Skip to content
Privacy Policy

How Karibu VMS handles privacy and visitor data.

This policy explains how Karibu VMS collects, uses, protects, retains, anonymises, and shares information when facilities use the platform to manage visitor entry, guard workflows, payments, support, and administration.

Last updated: May 28, 2026

Privacy summary

Facilities choose the visitor details they collect.

Visitor records can support check-in, approval, checkout, reporting, and security review.

Retention and anonymisation tools help reduce personal data where appropriate.

Policy details

Clear rules for visitor records, access, security, and retention.

Karibu VMS is designed to support controlled visitor management workflows while helping organizations manage visitor information responsibly.

Information we collect

Karibu VMS may collect account details, facility information, guard and admin profile data, visitor check-in records, host or department details, support messages, payment references, device metadata, and usage activity needed to operate the service.

Configurable visitor details

Facilities can configure which visitor fields are requested, such as phone number, ID or passport number, host, purpose of visit, vehicle registration, and photo capture where enabled. This supports data minimisation by allowing a facility to collect only what it needs.

How we use information

We use information to provide visitor registration, approval, checkout, QR pass verification, guard workflows, reporting, billing, support, security monitoring, troubleshooting, and product improvement.

Sensitive visitor fields

Where supported by the platform, sensitive fields such as phone numbers, ID or passport numbers, and vehicle registration details are protected using server-side encryption and cryptographic matching values. Plain legacy fields should remain blank for newly protected records.

Restricted visitor checks

Restricted visitor matching is designed to use stronger identifiers such as phone, ID or passport number, or vehicle registration where those fields are provided. Restricted records may be reviewed and expire separately from normal visitor logs.

Data retention and anonymisation

Facilities may configure or request deletion/anonymisation of visitor personal data. The platform can anonymise checked-out visitors and remove personal details while keeping non-sensitive operational history, billing usage, and audit records where required for security, accounting, dispute handling, or legal reasons.

Security and audit logs

We apply technical and organizational safeguards intended to protect records from unauthorized access, misuse, loss, or alteration. Audit logs record important security events such as sensitive record access, exports, restricted visitor matches, rule changes, and retention actions without intentionally storing raw phone or ID numbers in audit metadata.

Sharing information

We do not sell personal information. We may share data with service providers that help operate hosting, database, payment, analytics, communication, and support systems, or where required by law. A facility may also share records with authorized staff, hosts, guards, building management, or lawful authorities where appropriate.

Contact and requests

Questions about privacy, visitor data, correction requests, access requests, deletion/anonymisation requests, or account records can be sent through the contact page or by reaching our support team. Visitors may also contact the facility that collected their details.

Facility responsibility and legal compliance

Each facility or company workspace is responsible for deciding what visitor information it collects, giving appropriate notices to visitors, selecting lawful retention periods, managing access by guards and admins, and responding to visitor requests. Karibu VMS provides tools such as configurable fields, encryption, hashing for matching, audit logs, retention cleanup, and anonymisation to help facilities manage those responsibilities.