Privacy Policy
Last updated: July 6, 2026
1. Overview
This Privacy Policy explains how [ARRIVSURE LEGAL ENTITY NAME, e.g., ArrivSure, Inc.] (“ArrivSure,” “we,” “us”) collects, uses, and shares personal information in connection with our visitor management platform. It covers:
- the ArrivSure web application and admin dashboards;
- check-in kiosks (including our iPad kiosk app) at customer facilities;
- the ArrivSure Visitor mobile app for visitors;
- the ArrivSure companion mobile app for facility staff; and
- our websites and related services (together, the “Service”).
2. Who Controls Your Information: Facilities vs. ArrivSure
ArrivSure provides software to organizations such as healthcare and senior-care facilities, offices, and other locations (“Facilities”).
- Visitor records belong to the Facility you visit. When you check in at a Facility — at a kiosk, at a reception desk, or through the ArrivSure Visitor app — the information you provide becomes part of that Facility’s visitor records. The Facility is the data controller (or “business” under U.S. state privacy laws) for those records and decides what is collected, how it is used, and how long it is kept. ArrivSure processes that information as the Facility’s service provider, on its behalf and under its instructions.
- ArrivSure is the controller for the information we need to run the platform itself: customer account and billing information, ArrivSure Visitor app account information (such as the phone number you sign in with), support communications, and technical logs.
For requests about your visitor records at a specific Facility (access, correction, deletion), the Facility is usually the right place to start — see Section 12. We support Facilities in honoring those requests.
3. Information We Collect
3.1 Information from our customers (Facility staff and administrators)
- Account details: name, work email, role, phone number, password (stored hashed).
- Billing details: company name, subscription selections, and payment method handled by Stripe — we do not store full card numbers.
- Content staff create in the Service, such as messages, notes, notifications, and settings.
3.2 Visitor information collected on behalf of Facilities
Depending on how a Facility configures the Service, a visitor check-in may include:
- identity and contact details: name, phone number, email, company/organization;
- visit details: purpose of visit, person or resident being visited, check-in and check-out times, badge information;
- a badge photo, if the Facility uses photo badges;
- signatures and responses on documents the Facility asks visitors to sign (e.g., NDAs, policies);
- health-screening responses, if the Facility uses screening questionnaires;
- survey feedback after a visit, if the Facility uses surveys.
3.3 ArrivSure Visitor app
If you use the ArrivSure Visitor mobile app, we also collect:
- Phone number — the app signs you in with your phone number using a one-time code sent by SMS. We use your number to authenticate you, link you to your visitor profile at Facilities you visit, and send you the verification code. We do not use it for marketing.
- Badge photo — you may take or upload a photo used for your visitor badge and profile at Facilities you visit.
- Location at check-in — see Section 4. Location is used only at the moment of check-in, only to verify you are at the Facility.
- Push notification token — if you enable notifications, your device token is used to deliver notifications through Apple’s push service.
- Photos you choose to share (“moments”) — see Section 8.
- Messages you exchange with Facility staff through the app — see Section 9.
3.4 Information collected automatically
- Log and device data: IP address, device type, operating system, app version, timestamps, and actions taken in the Service (used for security, troubleshooting, and audit trails).
- Essential cookies and similar technologies needed to keep you signed in and secure the Service. We do not use third-party advertising cookies.
4. Location Information (ArrivSure Visitor App)
The ArrivSure Visitor app uses your device’s precise location in a deliberately limited way:
- Only at check-in. Location is requested only when you check in to a Facility. The app does not track your location in the background and does not access location at any other time.
- Only to verify presence. Your location is compared against the Facility’s geofence solely to confirm you are physically at the Facility when you check in.
- Not stored as movement history. We do not build or retain a history of your movements. The result of the check (that your check-in was location-verified) is recorded with the visit; a trail of your coordinates is not.
- Optional. Location permission is controlled by you in your device settings and can be revoked at any time. If you decline, you can still check in at the Facility’s kiosk or front desk.
5. How We Use Information
- To provide the Service: check-ins and check-outs, badges, visitor logs, screening, documents, surveys, messaging, and notifications.
- To authenticate users (including SMS one-time codes) and secure accounts and devices.
- To operate, maintain, and improve the Service, including troubleshooting, support, and analytics on service usage.
- To bill customers and manage subscriptions.
- To communicate service information, such as receipts, security alerts, and support responses.
- To comply with law and enforce our Terms of Service.
We do not sell personal information, and we do not use visitor information for third-party advertising or share it with data brokers.
6. How We Share Information
- With the Facilities you visit. Your check-in information, badge photo, screening responses, messages, and shared photos are visible to the Facility that collected them — that is the purpose of the Service.
