Secogate ApproVault LogMeGo!
  • Sign In

Privacy Policy

Last updated 2026-07-02

Legal
On this page
Introduction 1. Our Collection of Information 2. Our Use of Information 3. Cookies & Tracking Technologies 4. Role-Based Access Disclosures 5. Multi-Tiered Compliance Obligations 6. Automated Decision-Making 7. Anonymising Information 8. How Long We Keep Information 9. Disclosure of Information 10. Security & Multi-Tenant Isolation 11. International Data Transfers 12. Your Rights 13. Breach Notification 14. Children's Information 15. Changes to This Policy 16. Contact Us

Introduction

Secogate ("we", "our", or "us") provides membership-based access management, workforce onboarding, and digital check-in solutions (collectively, our "Services"). This Privacy Policy explains how we collect, use, and protect personal information when you interact with our platforms.

Secogate is available to organisations and individuals worldwide. This policy is written to apply broadly across jurisdictions; where a specific regional law grants additional rights, we honour those rights for individuals located in that region as described in Section 12.

This policy does not apply when we process personal information on behalf of our corporate clients or channel partners as a Data Processor. In those scenarios, our clients or partners control the data, and their respective corporate privacy policies apply.

1. Our Collection of Information

Information You Provide Voluntarily

  • Account & Identity Data: Name, corporate or personal email, phone number, job title, company name, and encrypted credentials when registering as an administrator, partner, group manager, or user.
  • Customer Support: Information provided when you contact us for technical help, system configuration, or inquiries.

Membership, Onboarding & Access Data (Provided by System Administrators)

To facilitate membership onboarding and system access workflows, authorised administrators or partners submit personal details regarding data subjects — including employees, contractors, and organisation members. This data includes full names, corporate contact details, department/team assignments, membership types, structural access permissions, and encrypted passkey data.

Information Collected Automatically

  • Technical Logs: IP addresses, browser types, operating systems, and device identifiers.
  • Usage Data: Timestamps, pages viewed within our dashboard, audit trail logs (including "Modified By" and "Title" markers), and system interaction metrics to optimise performance.

2. Our Use of Information

We use your data strictly to maintain, secure, and operate our services:

  • Service Delivery: Managing multi-tenant accounts, routing access requests to the correct authorised reviewers, validating secure back-channel API authentication, and maintaining system uptime.
  • System Protection: Troubleshooting logs, monitoring database performance, preventing unauthorised cross-tenant access, and defending against security threats.
  • Audit Compliance: Tracking historical permission changes, access requests, approvals, and denials to ensure transparent, compliant access reviews.

3. Cookies & Tracking Technologies

Secogate uses cookies and similar technologies (such as local storage) to operate the platform securely and reliably. We categorise these as follows:

  • Strictly Necessary Cookies: Required to keep you signed in, maintain your session across pages, and protect against cross-site request forgery. The platform cannot function without these.
  • Preference Cookies: Remember settings such as your selected organisation, dashboard layout, or display preferences.
  • Analytics Cookies: Help us understand aggregate usage patterns (e.g., which dashboard features are used most) so we can improve performance and reliability. Where used, this data is aggregated and not used to build advertising profiles.

We do not use cookies for third-party advertising or behavioural ad targeting. Most browsers allow you to control or disable cookies through their settings; please note that disabling strictly necessary cookies will prevent you from logging in or using core features of the Service.

4. Multi-Tiered Governance & Role-Based Access Disclosures

Secogate is a multi-tenant, membership-based application that operates using defined administrative, management, and partnership tiers. By using the platform, clients acknowledge that personal information (of employees, contractors, and members) is visible to different users based on assigned roles:

  • Partners & Resellers: Have administrative access only to the specific corporate accounts assigned to them. Within those assigned companies, they can view all personal information and manage all access requests.
  • Account Owners, HR, and Admins: Have global visibility across their entire company instance. They can view all personal information and manage access requests for all employees, contractors, and members within their organisation.
  • Group Managers: Have visibility restricted to their specific team or group. A Group Manager can view personal information and manage access requests only for individuals belonging to their designated group or team.
  • System Admins: Have administrative oversight over specific downstream systems or applications. They receive and take action on access requests for the systems under their direct management and have access to the personal information required to review and fulfil those requests.

5. Multi-Tiered Compliance Obligations (Your Privacy Shield)

A. Partner and Reseller Obligations

If you are a Secogate Partner or Reseller:

  • Cross-Tenant Responsibility: You are explicitly responsible for ensuring you have the appropriate legal agreements or mandates to view and manage data across different downstream corporate accounts.
  • Access Misuse: Secogate disclaims liability for data exposure arising from mismanaged partner-level administrative privileges or unauthorised visibility assignments.

