Request a Demo Get a Quote

Privacy Policy

Last Updated: May 11, 2026

1. About This Privacy Policy

Patronscan (“Patronscan,” “we,” “us,” or “our”) respects the privacy of every individual whose personal information we handle. This Privacy Policy explains what personal information we collect, why we collect it, how we use and share it, how we protect it, and the rights individuals have over their personal information. 

This Privacy Policy applies to: 

  • Visitors to our websites, including patronscan.com and any related Patronscan-operated subdomains and microsites (“Website”); 
  • Business customers and prospective customers who interact with us, request quotes or demos, sign up for our newsletters, or use our customer portals (“Customers”); 
  • Individuals whose identification documents are scanned by Patronscan devices and software at venues, businesses, or other establishments that use our services (“End Users” or “Patrons”); and 
  • Individuals whose information is recorded in or shared through the Patronscan public flag network (“Flag Network”). 

This Privacy Policy describes practices that apply to personal information Patronscan controls. Where Patronscan acts as a service provider, processor, or data processor on behalf of a Customer, the Customer’s own privacy policy governs the collection and use of personal information at their establishment, and our handling is governed by our agreement with that Customer. 

2. Who We Are

Legal entity: Servall Data Systems Inc. 

Registered address: Patronscan 

Primary contact: privacy@patronscan.com 

Phone: 1-877-778-9798 

3. Definitions

To make this Policy easier to read, we use the following defined terms: 

  • “Personal Information” means information about an identifiable individual. In some jurisdictions this is also called “personal data” or “personal information” under specific statutes. We use the broadest applicable definition. 
  • “Sensitive Personal Information” means categories of personal information given special protection under applicable law, including government-issued identification details, biometric identifiers, precise geolocation, and information about flagged incidents. 
  • “Customer” means a business that has agreed to use Patronscan products or services, including bars, nightclubs, casinos, retail businesses, property managers, and event operators. 
  • “End User” or “Patron” means an individual whose identification is scanned by a Customer using Patronscan products. 
  • “Flag Network” means Patronscan’s shared safety network through which participating Customers may record and consult flags associated with identity records. 
  • “Process” means any operation performed on personal information, including collection, recording, organization, storage, use, disclosure, transfer, or deletion. 

4. Information We Collect

The personal information we collect depends on how you interact with Patronscan. The categories below describe the information we collect, the sources, and the purposes for which we use it. 

4.1 Information We Collect From Website Visitors 

When you visit patronscan.com, we collect: 

  • Technical data such as IP address, browser type and version, device type, operating system, referrer URL, pages visited, time spent on pages, and clickstream data; 
  • Cookie and similar technology identifiers (see Section 13); 
  • Approximate location derived from IP address; and 
  • Information you voluntarily provide through forms, including name, business name, email, phone number, role, and any free-text content you submit. 

4.2 Information We Collect From Customers and Prospective Customers 

When you request a quote, demo, or otherwise engage with Patronscan as a business customer or prospect, we collect: 

  • Contact details (name, business email, phone, role, business name); 
  • Business information (industry, venue type, location, anticipated volume); 
  • Account credentials and authentication information for Customer portals; 
  • Billing and payment information processed through our payment service providers; 
  • Records of your communications with our sales, support, and customer success teams; and 
  • Usage data from Customer-facing dashboards, including login times, features used, and reports generated. 

4.3 Information We Collect From End Users (Patrons) 

When you present an identification document at a Customer venue that uses Patronscan products, Patronscan may collect, on behalf of the Customer or on its own behalf: 

  • Information printed and encoded on your identification document, including name, date of birth, age, address, document number, expiry date, document type, and issuing jurisdiction; 
  • An image of the identification document (front and, where applicable, back); 
  • A facial image captured at the time of scan, where the Customer has enabled facial comparison features; 
  • The results of authentication and age-verification checks performed against the document; 
  • The date, time, and location of the scan, including the Customer venue at which the scan occurred; 
  • Any flag, ban, or incident record associated with you by the Customer or, through the Flag Network, by another participating venue; and 
  • Records of entry, denial, or other access-control decisions made on the basis of the scan. 

Patronscan does not collect a financial account number, health information, racial or ethnic origin information, political opinions, religious beliefs, trade-union membership, sexual life, sexual orientation, or genetic information from the scan, except to the extent any such information may be visible on the face of a government identification document. 

Retention of scan data varies by Customer configuration and applicable law. See Section 9 for retention details.

