Lockstry

Privacy Policy

Last updated: July 10, 2026

1. Introduction

Lockstry ("we," "us," or "our") provides self-storage access technology, including mobile apps, an owner and manager web portal, NFC-powered smart lock hardware, cloud services, optional facility camera viewing and computer-vision features ("Vision"), and this website (collectively, the "Services"). This Privacy Policy explains how we collect, use, share, and protect your personal information when you use any part of our Services.

By using our Services, you agree to the practices described in this policy. If you do not agree, please do not use our Services. This policy should be read alongside our Terms of Service.

2. Information We Collect

(a) Information you provide

  • Account information: Name, email address, and account status.
  • Organization and facility access: Invitations, organization roles, facility assignments, and permissions granted to organization owners and facility managers.
  • Move-out content: Photos of your storage unit taken during the move-out process, along with any optional notes or survey responses you submit.
  • Key sharing details: When you share access to your unit, we collect the name, email address, and access parameters (such as expiration date) of the person you share with.
  • Support communications: Any information you provide when contacting us for help.

(b) Information collected automatically

  • Device information: Device type, operating system, and app version.
  • Network information: IP address.
  • Usage and audit data: App and portal interactions, authentication events, invitations, permission changes, lock and unlock activity, and feature usage. Access events may include the user, facility, unit, lock, time, action, and result. We may also record move-out notification delivery and read status.
  • Location data: Approximate location, only if you enable location services on your device.

(c) Information from third parties

  • Facility and lease data: Your storage facility provides us with information from their storage management platform, such as your unit assignment, lease status, and contact details, so we can set up and manage your access.

(d) Vision information

If a facility enables Vision, authorized users may view camera feeds made available by that facility. Software running on facility-controlled equipment may analyze visible activity to indicate whether a person or vehicle appears in view. The current Vision service does not perform facial recognition, identify individuals, or make claims about a person's identity.

(e) Information we do NOT collect

  • Payment card data: We do not collect, process, or store credit card numbers or other payment credentials. All billing is handled by your facility's payment provider.
  • Biometric templates: If you enable Face ID or Touch ID in the app, your biometric data is processed and stored entirely on your device by your operating system. Lockstry never receives, transmits, or stores biometric templates.
  • Facial recognition data: Vision does not create facial templates or use facial recognition to identify people.

We also collect non-personal information, such as aggregated usage statistics, for analytics.

3. How We Use Your Information

We use the information we collect to:

  • Authenticate your identity: Send email sign-in links or one-time codes, depending on the part of the Services you use.
  • Provide lock access: Deliver encrypted digital keys to your device so you can lock and unlock your storage unit via NFC.
  • Process move-outs: Collect and store required unit photos and route them to your facility operator.
  • Manage facility teams: Process invitations, organization roles, facility assignments, and feature permissions for owners and managers.
  • Provide facility operations tools: Show authorized users access history, move-out notifications, and, when enabled, facility camera feeds and visible person-or-vehicle indicators.
  • Send transactional communications: Notify you about account activity, access changes, and service updates via email.
  • Maintain security: Enforce rate limiting, log access events for audit purposes, and detect unusual activity.
  • Improve our Services: Analyze usage trends to enhance functionality and reliability.
  • Comply with legal obligations: Respond to lawful requests and enforce our terms.

4. How We Protect Your Information

We use layered security measures to protect your data:

  • NFC encryption: Communication between the app and our smart locks is encrypted. Authorized lock credentials may be stored in device-protected storage so that some lock operations continue without an internet connection. Temporary shared credentials retain their expiration date.
  • Authentication: Sessions use secure tokens that expire automatically. API endpoints enforce rate limits to prevent abuse.
  • Access controls: Server-side authorization limits organization owners and facility managers to the organizations, facilities, and features assigned to them.
  • Biometric security: If you enable Face ID or Touch ID, your biometric data remains in your device's secure keychain and is never sent to our servers.
  • Photo storage: Move-out photos are stored in encrypted cloud storage.

