Kastle Systems’ Privacy Policy

Effective Date: June 5, 2026

 

This Privacy Policy describes how Kastle processes the Personal Data we collect when you download, install, access, or use the websites, mobile apps, and our other products and services that link to this Privacy Policy, and when you otherwise interact with us.

 

In this Privacy Policy, “Kastle” or “we” refers to Kastle Systems International, LLC and its subsidiaries and affiliates. Kastle is the controller of your Personal Data as described in this Privacy Policy, unless expressly specified otherwise.

 

Table of Contents

• Kastle as a Controller and Processor
• Personal Data We Process
• How We Use Your Personal Data
• How We Share Your Personal Data
• Our Cookie Policy
• Third Party Website and Services
• Security
• Retention of Personal Data
• Children’s Privacy
• Your Rights and Choices
• Region Specific Disclosures
• Note to International Users
• Changes to this Privacy Policy
• Contact Us

 

Kastle as a Controller and Processor

Kastle primarily offers our products and services to other businesses, such as when we help our business customers (i) provide access control, visitor management, and security surveillance of their buildings, (ii) offer a mobile platform or mobile keys, or (iii) otherwise secure and protect their environment, property, or personnel. In our role as their service provider, we may collect and process Personal Data on behalf of our customers. We sign contracts with our customers that govern how we process the Personal Data we collect on their behalf. In these business relationships, we are a “processor” of the Personal Data we collect through these offerings, and our business customers are the “controller.”

 

Kastle offers limited products and services directly to consumers. When we do this, we are the “controller” of the Personal Data we collect through those offerings.

 

While this Privacy Policy describes our general Personal Data processing activities, if you have questions about Personal Data that we process as a “processor,” please reach out to our customer (your employer and/or property manager) directly.

 

Personal Data We Process

“Personal Data” refers to any information that relates to you directly or indirectly. We process the following categories of Personal Data:

• Identifiers, such as your full name, email, contact information, IP address, and similar identifiers.
• Customer record information, including signatures, payment and invoicing information.
• Internet or other similar network activity, such as Personal Data collected about your interaction with our websites, apps, and other products and solutions.
• Commercial information, including records of personal property and products or services purchased.
• Professional or employment related information, such as your occupation, job title, and other business contact information.
• Geolocation information, such as real-time information about the location of your device through GPS, WiFi, IP address, Bluetooth services or wireless network triangulation and general geolocation information such as zip code, area code, and time zone.
• Sensory data, including audio and video feeds and access logs from Kastle security systems.
• Inferences drawn from any of the information above and used to create a profile about your preferences, characteristics, and behaviors.

 

Some of the information above may be considered sensitive personal information, such as your precise geolocation. Some of the products or services we offer to our customers may involve collecting biometric information. In those cases, Kastle does not generally store or process the biometric information. The handling of biometric information, including any notice or consent processes, is the responsibility of our customers.

 

We collect your Personal Data from:

• Direct interactions, such as when you create a user account in our mobile application, provide your contact information, register for an event, participate in surveys or questionnaires, or in any way engage with our personnel.
• Cookies and automated technologies, such as when you interact with our website, click on links on our emails, or access or use any of our online products and solutions.
• Our customers, when we offer our services to other businesses and need to, for example, enroll their workforce or tenants’ workforces, or service providers, or visitors, into our products or services.
• Other third parties, when the circumstances arise, such as when we sponsor a conference and receive the conference attendee list from the conference organizer.
• Through social media, such as if you link to social media platforms or use social media plug-ins, we may (depending on your user privacy settings on that social media platform) automatically receive information about you from that social media platform.

 

In addition to Personal Data, we may collect information that is not identifiable. For example, we may collect our app users’ browser types, device types, and operating system information and not connect it to other pieces of their data. If, however, we do link this information to other information that can be used to identify you, we will treat such information as Personal Data.

 

How We Use Your Personal Data

How we use your Personal Data depends on the reason we collected it, and whether we did so as a “controller” or a “processor.” Generally, we may use your Personal Data for the following purposes:

 