4.4 Information in the Flag Network 

The Flag Network is a shared safety mechanism through which participating Customers may record incident-related flags associated with an identity record and consult flags recorded by other participating Customers. Flag Network records may include: 

  • Identity information sufficient to associate a flag with a verified identity (such as name, date of birth, and identification document number, hashed or tokenized where appropriate); 
  • The category of behavior giving rise to the flag (for example, fighting, harassment, theft, severe intoxication, or other unsafe conduct); 
  • The date and venue at which the flag was recorded; 
  • Free-text incident notes recorded by Customer staff, where applicable; and 
  • The expiry date of the flag and any subsequent disputes, reviews, or removals. 

4.5 Information We Collect From Other Sources 

We may also receive personal information from: 

  • Customers who provide us with information about their staff and end users in the course of using our services; 
  • Public records and document-authority data sources used to authenticate identification documents; 
  • Service providers who perform analytics, advertising, fraud prevention, or other functions on our behalf; and 
  • Business partners and resellers. 

5. How We Use Personal Information

We use personal information for the following purposes: 

5.1 Operating the Patronscan Service 

  • Authenticating identification documents and detecting fraudulent documents; 
  • Verifying age and other eligibility criteria for entry, purchase, or service; 
  • Operating the Flag Network, including recording, displaying, and removing flags; 
  • Providing access-control, occupancy, and analytics features to Customer venues; 
  • Detecting and preventing fraud, abuse, and misuse of our products. 

5.2 Customer Relationship and Account Management 

  • Responding to inquiries, demo requests, and support requests; 
  • Provisioning and supporting Customer accounts; 
  • Processing payments and managing billing; 
  • Providing notifications about service updates and account activity. 

5.3 Marketing and Communications 

  • Sending newsletters, product updates, and marketing communications to individuals who have opted in or with whom we have a pre-existing business relationship, as permitted by applicable law; 
  • Personalizing marketing content and measuring its effectiveness; 
  • Conducting market research and customer satisfaction surveys. 

5.4 Legal, Safety, and Regulatory Purposes 

  • Complying with laws, regulations, court orders, and lawful requests from law enforcement and regulators, including liquor and gaming authorities such as the Alberta Gaming, Liquor and Cannabis Commission (AGLC); 
  • Establishing, exercising, or defending legal claims; 
  • Protecting the rights, property, and safety of Patronscan, our Customers, End Users, and the public. 

5.5 Product Improvement and Research 

  • Improving the accuracy, performance, and reliability of our services; 
  • Developing new features, including using de-identified or aggregated data; and 
  • Conducting internal research and analytics. 

6. Legal Bases for Processing (GDPR and UK GDPR)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, Patronscan processes your personal information on the following legal bases: 

  • Performance of a contract — where processing is necessary to provide our services to you or to a Customer with whom you interact; 
  • Legitimate interests — including operating and securing our services, preventing fraud, providing the Flag Network for venue and community safety, and direct marketing of similar services to existing business contacts, balanced against the rights and freedoms of the individual; 
  • Legal obligation — where processing is necessary to comply with law, including responding to lawful requests from authorities; 
  • Vital interests — where processing is necessary to protect the vital interests of an individual; and 
  • Consent — for marketing communications where required, optional cookies and similar technologies, and other activities for which we request your consent. 

Where Patronscan relies on legitimate interests, individuals have the right to object as described in Section 11.

7. How We Share Personal Information

Patronscan shares personal information only in the limited circumstances described below. 

7.1 With Customers 

When you present identification at a Customer venue, the verification result and any relevant Flag Network information are shared with that Customer’s authorized personnel for the purpose of making the entry or service decision. 

7.2 With Other Participating Venues Through the Flag Network 

If a flag is recorded against an identity in the Flag Network, that flag and associated incident information are visible to other participating Customers when the same identity is scanned at their venue. Flag Network records are not made publicly available and are accessible only to authorized Customer personnel using authenticated Patronscan systems. 

7.3 With Service Providers 

We share personal information with service providers who perform functions on our behalf, including: 

  • Cloud hosting and infrastructure providers
  • Payment processors
  • Customer relationship management and marketing platforms: HubSpot 
  • Analytics providers: Google Analytics, HubSpot, Hotjar 
  • Advertising platforms: Google Ads, LinkedIn Ads, Meta Ads, Reddit Ads, TikTok Ads 
  • Email delivery providers; and 
  • Customer support and ticketing systems: Atlassian 

Service providers are contractually bound to handle personal information only on our instructions and to implement appropriate security safeguards.

7.4 With Law Enforcement and Regulators 

We disclose personal information to law enforcement, regulators (including liquor and gaming authorities such as AGLC), courts, and other authorities where we are legally compelled to do so or where disclosure is reasonably necessary to protect the rights, property, or safety of Patronscan, our Customers, End Users, or the public. Where lawful, we attempt to notify affected individuals before disclosing their information in response to such requests. 

7.5 In Connection With a Business Transaction 

If Patronscan is involved in a merger, acquisition, financing, reorganization, or sale of assets, personal information may be transferred as part of that transaction, subject to appropriate confidentiality protections. 

