Privacy Policy

Last updated: March 9, 2026

1. Introduction

This Privacy Policy describes how the Reunion West POA gate access management system ("Service") collects, uses, stores, and protects your personal information. This policy applies to all users of the Service, including guards, administrators, and guests requesting access.

2. Data Controller

The data controller for the personal data processed by this Service is the community or property management organization operating this installation (Reunion West Property Owners Association, Inc.). For questions about data processing, contact the property management at admin@reunionwestpoa.com.

3. Personal Data We Collect

3.1 Guest Access Data

  • Guest name — provided when requesting access
  • Contact information — phone number or email for verification
  • Home address — for visitor identification
  • Access codes — temporary numeric codes for gate entry
  • Timestamps — when access was requested and when the gate was opened

3.2 User Account Data

  • Name and email — for account identification and login
  • Password — stored as a one-way cryptographic hash (never in plaintext)
  • Role — admin, guard, or viewer permissions
  • Login timestamps — when you last signed in

3.3 Activity Logs

  • Gate open events — which gate, when, and who authorized it
  • Login attempts — successful and failed, with IP addresses for failed attempts
  • Configuration changes — what was changed and by whom

3.4 Device and Camera Data

  • License plate numbers — captured by license plate recognition cameras (if configured)
  • QR code scans — captured by kiosk scanners (if configured)
  • Intercom call events — call status from Axis intercoms (if configured)

4. How We Use Your Data

  • Gate access control — verifying and granting authorized entry
  • Security monitoring — logging access events for safety and audit
  • Email notifications — sending access codes, alerts, and daily reports
  • Account management — authentication, password resets, invitations
  • System administration — monitoring health, troubleshooting, and maintenance

5. Legal Basis for Processing

  • Legitimate interest — property security and access management
  • Consent — guests provide information voluntarily to request access
  • Contractual obligation — user accounts are necessary for staff to perform their duties

6. Data Storage and Security

  • Data is stored locally on the property's network device (encrypted at rest via the operating system)
  • Data may be synced to a cloud database (Azure Cosmos DB) for backup and multi-gate coordination
  • All web traffic is encrypted via HTTPS (TLS) when SSL is enabled
  • Passwords are hashed using bcrypt with a cost factor of 10
  • API keys use timing-safe comparison to prevent timing attacks
  • Session cookies use secure, httpOnly flags with 7-day rolling expiry

7. Data Retention

  • Guest access sessions — expire within minutes; deleted automatically after expiry
  • Activity logs — retained for 30 days, then automatically purged
  • User accounts — retained until manually deleted by an administrator
  • Failed login IP tracking — automatically cleared after 30 minutes

8. Data Sharing

We do not sell personal data. Data may be shared with:

  • Property management — access logs and daily reports
  • Email service provider — SendGrid, for sending notifications (email addresses and message content only)
  • Cloud database — Azure Cosmos DB, for data synchronization (if configured)
  • Law enforcement — when required by law, court order, or to protect safety

9. Your Rights

Depending on your jurisdiction, you may have the following rights:

Under GDPR (EU/EEA residents):

  • Right of access — request a copy of your personal data
  • Right to rectification — correct inaccurate personal data
  • Right to erasure — request deletion of your personal data
  • Right to restrict processing — limit how your data is used
  • Right to data portability — receive your data in a machine-readable format
  • Right to object — object to processing based on legitimate interest

Under CCPA (California residents):

  • Right to know — what personal information is collected and how it is used
  • Right to delete — request deletion of personal information
  • Right to opt-out — opt out of the sale of personal information (we do not sell data)
  • Right to non-discrimination — equal service regardless of exercising privacy rights

To exercise any of these rights, use the Data Privacy tools in the Configuration page (admin access required), or contact the property management at admin@reunionwestpoa.com.

10. Children's Privacy

The Service is not directed at children under 13 (or under 16 in the EU). We do not knowingly collect personal data from children. If you believe a child has provided data through the Service, contact the property management for removal.

11. Changes to This Policy

We may update this Privacy Policy periodically. Changes will be posted on this page with an updated revision date. Continued use of the Service after changes constitutes acceptance.

12. Contact

For privacy-related inquiries or data requests, contact your property management at admin@reunionwestpoa.com.