VisitorsLounge ("we", "us") provides visitor management software to organizations ("tenants"). This Privacy Policy explains what personal data we process, why we process it, and the rights available to individuals. We align with the Nigeria Data Protection Regulation (NDPR) and the EU General Data Protection Regulation (GDPR).
1. Roles
- Tenants are the data controllers for visitor and employee records they collect using the Service.
- VisitorsLounge acts as the data processor for tenant Customer Data, and as a controller for account and billing data of tenant administrators.
2. Data we collect
- Account data: name, email, phone, organization, role.
- Visitor data: name, email, phone, company, host, photo, check-in/out times, badge QR token, NDA acceptance.
- Operational data: audit logs, IP address (for kiosk rate limiting), device/browser info, error logs.
- Billing data: plan, currency, payment references (we do not store full card numbers).
3. How we use data
- To provide the Service: registration, check-in, badging, host notifications, reporting.
- To secure the Service: abuse prevention, rate limiting, audit logs.
- To bill and support tenants: invoicing, account communication.
- To improve the Service: aggregate, de-identified analytics.
4. Legal bases
We process personal data on the basis of contract performance, legitimate interests (security, service improvement), legal obligation, and where applicable, consent (e.g. visitor photo capture and NDA acceptance).
5. Sharing and subprocessors
We share data only with infrastructure and integration providers necessary to operate the Service, including cloud hosting and email/payment partners. Subprocessors are bound by confidentiality and data protection obligations.
6. International transfers
Data may be processed outside your country. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses.
7. Retention
Visitor records are retained per the retention period configured by each tenant. Expired visitor photos and records are purged automatically. Account and billing records are retained as required by law.
8. Security
- Row-level security isolates each tenant's data.
- Encrypted transport (HTTPS) and encryption at rest.
- Role-based access controls and audit logging for check-in / check-out.
- Strict separation of admin, receptionist, employee, and visitor permissions.
9. Your rights
Subject to applicable law, individuals may request access, correction, deletion, restriction, portability, or objection to processing. Visitors should first contact the tenant hosting their visit; if needed, contact us and we will route the request.
10. Cookies
We use only essential cookies and storage required to keep you signed in and to operate the kiosk and dashboard. We do not use cross-site advertising cookies.
11. Children
The Service is not directed to children under 16.
12. Changes
We may update this Privacy Policy. Material changes will be communicated by email or in-app notice.
13. Contact
Privacy enquiries: privacy@visitorslounge.app.