7.6 With Your Consent or at Your Direction 

We share personal information for other purposes only with your consent or at your direction. 

7.7 We Do Not Sell Personal Information 

Patronscan does not sell personal information in exchange for monetary consideration. Certain disclosures to advertising and analytics partners (described in Section 13) may constitute a “sale” or “sharing” under California law; California residents may opt out as described in Section 11.

8. International Data Transfers

Patronscan is headquartered in Canada, and our systems and service providers operate in Canada, the United States, and other countries. Personal information we collect may be transferred to, stored in, and processed in jurisdictions outside the country where it was collected, including jurisdictions that may not provide the same level of data protection as your home jurisdiction. 

Where personal information is transferred internationally, we rely on the following safeguards: 

  • Standard Contractual Clauses or UK International Data Transfer Agreement for transfers from the EEA and UK; 
  • Contractual commitments from service providers to provide a level of protection consistent with applicable law; 
  • Technical and organizational measures appropriate to the sensitivity of the information; and 
  • Customer agreements specifying data residency requirements where applicable. 

9. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes described in this Policy, to comply with our legal and regulatory obligations, to resolve disputes, and to enforce our agreements. Specific retention periods include: 

  • Website analytics and cookie data: 14–26 months for Google Analytics; 
  • Marketing contact records and CRM data: until the contact opts out, plus a reasonable record-keeping period; 
  • Customer account records: for the duration of the Customer relationship for legal and tax purposes; 
  • End User scan records at Customer venues: as configured by the Customer, subject to maximum periods required by applicable law and our Customer agreements 
  • Flag Network records: for the duration of the flag, with default flag durations, subject to review and dispute processes described in Section 11; and 
  • Records subject to legal hold or law enforcement preservation: until the hold is released. 

10. How We Protect Personal Information

Patronscan implements administrative, technical, and physical safeguards designed to protect personal information against loss, theft, unauthorized access, disclosure, copying, use, or modification. These safeguards include: 

  • Encryption of personal information in transit and at rest; 
  • Access controls and role-based authentication for Patronscan systems and Customer portals; 
  • Multi-factor authentication for administrative and Customer-facing accounts; 
  • Network security controls, including firewalls, intrusion detection, and continuous monitoring; 
  • Regular security reviews, vulnerability scanning, and penetration testing; 
  • Staff training in privacy and information security; 
  • Background checks for personnel with access to sensitive personal information; 
  • Vendor risk management and contractual obligations on service providers; and 
  • Incident response and breach notification processes (see Section 14). 

No security measure is perfect, and we cannot guarantee absolute security. Individuals play an important role in protecting their information by safeguarding their account credentials and notifying us of any suspected unauthorized access.

11. Your Privacy Rights

Depending on where you live, you may have certain rights with respect to your personal information. Patronscan honors these rights regardless of jurisdiction where reasonably possible. 

11.1 Rights Available to All Individuals 

  • Access — request a copy of the personal information we hold about you; 
  • Correction — request that we correct inaccurate or incomplete personal information;
  • Deletion — request that we delete your personal information, subject to legal and operational exceptions;
  • Withdrawal of consent — where processing is based on consent, withdraw that consent at any time; and
  • Complaint — lodge a complaint with us or with the relevant supervisory authority. 

11.2 Canada (PIPEDA, Alberta PIPA, BC PIPA, Quebec Law 25) 

Canadian residents have rights of access and correction under PIPEDA and provincial equivalents. Quebec residents additionally have the right to data portability and to be informed of automated decision-making affecting them under Law 25. To make a request, contact our Privacy Office at privacy@patronscan.com. We will respond within 30 days, or notify you within 30 days if more time is required. 

If you are unsatisfied with our response, you may contact: 

  • Office of the Privacy Commissioner of Canada — priv.gc.ca 
  • Office of the Information and Privacy Commissioner of Alberta — oipc.ab.ca 
  • Office of the Information and Privacy Commissioner for British Columbia — oipc.bc.ca 
  • Commission d’accès à l’information du Québec — cai.gouv.qc.ca 

11.3 European Economic Area, United Kingdom, and Switzerland (GDPR / UK GDPR) 

In addition to the rights in Section 11.1, individuals in the EEA, UK, and Switzerland have the right to: 

  • Restrict processing in certain circumstances; 
  • Object to processing based on legitimate interests, including for direct marketing; 
  • Data portability for personal information processed on the basis of consent or contract; and 
  • Not be subject to a decision based solely on automated processing that produces legal or similarly significant effects, except as permitted by law. 

You may lodge a complaint with your local data protection authority. A list is available at edpb.europa.eu. In the UK, the supervisory authority is the Information Commissioner’s Office (ico.org.uk). 

