Skip to content
Passinstance in action

Privacy Policy

What we collect, why we collect it, and how Passinstance handles personal data.

Last updated: 2026-05-26

Controller

For the Passinstance marketing website, commercial enquiries, and direct communications handled by our team, the controller is Passinstance. Contact: support@passinstance.com

Scope and roles

This policy covers personal data collected through the Passinstance marketing site, contact and demo forms, newsletter and product-interest flows, commercial conversations, and account onboarding paths that lead to Passinstance-operated services. In many customer deployments, the customer organization determines how end-user or passholder data is used in its own pass program. In those cases, the customer may act as the controller for that end-user data and Passinstance may act as a processor or service provider under separate contractual terms. If you are a passholder interacting with a pass issued by one of our customers, the customer that issued the pass is usually your first point of contact for privacy requests about that program.

Data we collect

  • Identity and business contact data, such as your name, work email address, company, role, phone number, and billing or contracting details when you provide them.
  • Account and access data, including authentication details, consent choices, locale preferences, and restricted-area session or token information used to secure the service.
  • Commercial and communication data, including contact requests, demo requests, sales discussions, support correspondence, and records of agreements or service enquiries.
  • Usage and service data, such as website interactions, referral sources, page visits, product interest signals, API-related metadata, and operational logs required to run and protect the platform.
  • Technical data, including IP address, browser and device information, approximate geo-derived network information, and browser storage entries used for consent or functional preferences.

Why we process personal data

  • To operate, secure, maintain, and improve the Passinstance website, hosted flows, APIs, and related services.
  • To answer enquiries, arrange demos, process registrations, provide support, and manage commercial relationships with prospects and customers.
  • To monitor performance, troubleshoot incidents, detect abuse, protect accounts, and keep audit records where necessary for security or compliance.
  • To measure website performance and product interest using consent-based analytics, and to improve conversion, documentation, and user experience.
  • To meet legal obligations, enforce our agreements, resolve disputes, and keep appropriate internal business records.

Legal bases

Depending on the context, Passinstance processes personal data on the basis of contractual necessity, steps requested before entering into a contract, legitimate interests in operating and improving the service, your consent where consent is required, and compliance with legal obligations.

Security and EU hosting

Passinstance describes EU hosting in its commercial materials and applies technical and organizational measures appropriate to the risks of the service, such as access controls, audit logging, environment separation, service monitoring, and role-based permissions. No internet-based service can be guaranteed to be completely secure, but we work to protect personal data against unauthorized access, alteration, disclosure, and loss.

Cookies, analytics, and browser storage

Passinstance uses browser storage and similar technologies for consent management, language preferences, and restricted-area access controls. If analytics is configured for the site, Google Analytics 4 runs with consent mode defaults and analytics storage stays denied until you explicitly accept analytics cookies. Marketing-related storage is denied by default in the current public consent flow.

How data may be shared

We may share personal data with infrastructure and hosting providers, email and support tools, sales or CRM systems, analytics providers when enabled with the appropriate legal basis, and professional advisers or public authorities where disclosure is required or necessary to protect our rights. For customer environments, Passinstance may also rely on subprocessors and operational vendors that support hosting, delivery, monitoring, communications, and support. We do not sell personal data.

International transfers

Some service providers may process data outside your country or outside the EEA. Where required, Passinstance relies on contractual, technical, and organizational safeguards designed to protect personal data during international transfers, including transfer mechanisms commonly used for cross-border processing where applicable.

When Passinstance acts as a processor

Where Passinstance processes personal data on behalf of a customer, we act on the customer's documented instructions as set out in the applicable service agreement, order form, or data processing terms. If we receive a request that clearly relates to customer-controlled passholder data, we may direct the requester to the relevant customer or coordinate with that customer as required by law and contract.

Data retention

We keep personal data only for as long as needed for the purpose for which it was collected, including active customer relationships, support history, security logging, backup cycles, and legal or tax retention obligations. Consent records may be retained for an appropriate period to demonstrate the choice you made.

Your rights

Subject to applicable law, you may have the right to request access to your personal data, ask for correction or deletion, restrict or object to certain processing, withdraw consent, and request data portability. You may also lodge a complaint with a competent supervisory authority.

Contact

Questions about this policy or privacy requests can be sent to: support@passinstance.com