Times Square Church
Privacy Policy Last updated: 2026 This privacy policy explains what information Doorkeeper collects about visitors and authorized staff, how we use it, and the rights you have over it. 1. INFORMATION WE COLLECT When you check in at a kiosk we collect: - Your name and contact details (email and/or phone) - A visit photo if you choose to provide one (optional) - The date, time, and purpose of your visit - The name of the person you are visiting, if provided - The station you checked in at For authorized staff accounts we also collect: - The email address used to sign in - An encrypted record of your password (we never store the plaintext) - A record of when you signed in and from which IP address - Optional two-factor authentication enrollment data 2. HOW WE USE YOUR INFORMATION We use the information above to: - Verify your identity for security and building access - Notify the person you are visiting of your arrival - Maintain a record of premises occupancy for safety and emergency response - Produce a roll-call report if a building-evacuation event occurs - Detect and respond to security incidents We do not sell, rent, or trade personal information to third parties. 3. COOKIES AND SIMILAR TECHNOLOGIES Doorkeeper uses only cookies that are strictly necessary for the service to function. These include: - An authentication session cookie for signed-in staff (expires when your session ends) - A CSRF protection cookie to defend against cross-site request forgery - A kiosk station binding cookie that remembers which check-in station this device is paired with We do not use cookies for advertising, tracking, or analytics. We do not load third-party tracking scripts. 4. DATA RETENTION Visit records, photos, and audit logs are retained for up to 7 years and then permanently deleted, unless a legal hold has been placed on a specific record (e.g. for an insurance claim or law-enforcement request). Authorized-staff account records are retained for the duration of employment plus the retention window above. 5. YOUR RIGHTS You have the right to: - Request a copy of every piece of information we hold about you (subject access request — visit /account/data-export) - Request correction of any inaccurate information - Request deletion of your records, subject to legal-hold exceptions (right to be forgotten — contact your administrator) - Object to specific processing activities We respond to verified requests within 30 days. 6. WHO TO CONTACT For privacy questions, data access requests, or to report a concern, contact your organization's administrator. They are responsible for honoring requests and escalating them when necessary. 7. CHANGES TO THIS POLICY If we make material changes we will post the new policy here with an updated "Last updated" date.
This is the default template shipped with Doorkeeper. The operating organization may publish its own policy at any time, which will replace this text.