Skip to main content

Privacy Policy

Effective date:

Jonot is a cloud-based queue-management service. This policy explains what personal data we collect when you or your customers use it, why we collect it, how long we keep it, and the rights you have over it.

Who we are

The service is operated by Jonot Oy (business ID 3620928-7), a company registered in Finland ("Jonot", "we", "us" in this policy). For privacy matters:

  • Email: info@jonot.io
  • Postal: Jonot Oy, Tenavatie 11B, 00760 Helsinki, Finland

We have not appointed a Data Protection Officer — we are below the GDPR Article 37 thresholds that would require one — but the email above reaches the person responsible for privacy compliance.

What we collect, per role

Jonot is used by three groups of people, and we collect different data about each.

End Users (the people joining a queue)

  • Ticket hash: a random 22-character identifier that stands in for the End User. This is the only credential End Users ever hold — there is no account, no login, no email collected by default.
  • IP address: read at the edge for rate limiting and abuse protection (e.g. to stop one browser from flooding a queue). IPs are not stored in the queue database; they are held only in short-lived request logs.
  • Optional contact details: if the business has configured a kiosk or join flow that asks for a name or phone number (e.g. to call you when it's your turn), that value is stored against your ticket for the life of the queue session.

Staff Users (desk, admin, super-admin)

  • Identity: email, name, avatar, and a user ID. Jonot runs its own authentication on its EU database; your password is stored only as a salted hash — never in plain text, and never visible to us.
  • Permissions: the role(s) granted to your user (e.g. org-manager, desk) — verified on every request.
  • Action audit: a record of administrative mutations (create location, revoke device, etc.) tied to your user ID.
  • Request metadata: IP and user-agent captured in short-lived request logs.

Devices (kiosks, displays)

  • Device-session token hash: a one-way hash of the token we issued during pairing. We never store the raw token.
  • Pairing metadata: the location the device is bound to, a human-readable label, last-seen timestamps.

Why we collect it (legal basis)

Under the GDPR, every processing activity needs a lawful basis. Ours:

  • Contract (Art. 6(1)(b)): staff accounts, ticket issuance, kiosk pairing — all necessary to provide the service our paying Customer signed up for.
  • Legitimate interests (Art. 6(1)(f)): rate limiting, abuse prevention, request logs. Our interest in keeping the service up and fair is not overridden by the minimal intrusion of a short-lived IP log.
  • Consent (Art. 6(1)(a)): any optional contact fields an End User actively types into a kiosk form. You can withdraw consent at any time by emailing us.

Who processes it on our behalf

We rely on a small set of sub-processors to deliver the Service. Each is bound by a data processing agreement and may only process personal data on our instructions:

  • Cloudflare — hosting, database (D1), and edge compute. Queue and account data are stored in the EU (Western Europe); static assets and stateless compute are served from its global edge network.

Authentication and staff identity are handled in-house on our own EU database, not by a third party. Billing is handled by Polar as our merchant of record; Polar acts as an independent controller for payment data, not as our sub-processor. We will update this list when our sub-processors change.

Where data is processed

  • Queue data: stored in the EU (Western Europe).
  • Static assets and application compute: served from a global edge network. Compute is stateless; no personal data is persisted at the edge.
  • Identity and authentication: handled in-house on our EU database (Western Europe).
  • Billing (via Polar, our merchant of record): may include transfers to the United States under the EU–US Data Privacy Framework.

Where a recipient is not certified under the EU–US Data Privacy Framework, the transfer instead relies on the European Commission's Standard Contractual Clauses; a copy of the clauses is available on request at info@jonot.io.

How long we keep it

  • Queue tickets: retained until the queue session is closed, then for 30 days for dispute resolution, then deleted.
  • Device sessions: retained until the device is revoked; revocation triggers immediate deletion of the token hash.
  • Staff account data: retained for the life of the organisation's subscription, plus 90 days after cancellation, then deleted from our database. Identity records, including the salted password hash, are part of this staff account data and are deleted on the same schedule.
  • Audit logs: 12 months.
  • Request logs: typically 7 days.

Your rights

If you're in the EU/EEA (and in most cases regardless of where you are), you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Delete your data (subject to legal retention obligations, e.g. invoicing records).
  • Export your data in a portable format.
  • Object to processing based on legitimate interests.
  • Withdraw consent for anything you previously consented to (without affecting processing that already happened).

Email info@jonot.io to exercise any of these. We aim to respond within 30 days; the regulator's statutory limit is one month, extendable once by a further two months for complex cases.

If we're processing data on behalf of a Jonot Customer (for example, your employer), route the request to them first — they are the controller for that data and we act on their instructions.

Cookies and local storage

Jonot apps use browser storage sparingly:

  • Session storage for post-login return URLs so that after sign-in we send you back to where you came from. Cleared as soon as the redirect completes.
  • Identity tokens: ID and refresh tokens held in memory and in secure refresh cookies issued by Jonot's own authentication service.

We do not use advertising or analytics cookies on the product apps. The marketing site may use first-party analytics in the future; any such addition will trigger an update to this page and, where required, a consent prompt.

Children

Jonot is a business-to-business service. We don't knowingly collect data from children under 16. If you believe a child has submitted data via a Customer's kiosk that shouldn't be there, email us and we'll delete it.

Changes to this policy

We'll update this policy as the service evolves. The effective date at the top of the page always reflects the current version; for material changes, we'll notify registered Staff Users at least 14 days in advance via email.

Complaints

If you're not satisfied with how we handle a privacy request, you can complain to a supervisory authority. In Finland that's the Data Protection Ombudsman (tietosuoja.fi). In another EU/EEA country, it's your local DPA.