B. Account Owner, HR, and Company Administrator Obligations

If you are an Account Owner, HR Professional, or Admin:

  • Lawful Basis for Onboarding: You assume sole legal responsibility for ensuring you possess a valid lawful basis (e.g., employment contract, service agreement, or explicit consent) to upload, onboard, and process your personnel's personal information within Secogate.
  • RBAC Alignment: You are solely responsible for accurately configuring and maintaining user roles (Group Managers, System Admins, HR) within your organisation. You must ensure that internal access to personal information strictly aligns with your internal data privacy policies and the principle of least privilege.
  • Rights Requests: You are responsible for receiving, evaluating, and honouring any data-deletion or access rights requests submitted by your employees, contractors, or members.

6. Automated Decision-Making

Secogate uses automated logic to execute security workflows defined by administrators (such as matching encrypted passkeys, processing visitor check-in/out timestamps, or validating time-restricted access windows). These automated actions are carried out solely to fulfil the operational parameters set by our clients.

7. Anonymising Information

We reserve the right to anonymise and aggregate technical metadata so that it can no longer be traced back to an identifiable individual. Anonymised data is utilised for industry benchmarking, infrastructure scaling, and security analytics.

8. How Long We Keep Information

We retain Account & Identity Data that we control directly (such as administrator login credentials and billing contact details) for as long as your account remains active, and for a reasonable period afterward to comply with legal, statutory, or accounting obligations.

Processor Retention: Data managed on behalf of corporate clients or partners (onboarding records, access histories, group logs) is retained, archived, or purged strictly according to the controlling client's subscription agreement and instruction.

Cancellation & Grace Period: When an Account Owner submits a cancellation request, all company data is retained in full for a 30-day grace period following approval of the cancellation. During this period the account remains accessible and the Account Owner may reactivate the subscription at any time to cancel the deletion. After the 30-day grace period expires, all company data — including user accounts, access records, check-in history, organisational settings, and associated personal data — is permanently and irreversibly deleted from Secogate servers and cannot be recovered. Consent records (records of Terms and Privacy Policy acceptance) are retained after deletion as required for legal compliance.

9. Disclosure of Information

We do not sell, rent, or trade personal data. We only share data with trusted entities under strict confidentiality constraints:

  • Infrastructure Service Providers: Essential third-party vendors providing technical infrastructure, such as secure cloud database hosting or encrypted communication routing.
  • Legal Compliance: When compelled by law, subpoena, or government authority to protect the physical safety, property, or systemic security of our platform and users.

10. Security & Multi-Tenant Isolation

We implement comprehensive technical and organisational measures to safeguard data:

  • Data Isolation: Our platform uses rigorous multi-tenant data isolation to guarantee that unauthorised users, client companies, or unassigned partners cannot view or intercept data from another instance.
  • Cryptographic Protocols: All sensitive credentials, authorisation mechanisms, and back-channel communications utilise industry-standard encryption protocols during transit and at rest.

11. International Data Transfers

Because Secogate is used by organisations around the world, your information may be processed and stored on servers located in a different country than your own. Where required by applicable law, we rely on appropriate safeguards (such as standard contractual clauses or equivalent mechanisms) to protect personal information transferred across borders.

12. Your Rights

Depending on your location, individuals (employees, contractors, members, managers, or admins) may have the right to access, correct, update, or request the deletion of their personal data.

If your inquiry concerns data controlled directly by Secogate, contact us via the channel in Section 16. If your request relates to onboarding, group membership, or access records managed by an employer, an organisation you belong to, or a managing reseller, please direct your request directly to that organisation, as they control that data.

13. Breach Notification

In the event of a security incident affecting personal information under our direct control, we will take prompt action to investigate and remediate the issue and will notify affected clients without undue delay, consistent with our contractual and applicable legal obligations.

14. Children's Information

Our Services are strictly business-to-business (B2B) utility platforms intended for use by adults acting in a professional or organisational capacity. We do not knowingly collect or process personal information from individuals under the age of 18. If we become aware that we have inadvertently collected such information, we will take steps to delete it.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will post the updated policy on this page with a revised "Last Updated" date. We encourage you to review this page periodically.

16. Contact Us

For privacy inquiries, security compliance questions, or to assert your data rights, reach our data compliance office at:

Email: privacy@secogate.com




Secogate

Smart check-in, digital badges, and access request management — built for every organisation type.

Follow on LinkedIn
Product
Features ApproVault LogMeGo! Who It's For Pricing
Company
About Us Contact Support Become a Reseller
Legal
Privacy Policy Terms of Use
© 2026 Secogate. All rights reserved.
Privacy Policy Terms of Use