Our Core Privacy Commitments
The four things that matter most. Full details in the policy below.
We Don't Sell Data
Your data and visitor data are never sold to third parties. Period.
End-to-End Encryption
TLS 1.2+ in transit and AES-256 at rest. All data secured by default.
You Control Your Data
Export, correct, or delete your data anytime. GDPR rights fully supported.
Minimal Data Only
We collect only what's needed to run the service. No excessive tracking.
Quick Navigation
Data request or question?
Contact Privacy Team →This Privacy Policy applies to Vizitor, a product of AIVizitor Labs Private Limited. It governs data collected through vizitorapp.com, our mobile apps, and kiosk software. By using our services, you agree to this policy.
Data We Collect
We collect only the data necessary to deliver our visitor management services. The categories are:
Account and Contact Information
Name, company, work email, phone number, billing address, and hashed password — required to create and manage your account.
Visitor and Guest Data
Data visitors submit at check-in (name, phone, photo, host, check-in/out time, custom fields). You are the data controller for this data; Vizitor acts as processor.
Usage and Technical Data
Browser type, IP address, device identifiers, pages visited, and session data — used to improve the product and fix issues.
Payment Information
Card details are processed by PCI-DSS compliant payment partners. Vizitor does not store full card numbers.
How We Use Your Data
- Service Delivery: Operate kiosks, send host notifications, generate badges, maintain check-in logs.
- Account Management: Authenticate users, process subscriptions, handle support requests.
- Product Improvement: Analyze aggregated, anonymized usage patterns. Individual data is never sold.
- Legal Compliance: Comply with laws, respond to lawful requests, and enforce our Terms of Service.
- Marketing (with consent): Product updates and workplace tips. Unsubscribe anytime.
Data Sharing and Third Parties
We do not sell your data. We share data only with trusted service providers under strict data processing agreements:
- Cloud Infrastructure: Secure hosting providers for data storage and processing.
- Communication Tools: SMS, WhatsApp, and email providers for visitor notifications.
- Payment Processors: PCI-DSS compliant billing providers.
- Analytics: Aggregated and anonymized product usage analytics.
We may disclose data if required by law. We will notify you to the extent permitted by law.
Data Retention
We retain account data as long as your account is active. Visitor data retention is configurable on Business and Enterprise plans. Upon account closure, we delete or anonymize personal data within 90 days. Request early deletion by emailing hello@vizitor.co.
Your Privacy Rights
Under GDPR, India's DPDP Act 2023, and CCPA, you have the following rights:
Right of Access
Request a copy of personal data we hold about you.
Right to Rectification
Correct inaccurate data from your dashboard at any time.
Right to Erasure
Request deletion within 30 days (except legal retention obligations).
Data Portability
Export visitor logs and account data as CSV/JSON from your dashboard.
Right to Withdraw Consent
Opt out of marketing or withdraw consent for any processing where consent was the legal basis. Unsubscribe anytime.
To exercise any right, email hello@vizitor.co.
International Data Transfers
Vizitor operates globally. EU/EEA/UK transfers use Standard Contractual Clauses (SCCs). For Indian users, we comply with the DPDP Act 2023. Enterprise customers can request our Data Processing Agreement (DPA) at hello@vizitor.co.
Location Data
Our attendance feature may use location to verify office presence (geo-fencing). Location is: collected only when you use the feature (not in the background), used only for attendance verification, and controlled by you through your device's location settings.
Children's Privacy
Vizitor is for business use and is not directed at children under 13 (or 16 in the EU). If you believe a child provided us data, contact hello@vizitor.co and we will delete it promptly.
Security Measures
For more detail, visit our Security and Compliance page.
Changes to This Policy
When we make material changes, we notify account holders by email and display an in-app notice at least 14 days before changes take effect. The "Last Updated" date at the top reflects the most recent revision.