Keycafe

Keycafe Privacy Policy

Last updated December 12, 2024.

We in the Keycafe Group of companies ("we", "us", "our", etc) respect Your privacy and want You ("you", "your", "yourself", etc) to understand how we collect, use, and share data about you. This privacy policy ("Privacy Policy") covers our data collection practices and describes your rights to access, correct, or restrict our use of your personal data. We are committed to compliance with various regional privacy regulations, including the General Data Privacy Regulation (GDPR), the Personal Information Protection and Electronic Documents Act (PIPEDA) for Canada, the California Consumer Privacy Act (CCPA), and other applicable privacy laws. Capitalized terms have the meanings set out in the Keycafe Terms of Service available at https://www.keycafe.com/keycafe-tos (the "Keycafe Terms"), unless otherwise defined in this Privacy Policy.

Our Privacy Policy explains:

Information We Collect About You

We collect information about you to provide you with the Service. The type of information we collect can vary depending on what you provide and how you use the Service.

Information You Provide

We collect information when you register an account or use the Service.

  • Identification Information. Your name, email address, mobile number, and authentication credentials.
  • Billing Information. If you subscribe or make a purchase, information such as payment card numbers, billing address, or bank account information.
  • Configuration Information. If you use the Service, information such as keys, locations, key cabinets, other access hardware types, etc. and configuration information such as related names, metadata, addresses, and settings which we store and utilize to operate the Service to your specification.
  • Transaction Information. When you use our Service we collect information about accesses you create or participate in including the contact details of users, guests and settings related to the accesses, when and where the accesses occur, the transacting parties, the devices and methods used to complete the transactions, related billing charges, and other related data.
  • Other Information You Provide. Information that you voluntarily provide to us, including but not limited to sales and customer service interactions (including voice, chat and email recordings and records), information related to your business, communication and privacy preferences, survey responses, feedback responses, suggestions for improvements, referrals, or any other data provided by you when using the Service.

Information We Collect From Your Use of Our Service

We collect information about you and the devices you use to access the Service, such as your computer, mobile phone, or tablet. The information that we collect includes:

  • Device Information. Information about your device, including your hardware model, operating system and version, device name, unique device identifier, mobile network information, and information about the device’s interaction with our Service.
  • Use Information. Information about how you use our Service, including your access time, "log-in" and "log-out" information, browser type and language, country and language setting on your device, Internet Protocol ("IP") address, the domain name of your Internet service provider, other attributes about your browser, mobile device and operating system, any specific page you visit on our platform, content you view, features you use, the date and time of your visit to or use of the Service, the website you visited before you visited or used the Service, data about how you interact with our Service, other clickstream data, and information concerning transactions you conduct and any information you provide at SmartBoxes.

Information We Collect From Other Sources

We also collect information about you from third parties that specialize in enriching Customer data and combine this data with information we already have about you so that we can enrich the app with Customer photos, update, expand and analyze the accuracy of our records, identify potential customers, and communicate products and services that may be of interest to you.

How We Use Your Information

We may use information about you for reasons of contractual necessity, legitimate interest, compliance with legal obligations, or your explicit consent for a number of purposes, including:

Providing, Improving, and Developing our Service

  • Processing, supporting, recording and displaying key accesses and other transactions, products and features you choose to use.
  • Providing, maintaining and optimizing our Service for your use.
  • Personalizing and facilitating your use of our Service, such as optimizing the website to your language, currency, country, etc.
  • Measuring, tracking, and analyzing trends in your usage and performance of the Service.
  • Developing new products and features.

Communicating with You About our Service

  • Resolving any support inquiries you make to the Service.
  • Proactive account management outreach.
  • Sending you necessary information such as security, technical, account, support and administrative notices and reminders (such as login codes, billing alerts, referral outcomes, location closure notices, key related notices, account reminders, etc).
  • Sending you information we think you may find useful such as product and service updates.
  • Conducting surveys and collecting feedback about our Service.

Protecting our Services and Maintaining a Trusted Environment

  • Investigating, detecting, or preventing misrepresentations, security breaches, incidents, or other potentially prohibited activities, or to otherwise help protect your account.
  • Protecting Customers' rights or property or the security or integrity of our Service.
  • Enforcing the Keycafe Terms or other applicable agreements or policies.
  • Verifying your identity.
  • Complying with any applicable laws or regulations, or in response to lawful requests for information from the government or through legal process.
  • Contacting you to resolve disputes, collect fees, and provide assistance with our Service.