• Providing our services to you or our business customers. We process your Personal Data to deliver the services you or our business customers request, managing registrations and accounts, sending administrative and transactional communications, pursuant to our contracts and our legitimate business interest in operating and administering our websites, apps, products and other services. We may also aggregate Personal Data we collect to provide benchmarking information and similar surveys.
• Promoting the security of our services. We process your Personal Data to track use of our websites and services, create aggregated non-personal data, verify accounts and activity, investigate suspicious activity, and enforce our terms and policies. We do this to the extent necessary for our legitimate interest in promoting the safety and security of our services and operating systems and in protecting our rights and the rights of others.
• Handling contact and support requests. If you fill out a contact web form, request support, or otherwise contact us, we process your Personal Data pursuant our contract with you and to the extent it is necessary for our legitimate interest in fulfilling your requests and communicating with you.
• Managing event registrations and attendance. We process Personal Data to plan and host events or webinars you register for or attend, and send related communications, sometimes with your consent or pursuant to our contract with you.
• Managing questionnaires, surveys, and promotions. If you participate in a questionnaire or survey, we process your Personal Data pursuant to our legitimate interests in obtaining and reviewing your feedback. If we offer promotions related to these questionnaires, surveys, or otherwise, there may be additional rules that apply that contain supplemental information about how we will process your Personal Data.
• Managing payments. If you have provided financial information to us, we will process your Personal Data to verify and collect payments to the extent that doing so is necessary to complete the transaction and fulfil our contract with you. We use a third-party payment processor to process your payments. Kastle does not directly collect, store, or otherwise maintain your credit card or other financial information.
• Developing and improving our services. We process your Personal Data to analyze trends, track your usage of and interactions with our services, assess and improve the overall user and customer experience. This is sometimes done pursuant to your consent and to the extent necessary for our legitimate interest in developing and improving those services and providing our users with more relevant content and service offerings.
• Sending marketing communications. We will process your Personal Data to send you marketing information, product recommendations and other non-transactional communications (e.g., marketing newsletters, telemarketing calls, SMS, or push notifications) about us. This may include information about our products, promotions, or events as necessary for our legitimate interest in conducting direct marketing or to the extent you have provided your consent.
• Complying with law and other legal processes. We process your Personal Data when cooperating with public and government authorities, courts, or regulators in accordance with our legal obligations under applicable laws. We may also process Personal Data to protect our rights and as necessary for our legitimate interest in protecting against misuse or abuse of our services, protecting personal property or safety, pursuing remedies available to us, limiting our damages, complying with judicial proceedings, court orders, or legal processes, and responding to lawful requests.

 

Where we need to collect and process Personal Data by law or under a contract with you and you fail to provide the required Personal Data when requested, we may not be able to fulfil our contract with you.

 

How We Share Your Personal Data

We may share your Personal Data at your direction, as disclosed to you at the time of collection, or in the following circumstances:

 

• Service Providers. We may provide your Personal Data to our service providers that help us run and manage our organization and process Personal Data solely on our behalf. The categories of service providers include technology service providers, analytics service providers and marketing service providers.
• Professional Advisors. We may provide your Personal Data to our professional advisors such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us.
• Business Partners. We may provide your Personal Data to our business partners such as entities with whom we jointly offer services or co-sponsor events. These entities may collect data directly from you or via our Sites, Products, and Solutions.
• Customers. When we collect your Personal Data as a Processor, we will share your Personal Data with our customer pursuant to our contract with them.
• Advertising Partners. We may share your Personal Data with companies that help us display digital ads and track conversions.
• Corporate Transaction. In the event Kastle is involved in a merger, reorganization, acquisition or sale of all or a portion of its assets, or other corporate transaction, we may disclose your Personal Data as part of that transaction.
• As Required by Law. We may disclose your Personal Data if we determine that the disclosure is necessary: (i) to comply with any law applicable to us, a request from law enforcement, a regulatory agency, or other legal process; (ii) to protect the legitimate rights, privacy, property, interests or safety of Kastle, our business partners, personnel, or the general public; (iv) to pursue available remedies or limit damages; (v) to enforce our policies and procedures; or (vi) to respond to an emergency.

 

Please keep in mind that whenever you voluntarily make your Personal Data available for viewing by third parties or the public on or through our website, apps, and other products or services, that information can be seen, collected and used by others. We are not responsible for any use of such information by others.

 

Our Cookie Policy

We may use cookies, web beacons, and similar technology (together, “Data Collection Technology“) on our websites and apps. Data Collection Technology helps us configure our services so that they display properly on your device, identify traffic patterns on our website so that we may improve your experience, and remember your preferences the next time you log in. We also use Data Collection Technology for advertising purposes. Some of the digital ads we serve may be tailored to your interests and behaviors, including across other websites and services. To learn more about cookies and web beacons, visit www.allaboutcookies.org.

 

Data Analytics Disclosure. We use web-based analytics tools, including from Google Analytics and Heap Analytics, that track and report on ways the website is used to help us to improve it. Google Analytics and Heap Analytics do this by placing Data Collection Technology on your device. For more information about Google’s and Heap’s ability to use and share information collected about your visits to the Site, please see the Google Analytics Terms of Service, the Google Privacy Policy, and the Heap Privacy Policy.

