SAP
Secure Access Pass

Privacy Policy

Last updated: May 12, 2026

This Privacy Policy describes how DRSUSS Holdings LLC, doing business as Secure Access Pass (“SAP,” “we,” “us,” or “our”), collects, uses, and shares your personal information when you use our pool access management platform and related services (the “Service”).

1. Information We Collect

We collect the following types of information to provide and improve the Service:

  • Account information: Name, email address, phone number, and unit number provided by you or your property manager when creating or managing an account.
  • Gate photos: Profile photos uploaded by residents for identity verification at the pool gate.
  • Payment information: When purchasing visitor passes, payment is processed by Stripe. We do not store full card numbers — Stripe handles PCI-compliant payment processing.
  • Access logs: Every scan event (entry, exit, denied) is recorded with a timestamp, QR code, scan type, result, and IP address. This data is used for access history and audit purposes.
  • Usage data: Technical information about how you use the Service, including browser type, device information, and pages visited.

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the pool access management Service
  • Verify resident identity and enforce access rules set by property managers
  • Process visitor pass purchases and send payment receipts
  • Send welcome notifications, broadcast alerts, and pool status updates
  • Track pool occupancy and enforce capacity limits
  • Generate access history and analytics for property managers
  • Improve and develop new features of the Service
  • Comply with legal obligations

3. Information Sharing

We do not sell your personal information. We may share information in the following ways:

  • Property managers: The property manager and authorized staff for your community can view resident names, units, phone numbers, email addresses, gate photos, and access history.
  • Stripe: Payment information is shared with Stripe, Inc. for processing visitor pass purchases. Stripe's privacy policy governs their use of that data.
  • Service providers: We use Supabase for database and authentication, AWS SES for email delivery, and Twilio for SMS. These providers only process data as necessary to provide their services to us.
  • Legal requirements: We may disclose information when required by law or in response to valid legal process.

4. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. Access logs are retained for a minimum of 90 days to support audit and compliance needs. When a property manager deletes a resident account, personal information is removed within 30 days, though anonymized access log records may be retained for analytics.

If you wish to request deletion of your data, please contact your property manager or reach out to us directly at privacy@secureaccesspass.com.

5. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate or incomplete information
  • Request deletion of your personal information, subject to legal retention requirements
  • Opt out of non-essential communications

To exercise any of these rights, contact us at privacy@secureaccesspass.com. We will respond to verifiable requests within 30 days.

6. Security Measures

We implement industry-standard security measures to protect your information, including:

  • Encryption of data in transit using TLS (HTTPS)
  • Row-level security policies enforced at the database level
  • JWT-based authentication with server-side session validation
  • Role-based access controls limiting data access by user type
  • Regular security reviews and dependency updates

No system is 100% secure. We encourage you to use strong passwords and report any suspected security issues to us promptly.

7. Children's Privacy

The Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us immediately and we will delete it promptly.

8. Governing Law

This Privacy Policy is governed by the laws of the Commonwealth of Pennsylvania, without regard to conflict of law principles.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date at the top of this page and notify you where required by applicable law. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

10. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please contact us at:

DRSUSS Holdings LLC

privacy@secureaccesspass.com