP are all accepted. The system converts everything to JPEG for consistency.
- Processing — resizing happens server-side in the Lambda function, so it works identically regardless of the device used to upload.
Profile photos and the Settings tab are available now on all paid plans (Starter, Professional, and Business). Log in to upload your photo, or start your 14-day free trial to try it out.