Privacy Policy — QuickRoomFinder

The data controller is Kioskware Sp. z o.o., registered in Warsaw, Poland, NIP: PL1133179599, REGON: 542748842, KRS: 0001195005. Contact: contact@kioskware.co

When using the QuickRoomFinder Service, we process the following categories of personal data: — Identity data: full name, email address, organization ID. — Authentication data: OAuth tokens (Cisco Webex, Google, Microsoft 365). Passwords are never stored. — Organizational data: location names, floors, conference room names, kiosk configuration. — Company data: company name, billing address, VAT ID, billing email. — Video terminal data: device status, people count, temperature, humidity, air quality, sound level. — Technical data: IP address, browser headers, access logs. — Billing data: subscription and payment information (processed by Paddle.com). — Usage data: basic analytics of administration panel activity.

We process personal data for the following purposes: — Service delivery: displaying room status, managing kiosks, authentication. — Account management: subscription management, payment processing. — Billing and invoicing: payment processing, invoice generation and storage. — Security: audit logging, unauthorized access monitoring, fraud prevention. — Communication: notifications about changes to the Service, Terms, or Privacy Policy. — Legal compliance: fulfilling obligations under applicable law (including tax regulations).

— Art. 6(1)(b) GDPR — performance of a contract (provision of the Service). — Art. 6(1)(f) GDPR — legitimate interests (security, fraud prevention). — Art. 6(1)(c) GDPR — legal obligation (accounting, tax regulations).

Personal data may be shared with the following categories of recipients: — Paddle.com Market Ltd — payment processing, invoicing, tax handling. — Google Cloud Platform — hosting and data storage (Firebase, Cloud Run servers in europe-west1 region). — Cisco Systems, Inc. — as part of Webex API integration (room, device, and status data). — Google LLC / Microsoft Corp. — if logging in via Google or Microsoft 365. We do not sell or share personal data with third parties for marketing purposes.

— Account and configuration data: for the duration of Service use. — Data after termination: 30 days, then permanently deleted. — Audit logs: 90 days. — Billing data: as required by tax law (5 years). — Session tokens: maximum 8 hours (Webex sessions) or 30 days (external sessions).

We implement the following security measures: — Encryption in transit: HTTPS/TLS for all communication. — Encryption of sensitive data: AES-256-GCM for Client Secret and Refresh Token. — Authentication: OAuth 2.0 (Cisco Webex, Google, Microsoft 365) — no password storage. — Access control: administrator permissions verified on every request. — Hosting: Google Cloud Platform in the EU region (europe-west1). — Regular reviews of security policies and access controls.

Under GDPR, you have the following rights: — Right of access to your personal data. — Right to rectification of inaccurate data. — Right to erasure ("right to be forgotten"). — Right to restriction of processing. — Right to data portability. — Right to object to processing based on legitimate interests. — Right to lodge a complaint with a supervisory authority. To exercise your rights, contact us at: contact@kioskware.co

The Service uses cookies for technical purposes only: — Session cookies: storing authentication tokens (qr_session, qr_external_session). — Preference cookies: interface language, color theme. We do not use advertising or tracking cookies. We do not use third-party analytics tools (e.g., Google Analytics).

Data may be transferred outside the European Economic Area as part of using Cisco Webex API and Google Cloud Platform services. Transfers are based on Standard Contractual Clauses (SCC) or European Commission adequacy decisions. When using the Paddle.com payment provider, billing data may be processed in jurisdictions required to complete the payment transaction.

We notify Users of material changes to this Privacy Policy via email with 14 days' notice. The current version of the Policy is always available at qr.kioskware.co/privacy.