 

Setting your Preferences: Some web browsers (including some mobile web browsers) and mobile devices provide settings that allow you to control or reject Data Collection Technology or alert you when they are placed on your device. Depending on where you live, you may also see a banner or preference center that gives you options and controls over the Data Collection Technology that we use when you visit our online services. If you reject certain Data Collection Technologies, some features of our online services may not function properly.

 

Do Not Track Signals: Some web browsers incorporate a “Do Not Track” (“DNT“) or similar feature that signals to websites that a user does not want to have his or her online activity and behavior tracked. We are committed to providing you with meaningful choices about the information collected on our website for third party purposes; however, we do not currently recognize or respond to browser-initiated DNT signals.

 

Global Privacy Control: Individuals can automatically signal their privacy preferences to websites and other online services through their browser or through a browser extension called the Global Privacy Control (“GPC“). Depending on where you live, we may take steps to honor your preferences set by the GPC or any similar reputable universal opt-out mechanism.

 

Third Party Website and Services

When interacting with us, you may come across links or references to third party websites and services that we do not operate or control. If you provide your Personal Data to that third party through its websites or services, you will be subject to that third party’s privacy practices and policies. This Privacy Policy does not apply to any Personal Data that you provide to a third-party website or service. We recommend that you read the privacy policy that applies to that third party website or service. A link or reference to a third-party website or service does not mean that we endorse that third party or the quality or accuracy of the information presented on its website or service.

 

Security

We use commercially reasonable physical, administrative, and technological safeguards to protect the Personal Information we collect. When we store your Personal Data, we use computer systems with limited access housed in facilities using physical security measures. Unfortunately, the transmission of information via the internet and mobile platforms is not completely secure. Although we do our best to protect your Personal Data, we cannot guarantee the security of your Personal Data transmitted through the online services.

 

Retention of Personal Data

We retain your Personal Data for the period necessary to fulfill the purposes outlined in this Privacy Policy or our contracts with or business customers, as applicable, unless a longer retention period is required or permitted by law. To determine the appropriate retention period, we consider the amount, nature, and sensitivity of Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data, whether we can achieve those purposes through other means, and all applicable legal requirements.

 

Children’s Privacy

Our online services are not directed to or intended for use by minors. Consistent with applicable laws, if we learn that we have received Personal Data directly from a child without the proper consent, we will use that Personal Data only to respond directly to that child (or his or her parent or legal guardian) to inform the child that he or she cannot use our services. Subsequently, we will delete such Personal Data in accordance with applicable legal requirements. If you believe that we might have any Personal Data from or about a child under the age of 18, please contact us.

 

Your Rights and Choices

You have certain rights regarding the Personal Data we maintain about you and certain choices about how we use it:

 

Opting out of Marketing: If you do not wish to receive marketing-related emails from us, please click the unsubscribe link at the bottom of any marketing email, or email us using the information in the section “Contact Us.” Please note that even if we stop all marketing communications, you may still receive administrative, legal, and other important communications from us.

 

Turning off Location Services: You can change your preferences on your mobile device and/or browser to deny us access to your geolocation. If you disable geolocation tracking, certain features of the products and services may not be available to you.

 

Region Specific Disclosures

California Disclosures

If you are a resident of California, this Privacy Policy describes our Personal Data collection, use, and disclosure practices over the past 12 months. In addition, for Personal Data that we control:

• We have sold or shared, as defined by California law, the following categories of personal data with our targeted advertising service providers and partners: identifiers, internet or other electronic activity information, and geolocation data.
• We do not knowingly sell Personal Data of minors under 18.
• We do not otherwise sell Personal Data in exchange for monetary consideration.

 

In addition to the rights and choices outlined above, you may also request to exercise the following privacy rights:

• Right to know: The right to request to know what Personal Data we collected about you (categories and specific data elements), from where we collected it, why we have collected, sold, or shared it, and to whom we have disclosed it.
• Right to delete: The right to request that we delete Personal Data we collected from you.
• Right to correct: The right to correct inaccurate Personal Data we maintain about you.
• Right to opt out: The right to opt out of certain automated processing and profiling activities, as well as the sale and sharing of your Personal Data for targeted advertising purposes. We do not currently engage in practices involving automated decision-making, profiling, or selling Personal Data other than as disclosed in this Privacy Policy.

