The compliance pack, downloadable.
The full compliance pack — how we handle consent, data requests, retention, deletion, and the partners who help run the service.
Visitor records, household directories, access logs and incident records are personal data. Secure Labs Systems treats them that way — from the gate keypad to the board report.
Visitor records are captured for the lawful purpose of property access & safety — declared at the keypad, recorded against the visit, and retained on a 90-day default for visitor PII, configurable per property to match the declared lawful purpose. Purpose is never inferred. It is named.
Production data is processed in secure, access-controlled cloud infrastructure — encrypted in transit and at rest. Any movement of data outside that environment (for support, backup, or analytics) is deliberate, recorded, and never silent. Storage, email, and SMS delivery are handled by established, vetted providers, each documented in our compliance pack.
Every override, export, photo capture and personal-data access is keyed to a person, a reason, and an hour. The log is append-only and exportable as structured JSON. The Office of the Data Protection Commissioner can read it without intermediation.
Residents, visitors and staff can ask to see the data held about them, right from the platform. Each request is logged, routed to the right person, answered within the 30 days the law allows, and closed with a receipt. Deletion requests are recorded and honoured — never quietly ignored.
The full compliance pack — how we handle consent, data requests, retention, deletion, and the partners who help run the service.