Privacy Policy

Effective Date: March 13, 2026

1. Introduction

SenLobby (“we,” “us,” or “our”) operates the SenLobby visitor management platform at senlobby.ai (the “Service”). This Privacy Policy explains how we collect, use, disclose, and protect information when you use our Service, and describes your rights regarding your data.

By accessing or using SenLobby, you agree to the terms of this Privacy Policy. If you do not agree, please do not use the Service.

2. Who We Are

SenLobby provides digital visitor sign-in and management software to preschools, childcare centers, and educational organizations (“Organizations”). We act as a data processor on behalf of Organizations, who are the data controllers for visitor information collected through our kiosk system.

Contact us at: hello@senlobby.ai

3. Information We Collect

3a. Information Provided by Organizations (Administrators)

  • Account registration data: name, work email address, organization name, phone number
  • Organization configuration: school name, location name, student roster (first name, last name, classroom)
  • Team member data: names and email addresses of invited staff
  • Billing and plan information

3b. Visitor Sign-In Data (Collected at the Kiosk)

When individuals sign in through the kiosk, the following is recorded:

  • Visitor first and last name
  • Visitor type (e.g., parent, guardian, therapist, delivery)
  • Name of the student or staff member they are visiting
  • Purpose of visit (optional, if collected by the Organization)
  • Date and time of sign-in and sign-out

Important: Visitor sign-in data is collected and controlled by the Organization operating the kiosk, not by SenLobby directly. SenLobby stores and processes this data solely on the Organization’s behalf.

3c. Automatically Collected Technical Data

  • Browser type and version, operating system
  • IP address (used for rate limiting and security; not stored long-term)
  • Session tokens and authentication cookies (required for secure login)
  • Approximate usage data (pages visited, feature usage) for product improvement

4. How We Use Your Information

  • Providing the Service: Operating the kiosk, dashboard, visitor logs, reports, and emergency lists
  • Account management: Authentication, team invitations, role-based access control
  • Communications: Sending account setup emails, password resets, service announcements
  • Security: Detecting and preventing unauthorized access, fraud, and abuse
  • Compliance: Generating visitor records for licensing inspections and regulatory requirements
  • Product improvement: Analyzing anonymized usage patterns to improve the Service

We do not sell your data or visitor data to third parties. We do not use visitor sign-in data for advertising.

5. Children’s Privacy (COPPA Compliance)

SenLobby is aware that its customers (childcare centers and preschools) serve children under 13. Our Service collects student roster information (first name, last name, classroom) solely to facilitate visitor sign-in workflows. This information is:

  • Provided by and controlled by the Organization (school or center), not collected directly from children
  • Used only to identify the child a visitor is signing in to see
  • Never used for profiling, advertising, or any purpose beyond the visitor management workflow
  • Protected by the same encryption and access controls as all other data

Organizations using SenLobby are responsible for obtaining any necessary parental consents required by the Children’s Online Privacy Protection Act (COPPA) and applicable state laws before entering student information into the Service.

6. FERPA Compliance

To the extent Organizations using SenLobby are subject to the Family Educational Rights and Privacy Act (FERPA), SenLobby acts as a “school official” with a legitimate educational interest in the data it processes on behalf of the Organization. SenLobby:

  • Uses student data only for the purpose of providing the visitor management Service
  • Does not re-disclose student education records to unauthorized parties
  • Maintains reasonable security standards to protect education records
  • Deletes student data upon Organization request or account termination

7. Data Storage and Security

  • Encryption at rest: All data is encrypted at rest using AES-256
  • Encryption in transit: All connections use TLS 1.2 or higher
  • Row-level security: Database-level policies ensure each Organization can only access its own data — no cross-tenant data leakage is possible
  • Access controls: Role-based permissions (Admin, Front Desk, Kiosk Device) limit what each user can see and do
  • Infrastructure: Data is hosted on Supabase (PostgreSQL) with servers in the United States
  • Authentication: Passwords are never stored in plain text. All authentication is managed through Supabase Auth with bcrypt hashing

8. Data Retention

  • Active accounts: Data is retained for as long as the Organization account is active
  • After cancellation: All Organization data (visitor logs, student roster, team members) is retained for 30 days after account cancellation, then permanently deleted
  • Export before deletion: Organizations can export all visitor logs as CSV at any time before the 30-day window closes
  • Marketing leads: Contact information submitted through the “Get Started” form is retained until you request deletion

9. Sharing of Information

We do not sell personal information. We may share data only in these limited circumstances:

  • Service providers: Supabase (database hosting), Vercel (hosting/CDN). These providers are contractually bound to process data only as directed by us
  • Legal requirements: If required by law, court order, or government authority
  • Business transfers: In the event of a merger or acquisition, data may transfer to the acquiring entity under the same privacy protections
  • With your consent: Any other sharing requires your explicit consent

10. Your Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your personal data
  • Export: Export your visitor logs as CSV from the Reports section
  • Opt-out: Unsubscribe from marketing communications at any time

To exercise these rights, contact us at hello@senlobby.ai. We will respond within 30 days.

11. Cookies

SenLobby uses strictly necessary cookies for authentication and session management. We do not use advertising or tracking cookies. Session cookies are automatically deleted when you close your browser. Persistent authentication tokens expire according to your Supabase session settings.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify account holders of material changes via email or in-app notice at least 14 days before the change takes effect. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

13. Contact

Questions about this Privacy Policy or your data? Contact us:

SenLobby

Email: hello@senlobby.ai

Website: www.senlobby.ai

HomeTerms of ServiceContact