Legal

Privacy Policy

Last Updated: March 1, 2026

Kyber Systems LLC ("KyberAccess," "we," "us," or "our") operates the KyberAccess visitor management platform, including the web application at app.kyberaccess.com, the KyberAccess Kiosk iPad application, mobile applications, and the marketing website at kyberaccess.com (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Name, email address, phone number
  • Organization name and address
  • Billing information (processed securely via Stripe)
  • Role and permissions within your organization

1.2 Visitor Information

When visitors check in through the Service, we may collect:

  • Full name, email address, phone number
  • Photograph captured during check-in
  • Government-issued ID information (driver's license number, ID type, expiration date) obtained through ID scanning
  • Company or organization affiliation
  • Purpose of visit, host name, and destination
  • Vehicle information (if applicable)
  • Signature on agreements, NDAs, or health screenings
  • Check-in and check-out timestamps
  • Badge information and QR code identifiers

1.3 Background Check Information

If your organization enables background screening, visitor names and identifying information may be checked against publicly available sex offender registries and custom watchlists maintained by your organization. Results are stored as part of the visitor record.

1.4 Automatically Collected Information

  • Device type, operating system, browser type
  • IP address and approximate geolocation
  • Usage data (pages visited, features used, session duration)
  • Crash reports and performance data

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Process visitor check-ins, generate badges, and send notifications
  • Conduct background checks and watchlist screenings when enabled
  • Process payments and manage billing
  • Send transactional emails (visitor arrivals, account updates)
  • Improve, personalize, and expand the Service
  • Respond to support requests and communicate with you
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with legal obligations

3. Data Storage & Security

All data is stored on Google Cloud Platform (GCP) infrastructure using Firebase services. We implement industry-standard security measures including:

  • Encryption in transit — All data transmitted between your devices and our servers is encrypted using TLS 1.3
  • Encryption at rest — All stored data is encrypted using AES-256 encryption
  • Access controls — Role-based access controls limit data access to authorized personnel
  • Regular audits — We perform regular security audits and vulnerability assessments
  • SOC 2 readiness — Our infrastructure and processes are designed to meet SOC 2 Type II requirements

Visitor photographs and scanned ID images are stored in encrypted cloud storage. ID images are processed for data extraction and may be automatically deleted after a configurable retention period set by your organization's administrator.

4. Data Retention

We retain visitor data for as long as your organization's account is active, unless a shorter retention period is configured by your administrator. Organizations can configure automatic data purging (e.g., delete visitor records after 30, 90, or 365 days). Account data is retained for 30 days after account deletion, after which it is permanently removed.

Visitor photographs and ID scans may be subject to shorter retention periods as configured by your organization.

5. Third-Party Services

We use the following third-party services to operate the platform:

  • Google Firebase — Authentication, database (Firestore), cloud storage, hosting, and cloud functions
  • Google Cloud Platform — Infrastructure, computing, and data processing
  • Stripe — Payment processing. We do not store credit card numbers on our servers. Payment information is handled entirely by Stripe in accordance with PCI DSS standards.
  • Email delivery services — For transactional email notifications

We do not sell, rent, or trade your personal information to third parties for marketing purposes. We only share data with third parties as described in this policy or with your explicit consent.

6. COPPA Compliance (Children's Privacy)

The KyberAccess Service is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. In school environments, the Service is used by authorized school staff and adult visitors — not by students.

If student information is processed as part of student pickup or tardy management features, it is done so under the direction and authority of the educational institution, which acts as the data controller. We process such data solely as a data processor on behalf of the school.

If you believe we have inadvertently collected personal information from a child under 13, please contact us immediately so we can delete it.

7. FERPA Compliance

For educational institutions, KyberAccess operates as a "school official" under FERPA (Family Educational Rights and Privacy Act). We access student education records only as necessary to provide the Service under the direction of the educational institution. We do not use student data for any purpose other than providing the contracted Service. We do not disclose student information to third parties except as directed by the school or as required by law.

Educational institutions maintain full control over student data and may request deletion at any time.

8. HIPAA Compliance

For healthcare organizations and covered entities, KyberAccess is prepared to enter into a Business Associate Agreement (BAA) to ensure compliance with the Health Insurance Portability and Accountability Act (HIPAA). Under a BAA, we will:

  • Use and disclose protected health information (PHI) only as permitted by the BAA and HIPAA regulations
  • Implement appropriate safeguards to protect PHI
  • Report any security incidents or breaches as required
  • Ensure any subcontractors who access PHI agree to the same obligations

To request a BAA, please contact us at info@kybersystems.com.

9. GDPR Compliance (European Users)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

  • Legal basis for processing — We process personal data based on contractual necessity (to provide the Service), legitimate interests (to improve and secure the Service), and consent (where required)
  • Data transfers — Data may be transferred to and processed in the United States. We rely on Standard Contractual Clauses (SCCs) and other approved transfer mechanisms
  • Data Protection Officer — You may contact our data protection team at info@kybersystems.com

10. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access — Request a copy of the personal data we hold about you
  • Correction — Request correction of inaccurate or incomplete data
  • Deletion — Request deletion of your personal data
  • Portability — Request a machine-readable copy of your data
  • Restriction — Request that we limit processing of your data
  • Objection — Object to processing based on legitimate interests
  • Withdraw consent — Where processing is based on consent, you may withdraw it at any time

Organization administrators can export visitor data, delete records, and manage retention policies directly from the KyberAccess dashboard. For individual requests, please contact us using the information below.

11. Cookies & Tracking

Our website uses essential cookies for authentication and session management. We may use analytics cookies to understand how visitors use our website. You can control cookie preferences through your browser settings.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last Updated" date. For significant changes, we may also send an email notification to account holders.

13. Contact Us

If you have questions or concerns about this Privacy Policy, your data, or your rights, please contact us:

Kyber Systems LLC

Email: info@kybersystems.com

Phone: (646) 462-4132

Website: kyberaccess.com

KyberAccess Support

We typically reply within an hour

Hi there 👋

Have a question about KyberAccess? Drop us a message and we'll get back to you.