Built in Europe, hosted in Europe, and governed solely by European law. GDPR compliance is baked into the architecture — not bolted on. From Article 5 data minimisation to Article 17 erasure, every visit record is protected by the strongest privacy framework in the world.
US-based SaaS platforms are subject to the US CLOUD Act — which allows US authorities to compel any US company to hand over data stored anywhere in the world, regardless of EU data protection law. VisitorPass is incorporated, operated, and hosted entirely within the European Union. Only European law applies.
The Clarifying Lawful Overseas Use of Data Act (2018) allows US authorities to demand data from any US-incorporated company — regardless of where the data physically sits. A warrant in Washington can expose your visitors' personal data even if the servers are in Frankfurt. VisitorPass has no US legal presence. No CLOUD Act applies.
The Court of Justice of the EU's landmark Schrems II ruling (C-311/18) invalidated the EU-US Privacy Shield and placed significant restrictions on Standard Contractual Clauses where US surveillance law still applies. Using an entirely EU-based platform means no transfer safeguards are needed at all.
When personal data never leaves the EU, your organisation needs no adequacy decision, no Standard Contractual Clauses, no Binding Corporate Rules, and no Transfer Impact Assessment. Compliance is structural and permanent — not a contractual arrangement that can be challenged or withdrawn.
Essential and important entities under the NIS2 Directive must ensure their entire supply chain — including every SaaS tool — meets EU cybersecurity standards. VisitorPass is built, hosted, and supported entirely within the EU, with a fully documented security architecture ready for your NIS2 risk assessment.
From a single reception desk to a multi-site enterprise — VisitorPass covers every scenario without compromising on privacy.
Hosts send personalised email invitations. Visitors pre-register from any device. QR codes are issued automatically for fast, contactless arrival — a seamless first impression for your guests.
Deploy any browser-based tablet as a fully branded self-service kiosk. Visitors scan their QR code or type their name to check in, sign your NDA, and receive a printed or digital badge — no app download needed.
When no receptionist is physically present, the kiosk connects visitors directly to a live operator via encrypted peer-to-peer WebRTC video. The human is always in the loop — just remotely.
Every check-in can be reviewed and approved by a receptionist or operator, whether on-site or remote. Operators receive instant notifications and can grant, hold, or deny entry — keeping a person in control of every access decision.
Every tenant gets their own subdomain, uploaded logo, and full colour palette. Registration pages, digital passes, email notifications, and the kiosk all carry your identity — not ours.
Maintain a watchlist of restricted individuals who are flagged on arrival. Issue time-limited digital access cards compatible with Apple Wallet & Google Pay. Full audit trail for every badge issued or revoked.
Auto-generate PDF visitor passes with QR codes, host information, and visit duration. Apple Wallet passes are signed and delivered by email so visitors always have their credential on their phone.
Manage multiple buildings, campuses, or client organisations from a single super-admin console. Each site and tenant has isolated data, independent branding, and its own operator team.
Hosts are alerted the moment their visitor arrives. Managers receive automated daily visitor summaries by email. Administrators can export sign-in logs as Excel spreadsheets for compliance audits.
Every image on this page was captured directly from a live VisitorPass instance. The interface you see is exactly what you and your visitors experience.
Most visitor management systems treat GDPR as a box to tick. We treat it as the specification. Every data field, every retention rule, every access log, and every deletion mechanism was designed from first principles around the Regulation's requirements — not bolted on afterwards.
Each organisation sets its own data retention period. A nightly cron job automatically hard-deletes visitor records — name, photo, purpose of visit — once that window passes. No manual intervention required, no forgotten records left behind.
Operators can action a data-subject erasure request in two clicks. The system anonymises all identifying fields — replacing them with irreversible hashes — and records the erasure in the immutable GDPR audit log with timestamp and operator ID.
Any visitor can request a complete export of their personal data. The system generates a structured, machine-readable JSON export that can be handed to the data subject or a third party within minutes.