Advertising and Marketing

  • Marketing of our products and services, including communicating with you about opportunities, contests, promotions, discounts, incentives, and rewards offered by us and select partners.

How We Share Your Information

We may share information about you as follows:

With Other Users of the Service with Whom You Interact

  • With other Customers of the Service with whom you interact through your use of the Service. Some examples are, we may display your photo, personal information, and activity to other Customers with whom you interact to enrich their experience, and display your contact information to resolve issues related to the service.

With Third Parties

  • With third-party data processors and services to provide, maintain, and improve our Service, including service providers who access or receive information about you to perform services on our behalf including cloud hosting providers, billing providers, email and SMS services, shipping providers, customer relationship services, marketing platforms, analytics services, and others.
  • Information technology platforms used by our team to interact with you or interact that may as a result store data related to you or your account. For example, calendaring, meeting, personal email, chat, and other platforms. These tools are used in limited contexts to support customer and internal communications and do not play a role in systematically processing customer data. As such, these tools are not listed as sub processors and may in some cases continue to retain customer information in unstructured formats disconnected from central processing.
  • With third parties that run advertising campaigns, special offers, or other events or activities on our behalf or in connection with our Services.
  • We also may share with third parties aggregated and anonymized information that does not specifically identify you or any individual Customer of our Service.
  • On our Trust Center (https://trust.keycafe.com) you can find information on what each sub processor of Keycafe does, including their role and function in our operations, details on our data retention policy, our security policies, and our security posture. Please note that Keycafe uses IoT and network infrastructure providers (such as Cloudflare and Hologram) to securely transit your data across the web and in some cases we provide your information to platforms that provide a service after which we immediately delete the data. We do not include providers in our list of sub processors if they do not have persistent access to your data.

Business Transfers and Corporate Changes

  • To a subsequent owner, co-owner, or operator of our Service; or
  • In connection with (including, without limitation, during the negotiation or due diligence process of) a corporate merger, consolidation, or restructuring; the sale of substantially all of our stock and/or assets; financing, acquisition, divestiture, or dissolution of all or a portion of our business; or other corporate change.

Safety and Compliance with Law

  • If we believe that disclosure is reasonably necessary (i) to comply with any applicable law, regulation, legal process or governmental request (e.g., from tax authorities, law enforcement agencies, etc.); (ii) to enforce or comply with our Keycafe Terms or other applicable agreements or policies; (iii) to protect our Customers’ rights or property, or the security or integrity of our Services; or (iv) to protect us, Customers or the public from harm, fraud, or potentially prohibited activities.

With Your Consent

  • For example, at your direction or as described at the time you agree to share or when you authorize a third party application or website to access your information.

How We Secure, Store, and Retain Your Information

How and Where Your Data is Secured and Stored

We follow generally accepted standards to store and protect the data we collect, both during transmission and once received and stored, including utilization of encryption where appropriate. We utilize Drata for continuous monitoring and compliance verification of our security policies and practices. You can learn more about our security measures, certifications, and compliance efforts by visiting our Trust Center at https://trust.keycafe.com.

We are headquartered in Vancouver, Canada and do not process your data on premises. We rely upon best in class third-party cloud service providers to process and store your information on our behalf. Our primary data storage and processing activities are domiciled in the EU, though some providers process, store or transit some of your information in the United States, Canada, and other countries. We have verified these providers have GDPR and other privacy compliance programs in place and have entered into data processing agreements with our service providers that restrict and regulate their processing of your data on our behalf. By visiting or using our Services, you consent to to the transfer, storage, and processing by us and our processors which may result in your data being processed outside of the European Economic Area ("EEA").

Keycafe primarily operates as a data controller for personal data collected directly from our customers and users and not in a data processor role. However, if you are using Keycafe to manage significant end user data and activity and believe Keycafe is acting as a data processor on your behalf, we make a Data Processing Agreement (DPA) available on our Trust Center for you to review and execute if applicable.

Our Basis for Storing and Retaining Data

We retain personally identifiable information only for as long as necessary to provide you with the Service, letting you know about our Service's evolving product capabilities, and other legitimate legal or business purposes.

  • mandated by law, contract or similar obligations applicable to our business operations
  • for preserving, resolving, defending or enforcing our legal/contractual rights
  • needed to maintain adequate and accurate business and financial records

Our Retention Policy

Keycafe has a number of automated rules to automatically permanently delete internal emails, dialogues, and data files after a certain period of time, helping ensure that unstructured data that may relate to you is continuously removed from our system. Regarding your personally identifiable data and the databases used to enable your account, our policy is as follows:

We will continue to store your personally identifiable information:

If you are registered user in a primary role of owning keys or SmartBoxes, (i) until 30 days after your account has been inactive for 1 year, or (ii) until 30 days after you have canceled your account or sent a formal request to privacy@keycafe.com to remove your information.