 

California Civil Code Section 1798.83, also known as the “Shine The Light” law, permits California residents to request and obtain from us, once a year and free of charge, information about categories of Personal Data (if any) we disclosed to third parties for those third parties’ direct marketing purposes and the names and addresses of all third parties to whom we disclosed Personal Data in the immediately preceding calendar year. You may opt out of these disclosures by writing us at [email protected] or configuring your settings to reject non-essential Data Collection Technologies.

 

Other U.S. State Disclosures

Residents of certain U.S. states may also request to exercise the following privacy rights (subject to any applicable exemptions and limitations):

• Right to access: You have the right to confirm whether we are processing your Personal Data and to access such Personal Data.
• Right to correct: You have the right to request that we correct inaccurate Personal Data that we maintain about you.
• Right to delete: You have the right to request that we delete your Personal Data under specific circumstances.
• Right to opt-out: You have the right to object or opt out of certain types of processing, including: (1) processing for the purpose of targeted advertising, (2) processing for the purpose of the sale of Personal Data, and (3) processing for the purpose of certain types of profiling and automated decision-making. The right to opt out of certain automated processing and profiling activities, as well as the sale and sharing of your Personal Data for targeted advertising purposes. We do not currently engage in practices involving automated processing, profiling, or selling Personal Data other than disclosed in this Privacy Policy.
• Right to data portability: You have the right to request a copy of your Personal Data in an accessible format.
• Right to appeal: If we do not grant your consumer request, you may have the right to appeal that denial.

 

If you are a resident of Oregon or Minnesota, you also have the right to request a list of third parties to whom we disclose Personal Data.

 

Additional Rights for Individuals in the EEA:

If you are in the EEA and we maintain your Personal Data under this Privacy Policy, you have the following additional rights (under the EU General Data Protection Regulation) regarding your Personal Data:

• Right to access and receive: You may request a copy of or access to the Personal Data we hold about you. You may also request that we transfer your Personal Data to a third party in a machine-readable format.
• Right to correct: You may ask us to update or correct inaccurate or incomplete Personal Data we hold about you.
• Right to limit or restrict: You may have the right to request that we stop using all or some of your Personal Data or to limit our use of it.
• Right to erase: You may have the right to request that we delete all or some of your Personal Data.
• Right to withdraw consent: You have the right to withdraw any consent you have previously given to Kastle at any time. Your withdrawal of consent does not affect the lawfulness of our collecting, using, and sharing of your Personal Data prior to the withdrawal of your consent. Even if you withdraw your consent, we have the right to use your Personal Data if it has been fully anonymized and cannot be used to personally identify you.
• Right to lodge a complaint: You have the right to lodge a complaint with your Supervisory Authority if you are unhappy with how we process your Personal Data. You can find contact information for your Supervisory Authority on the European Commission Data Protection Authorities webpage or through other publicly available sources.

 

Exercising your Rights

To exercise any of the rights listed in the above sections, you can contact us by email at [email protected] or phone at +1 703.528.8800. We may take steps to verify your identity and the identity of an authorized agent (if such authorized agent is permitted by law) prior to reviewing your request. This may include requesting that you authenticate with an existing account, provide information that we can use to verify against our records, and/or provide proof of appointing an agent.

 

To exercise your rights to opt out of sale or the sharing of your Personal Data for targeted advertising, please turn off Personalization, Analytics, and Marketing cookies in the website’s Cookie preference center or the “Do Not Sell or Share My Personal Information” link in the footer of the website. Note that you may need to exercise these choices on each of our websites that you visit.

 

If you choose to exercise any of these rights, we will not discriminate against you in any way. If you exercise certain rights, understand that you may be unable to use or access certain features of our services.

 

Note to International Users

Kastle is committed to complying with this Privacy Policy and the data protection laws, including those outside of the United States, that apply to our collection and use of your Personal Data. Kastle operates in the United States, and we recognize that the laws in the United States may be different and, in some cases, less protective as the laws in other countries, including the European Economic Area. By providing us with your Personal Data and using our services, you acknowledge that your Personal Data will be transferred to and processed in the United States.

 

When required, including in our customer contracts, we may have taken additional steps to ensure the lawful transfer and subsequent processing of your Personal Data.

 

Changes to this Privacy Policy

We state the Effective Date of this Privacy Policy at the top of this page. If we materially change the way we use or disclose your Personal Data we will endeavor to notify you in advance by email and/or by placing a prominent notice on our services. The amended Privacy Policy supersedes all previous versions.

 

Contact Us

We welcome your questions and comments about this Privacy Policy or how we process your Personal Data. Please contact us using the information below and we will respond to you as soon as reasonably possible.

 

Kastle Systems International, LLC

6402 Arlington Boulevard

Falls Church, VA 22042

Phone: +1 703.528.8800

Email: [email protected].