Every data access, export, anonymisation, and modification event is written to a tamper-evident audit log. Entries include the acting user, their IP address, the affected record, and a precise UTC timestamp — ready for a supervisory authority inspection.
Visitors are presented with your organisation's Privacy Notice and EULA at registration. Acceptance is timestamped and stored alongside the visit record, providing a clear lawful basis under Article 6(1)(a).
Only the fields genuinely needed for each visit are collected. Photo capture, document scanning, and contact fields are individually toggleable per-site so you never collect more than your lawful basis permits — satisfying the principle of data minimisation enshrined in Article 5(1)(c).
All visitor data is stored and processed exclusively on EU-based servers. Personal data never crosses EU borders. There is no adequacy decision to monitor, no Standard Contractual Clauses to maintain, and no Transfer Impact Assessment to commission — because no transfer ever takes place.
VisitorPass acts as your data processor under Article 28 GDPR. A signed, legally compliant Data Processing Agreement — covering sub-processors, security obligations, and breach notification timescales — is included with every subscription, not offered as a paid extra.
Every aspect of the visitor journey carries your identity. Guests never see "VisitorPass" — they see you.
Custom domains, Apple Wallet passes, PDF visitor badges, and notification emails all carry your logo and colours — configured in minutes from the admin panel.
VisitorPass includes built-in modules for employee timesheets, room and desk bookings, and fault ticketing — all GDPR-compliant and available in all 28 languages.
A three-column live reception view showing visitors in the queue, expected arrivals, and everyone currently on-site — with one-click check-in and sign-out.
Clock in and out, log manual entries, and submit weekly hours for approval. Managers review, approve, and export timesheet data as Excel.
Browse rooms and desks, view live availability, and reserve resources in one click. Week view, day view, and list mode included.
A visitor arrives at an unstaffed reception. The kiosk connects them instantly, face to face, with a real person — your operator, wherever they happen to be working that day.
On the kiosk screen, one tap initiates a WebRTC session. No app, no account, no friction.
The operator's browser rings. They see the visitor's face and the visit record side-by-side.
The operator clicks to sign the visitor in. The kiosk prints or sends a digital badge. All encrypted end-to-end.
VisitorPass follows a defence-in-depth approach. Each layer is hardened so that even a partial breach yields nothing of value.
Passwords are hashed with bcrypt. Sessions use HttpOnly, Secure, SameSite=Strict cookies with per-IP rate limiting to prevent brute-force. Session tokens rotate on privilege escalation.
Role-based access control with six levels (super → operator). A configurable watchlist triggers an immediate alert when a flagged name or identity is presented at any monitored entrance.
Every sensitive action — login, data export, erasure, badge issuance — is written to an immutable, tamper-evident log with actor, timestamp, and source IP. Exportable for compliance reporting.
All traffic is TLS 1.3. Visitor photos are stored outside the web root. Upload directories block PHP execution at the server level. Sensitive config values are kept outside the repository.
Responses include X-Content-Type-Options: nosniff, X-Frame-Options: SAMEORIGIN, a strict Referrer-Policy, Permissions-Policy, and HSTS to prevent downgrade attacks.
Operators can request photo capture at check-in for visual identity verification. Photos are linked to the visit record for the configured retention window and then auto-purged alongside all other personal data.
All prices are per calendar month. Cancel anytime. VAT may apply depending on your jurisdiction.
All plans include GDPR tooling, support for all 28 languages, and are hosted within the European Union.
The EU has 24 official languages — and VisitorPass supports all of them, plus Turkish, Russian, Arabic, and Hebrew. Registration forms, kiosk screens, email invitations, digital passes, and host notifications are all fully localised. Language is detected automatically from the visitor's browser and can be switched at any time. No other visitor management platform matches this coverage.
VisitorPass was built in Europe, runs in Europe, and operates under European law — so your visitors' data is protected by the strongest privacy framework in the world, by default. Set up your first gatehouse in under 10 minutes.