If you are a guest user engaged in transacting keys at the invitation of a primary role account, (i) until the related primary role account's information is removed, or (ii) until 30 days after a formal request is sent by you to privacy@keycafe.com to remove your information.

Please note some of the limitations relating to removal of your data: (i) before Keycafe removes your information after the expiry of a retention period above, we may notify you and/or require a confirmation from you, (ii) the removal of your personally identifiable information does not mean that all of your data will be removed (which we may maintain for statistical purposes and system integrity), but only that it can no longer be identified in our database as yours, (iii) some of your data may continue to appear in the transaction histories of Customers you interacted with as you both "own" that data, (iv) it is possible that Customers you interacted with or third parties you authorized with access to your account may have retrieved and stored data related to you; such activity is irretrievable and beyond our control, and you should contact those parties if you wish for them to no longer store your data, and (v) some of our third-party service providers may have separate legal obligations to retain your data (such as billing providers).

Cookies and Other Similar Technologies

We use Cookie Yes to manage cookie compliance, providing you with the ability to accept or reject cookies and change your cookie settings at any time. Cookies help us remember your preferences, provide a consistent user experience, and gather usage data to improve our Service. We also may collect information using web beacons. Web beacons are electronic images that may be used in our Service or emails. We use web beacons to deliver cookies, track the number of visits to our website and apps, understand usage and campaign effectiveness, and determine whether an email has been opened and acted upon.

This Privacy Policy does not apply to, and we are not responsible for, third-party cookies, web beacons, or other tracking technologies, which are covered by such third parties' privacy policies. For more information, we encourage you to check the privacy policies of these third parties to learn about their privacy practices.

You can manage your cookie settings by clicking the cookie consent link available on our website. You also can learn more about cookies by visiting http://www.allaboutcookies.org, which includes additional useful information on cookies and how to block cookies on different types of browsers and mobile devices.

Please note that certain cookies are necessary for the proper functioning of our Service, and disabling these cookies may impact your experience.

Your Choices

Communications Settings

We make you aware at the time you register that by providing your information and registering you are agreeing to receive communications that relate to your security and account, product and service updates, and feedback requests, and that you may change your settings after registering your account. We do not automatically opt you into Keycafe communications regarding marketing and offers, but we hope you will opt in and let us be in touch!

You can opt out of receiving certain communications by the communications settings area of our applications and/or clicking opt out links you receive. If we send you an automated communication by email that is non-mandatory, it will contain an unsubscribe link permitting you to "opt out" of receiving future communications. This option will opt you out of that communication type.

Cancelling Your Account

If you wish to deactivate your account, you can do so by logging into your Keycafe account and using the "Cancel Account" option in your account settings area.

Seeing Your Data

You have the right to see your data. If you wish to see the data we store about you, or request a copy of your data in a structured, machine-readable format (data portability), email privacy@keycafe.com and we will respond within 30 days. You also have the right to request corrections to any inaccurate or incomplete personal data held by us, ensuring that your information is accurate and up to date. Please note that Keycafe is still a small business with limited engineering resources. We may ask you to discontinue using the Service if you make a burdensome number of requests.

Changes to this Privacy Notice

We may amend this Privacy Policy from time to time by posting a revised version and updating the "Last Updated" date above. Unless we notify you otherwise, any revised version will be effective 30 days after the Last Updated date. We will provide you with reasonable notice of material changes to the Privacy Policy, including by email if you have provided an email address. If you disagree with these changes, you may cancel your account at any time. Your continued use of our Service constitutes your consent to any amendment of this Privacy Policy.

Contact

Our Data Protection Officer (DPO) can be reached for privacy-related questions or concerns. Please contact our DPO or privacy department with any requests, questions or concerns regarding this Privacy Policy at:

privacy@keycafe.com
Keycafe Inc., 404 - 329 Railway Street, Vancouver, BC V6A 1A4, Canada

You also have the right to lodge a complaint with a supervisory authority of applicable privacy laws. If you have an inquiry, or complaint regarding our data processing practices, please include details of your concern, and we will investigate and respond to you within 30 days. We may request additional details from you regarding your concerns and may need to engage or consult with other parties in order to investigate and address your issue. We may keep records of your request and any resolution.

關