Privacy notice for AccessLynk visitor access management.

It applies to organization owners, administrators, security officers, hosts, residents, staff, visitors, prospects, and people who contact us. It is intended to support transparency under the Nigeria Data Protection Act, 2023 (NDP Act) and other applicable privacy and security requirements.

Customer-managed visitor records

For visitor, resident, staff, gate, destination, approval, and history records entered by a customer organization, the customer normally acts as the data controller and AccessLynk acts as a service provider or processor.

Website, booking, support, and account operations

For website inquiries, consultation bookings, onboarding communications, service administration, billing discussions, security monitoring, and direct support, AccessLynk acts as the controller for the information we collect.

No sale of personal data

We do not sell visitor records, resident data, staff data, gate logs, or customer operational data.

• Account data such as name, email address, phone number, job title, role, organization, department, privacy alias, login status, and invite status.
• Organization data such as customer name, sector, address, city, state, country, timezone, plan, gates, destinations, and operating settings.
• Visitor data such as visitor name, phone number, optional email, company, purpose of visit, vehicle number, visit code, QR payload, expected visit time, arrival time, approval status, check-in time, checkout time, and related notes.
• Host, resident, staff, and destination data used to route visitor approvals without exposing unnecessary private names at the gate.
• Security and audit data such as role actions, entity changes, timestamps, IP address where available, user agent, alert status, export events, invite events, password reset events, and operational history.
• Device and notification data such as browser push subscription endpoint, user agent, notification permission state, service worker status, and alert delivery status when a user enables push alerts.
• Website, booking, and support data such as messages, consultation schedule details, email correspondence, and basic technical data needed to operate the website.

• To provide visitor pre-registration, walk-in capture, host approval, gate check-in, checkout, visitor pass, and visitor history services.
• To authenticate users, manage roles, send secure invites, support password resets, and prevent unauthorized account access.
• To separate customer organizations and keep each organization's users, visitors, gates, destinations, alerts, and records scoped to that organization.
• To notify hosts, residents, staff, administrators, or security teams about visitor requests and operational alerts.
• To provide audit trails, reporting, exports, security monitoring, abuse prevention, rate limiting, and incident investigation.
• To support onboarding, product consultation, customer support, service improvement, and lawful business administration.
• To comply with legal obligations, enforce our terms, respond to lawful requests, and protect the rights, safety, and security of customers, visitors, and the public.

We process personal data only where there is a lawful basis, such as contract performance, consent where required, legal obligation, vital interest, public interest where applicable, or legitimate interest that does not override the rights of the data subject.

We align our handling of personal data with the NDP Act principles of lawful, fair, transparent, purpose-limited, adequate, relevant, accurate, storage-limited, secure, and accountable processing.

• With the customer organization that created or controls the relevant visitor, user, gate, destination, or audit record.
• With authorized users inside that organization according to their role, such as administrator, security officer, host, or manager viewer.
• With service providers that help us host the application, store data, send transactional email, deliver notifications, schedule consultations, protect the service, or operate infrastructure.
• With regulators, courts, law enforcement, or other authorities when required by law or necessary to protect safety, rights, or security.
• With professional advisers where needed for legal, compliance, accounting, security, or business continuity purposes.

Subject to the NDP Act and applicable exemptions, data subjects may have rights to be informed, access personal data, request correction, request erasure, object to processing, restrict processing, request portability, avoid solely automated decisions where applicable, and complain to the appropriate supervisory authority.

If your data was entered by an estate, school, office, or institution using AccessLynk, we may direct your request to that customer organization because it normally controls the operational record. We will still support the customer in responding to valid requests.

We use technical and organizational measures including role-based access controls, tenant scoping, password hashing, hashed invite and reset tokens, signed sessions, rate limits, audit logs, HTTPS, and security headers. See our Security page for more detail.

We keep personal data only for as long as needed for the purposes described in this notice, the customer agreement, security and audit requirements, legal obligations, dispute handling, and legitimate operational needs. See our Data Retention page for the current retention approach.

Some service providers may process data outside Nigeria. Where that happens, we aim to use reputable providers, limit the data shared, apply access controls, and rely on appropriate contractual and technical safeguards.

For privacy requests, customer compliance questions, or security concerns, contact our data protection contact at lnykbridgetechnologies@gmail.com.