- With service providers (subprocessors) who help us run the platform, under contracts that limit their use of the information:
| Provider | Purpose |
|---|---|
| Stripe, Inc. | Payment processing for customer subscriptions |
| Twilio Inc. | SMS delivery (sign-in codes, alerts, notifications) |
| Apple Inc. | Push notification delivery to iOS devices (APNs) |
| [HOSTING PROVIDER, e.g., Amazon Web Services] | Cloud infrastructure and data hosting |
| [EMAIL DELIVERY PROVIDER, if any] | Transactional email delivery |
- For legal reasons, if required by law, subpoena, or legal process, or to protect the rights, safety, or property of ArrivSure, our customers, or others. Where the request concerns Facility-controlled visitor records, we will refer the requester to the Facility or notify the Facility unless legally prohibited.
- In a corporate transaction such as a merger, acquisition, or asset sale, in which case this Policy will continue to apply to previously collected information.
7. Push Notifications
With your permission, the ArrivSure Visitor app sends push notifications, for example about your visits or messages from a Facility. You can turn notifications off at any time in your device settings; the app will keep working without them.
8. Shared Photos (“Moments”)
The ArrivSure Visitor app may let you share photos from your visits with the Facility. Photos you share are submitted to the Facility, which moderates them and controls whether and where they are shown within that Facility’s community features. Only share photos you have the right to share, and be mindful of other people who appear in them. You can ask the Facility or privacy@arrivsure.com to remove a photo you shared, and deleting your account removes your shared photos (Section 12).
9. Visitor–Facility Messaging
Messages you send through the Service are exchanged with the Facility, not with ArrivSure. Authorized Facility staff can read and respond to them, and they are retained as part of the Facility’s records under the Facility’s retention settings. Do not use messaging for emergencies.
10. Health-Screening Information
Some Facilities — particularly healthcare and senior-care locations — ask screening questions at check-in (for example, about symptoms or recent exposure). Your responses are collected on behalf of, and are visible to, the Facility that asked them; ArrivSure stores and processes them only as the Facility’s service provider. We treat this information as sensitive: it is protected in transit and at rest, is not used for any purpose other than providing the Service to that Facility, and is never sold or used for advertising.
11. Data Retention
- Facility visitor records (check-ins, photos, screening responses, documents, messages) are retained according to each Facility’s configuration and legal obligations, for as long as the Facility subscribes to the Service. When a Facility’s subscription ends, its data is deleted or de-identified after an export window, subject to legal holds and rolling backup cycles.
- ArrivSure Visitor app account data is retained while your account is active and deleted when you delete your account (Section 12).
- Customer account and billing records are retained as needed for legal, accounting, and audit purposes.
12. Your Choices, Rights, and Account Deletion
12.1 Deleting your ArrivSure Visitor account (in the app)
You can delete your ArrivSure Visitor account at any time directly in the app: Settings → Delete Account. Deleting your account removes your app profile, your badge photo, the link between your phone number and your visitor profile, your push token, and photos you shared through the app. Visit records held by Facilities you visited (for example, the log that you checked in on a given date) are the Facility’s records and are retained or deleted under the Facility’s policies and legal obligations.
12.2 Requests about Facility visitor records
To access, correct, or delete your visitor records at a specific Facility, contact that Facility. If you contact us instead at privacy@arrivsure.com, we will refer your request to the Facility and assist them in responding.
12.3 U.S. state privacy rights
Depending on where you live, you may have rights under state privacy laws (such as the California Consumer Privacy Act) to know, access, correct, or delete personal information, and to be free from discrimination for exercising those rights. We do not sell or “share” (for cross-context behavioral advertising) personal information. For information we control, exercise these rights at privacy@arrivsure.com; we will verify your request and respond as the law requires. For Facility-controlled records, we act on the Facility’s instructions as its service provider. [COUNSEL: CONFIRM STATE-LAW APPLICABILITY AND ANY REQUIRED DISCLOSURES]
12.4 Communications choices
- SMS: sign-in codes and visit-related texts are transactional; reply STOP where supported or contact the Facility to stop visit-related texts.
- Push notifications: disable in device settings (Section 7).
- Location: revoke in device settings (Section 4).
13. Security
We use administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit (TLS), encryption at rest for sensitive data, role-based access controls that scope each user to their own company and facility, audit logging, and hashed password storage. No system is perfectly secure; if we learn of a breach affecting your personal information, we will notify affected customers and individuals as required by law.
14. Children’s Privacy
The Service and the ArrivSure Visitor app are not directed to children under 13, and we do not knowingly collect personal information from children under 13. Facilities are responsible for how they handle minors who visit their locations (for example, child guests accompanied by adults). If you believe a child under 13 has provided us personal information directly, contact privacy@arrivsure.com and we will delete it.
15. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the Service, the app, or email before the changes take effect. The “Last updated” date at the top shows the current version.
16. Contact Us
Privacy questions or requests:
privacy@arrivsure.com
General support: support@arrivsure.com
[ARRIVSURE LEGAL ENTITY NAME],
[POSTAL ADDRESS]