11.4 California, Virginia, Colorado, Connecticut, and Other US States 

California residents have the following rights under the CCPA, as amended by the CPRA: 

  • Right to know what personal information we have collected, used, disclosed, sold, or shared; 
  • Right to delete personal information, subject to exceptions; 
  • Right to correct inaccurate personal information; 
  • Right to opt out of the sale or sharing of personal information; 
  • Right to limit use and disclosure of sensitive personal information; 
  • Right to non-discrimination for exercising privacy rights; and 
  • Right to designate an authorized agent to make requests on your behalf. 

To exercise your California rights, contact privacy@patronscan.com. Patronscan honors Global Privacy Control (GPC) signals as a valid opt-out of sale or sharing where applicable. 

Residents of Virginia, Colorado, Connecticut, Utah, Texas, and other states with comprehensive privacy laws have similar rights and may exercise them in the same manner. 

11.5 Verification of Requests 

To protect your information, we will verify your identity before responding to a rights request. We may request information sufficient to confirm your identity, and may decline or delay requests where verification is not possible. Authorized agent requests must include proof of authorization and, in some cases, direct confirmation from the individual. 

11.6 Flag Network Disputes 

If you believe a flag in the Flag Network associated with you is inaccurate or inappropriate, you may submit a dispute by contacting privacy@patronscan.com. We will investigate the dispute, consult with the Customer that recorded the flag where appropriate, and respond within 7-14 days. Where we find that a flag is inaccurate, we will correct or remove it. Where we cannot conclusively resolve a dispute, you may request that a notation of disagreement be associated with the record. 

 

12. Children’s Privacy

Our Website and services are not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. Many of our Customer-facing services involve verifying that individuals meet a minimum age (such as 18, 19, or 21 depending on jurisdiction), and information collected during verification of underage individuals is used to determine eligibility and otherwise handled in accordance with applicable law and our Customer agreements. If you believe we have collected information from a child in a way that is inconsistent with this Policy, please contact privacy@patronscan.com. 

13. Cookies and Similar Technologies

Our Website uses cookies and similar technologies. A cookie is a small file placed on your device that allows a website to recognize you. We use the following categories: 

  • Strictly necessary cookies — required for the Website to function; 
  • Functional cookies — remember your preferences (such as language and region); 
  • Analytics cookies — help us understand how visitors use the Website (e.g., Google Analytics); 
  • Marketing and advertising cookies — used by us and our advertising partners (including HubSpot, Google Ads, Meta, LinkedIn) to measure campaign effectiveness and deliver relevant advertising. 

You can manage cookie preferences through our cookie banner, your browser settings, or platform-specific opt-out mechanisms. Disabling some cookies may affect Website functionality. For analytics opt-out, see tools.google.com/dlpage/gaoptout. 

14. Data Breach Procedures

Patronscan maintains an incident response plan covering identification, containment, investigation, notification, and remediation of security incidents involving personal information. Where a breach poses a real risk of significant harm to affected individuals, we will notify affected individuals and applicable regulators.

15. Automated Decision-Making and Profiling

Patronscan products use automated processing to authenticate identification documents, verify age, and detect potentially fraudulent documents. These automated checks inform the decisions made by Customer venue staff but do not themselves grant or deny entry — the final decision is made by a human Customer employee. 

The Flag Network presents flag information to Customer staff to inform their access decisions, but does not itself make access decisions. 

Where you believe an automated check has produced an inaccurate result, you may request human review and correction by contacting privacy@patronscan.com. 

16. Industry-Specific Compliance

Patronscan operates in industries subject to regulator-specific requirements, including: 

  • Liquor regulators such as the Alberta Gaming, Liquor and Cannabis Commission (AGLC) and equivalent bodies in other Canadian provinces and U.S. states; 
  • Gaming regulators where Customer venues operate gaming activities; 
  • Cannabis regulators in jurisdictions where cannabis retail is permitted; and 
  • Local licensing and law enforcement authorities. 

Patronscan products are designed to support Customer compliance with applicable regulator requirements, and certain data may be retained, shared, or formatted in specific ways to meet those requirements. 

17. Third-Party Sites and Services

Our Website may contain links to third-party websites and services. We are not responsible for the privacy practices of those third parties, and we encourage you to read their privacy policies. 

18. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal obligations. The “Effective Date” and “Last Updated” at the top of this Policy indicate when it was last revised. For material changes, we will provide additional notice, such as a prominent banner on the Website or, where appropriate, direct notification. 

19. Contact Us

For privacy questions, requests, or complaints, please contact our Privacy Office: 

Email: privacy@patronscan.com 

Phone: 1-877-778-9798 

Mail: 5905 Centre Street S, Calgary, Alberta, T2H 0C2, Canada