No system is completely secure, and we cannot guarantee absolute security. If you believe your account has been compromised, contact us immediately at [email protected].

5. Data Sharing

We do not sell your personal data. We may share your information with the following parties:

  • Cloud infrastructure: We use third-party cloud services for hosting, email delivery, encryption key management, photo storage, and monitoring. These providers process data on our behalf under their data processing agreements.
  • Your storage facility: We share access activity, move-out photos, and account information with your facility operator through their storage management platform so they can manage their property.
  • Authorized facility users: Organization owners and permitted facility managers may view information for the organizations, facilities, and features they are authorized to manage. Organization owners may also view and manage organization team information. Depending on assigned access, other information may include access history, move-out notifications, and enabled Vision feeds.
  • Legal compliance: We may disclose information when required by law, regulation, or legal process such as a court order or subpoena.
  • Business transfers: If Lockstry is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

6. Data Retention

We keep information only while it is reasonably needed to provide the Services, support a facility's operations, protect security, maintain an audit record, resolve disputes, or meet contractual and legal obligations. The exact period can vary by data type and by the facility's agreement and legal requirements.

  • Active account data: We retain your account information for as long as your account remains active.
  • Access and audit records: The current portal lets authorized users search up to 12 months of access history. That visibility window is not a promise that records are automatically deleted or archived after 12 months. Records may remain in active systems longer when needed for facility operations, security, audits, disputes, contractual requirements, or law. Any longer-term archive or deletion schedule is governed by our written procedures and applicable facility agreements as those processes are implemented.
  • Move-out photos: Photos are retained according to your facility operator's policy.
  • Authentication records: Email sign-in codes expire after a short time. We may retain limited authentication and session records temporarily to prevent fraud, investigate security issues, and maintain service integrity.
  • Vision media: The current Lockstry Vision service does not retain camera video, frames, clips, or person-or-vehicle detection results in Lockstry cloud storage. A facility may separately record and retain video using its own network video recorder (NVR) or camera system. The facility operator controls that system and its retention policy.
  • After account closure: Closing an account disables access, but it does not necessarily erase every associated record immediately. We delete or de-identify personal information when it is no longer reasonably needed, while retaining information required for facility records, security and audit history, disputes, contracts, or law.

You may request account deletion through the Settings screen in the app or through our account deletion request page.

7. Your Rights and Choices

You have the following rights regarding your personal information:

  • Access and update: View and edit your profile information through the app's Settings screen.
  • Delete your account: Request account deletion through the app's Settings screen or our account deletion request page. Certain facility, access, move-out, security, and audit records may be retained or de-identified as described above.
  • Location services: You can enable or disable location access through your device's system settings. Disabling location may limit certain app features.
  • Biometric authentication: You can enable or disable Face ID/Touch ID through the app's Settings screen at any time.
  • Promotional communications: Opt out of promotional emails via unsubscribe links or by contacting us. Transactional messages, including sign-in, invitation, permission, access, and move-out messages, cannot be opted out of while they are needed to provide your account or facility services.

To exercise any of these rights, contact us at [email protected]. You may also have additional rights under applicable local privacy laws.

8. International Data Transfers

Our Services are hosted in North America. Lockstry currently operates exclusively in North America. If you access our Services from outside this region, your data will be transferred to and processed in North America. By using our Services, you consent to this transfer, subject to applicable data protection laws.

9. NFC Technology and Lock Communication

Our smart locks use Near Field Communication (NFC) technology to provide battery-free, phone-powered access to storage units. Here is how we handle data in this process:

  • How it works: When you tap your phone to the lock, your device supplies power to the lock via NFC and transmits an encrypted access credential. The lock verifies the credential and responds with a lock or unlock confirmation.
  • Encryption: Communication between your phone and the lock is encrypted. Credentials are issued by our servers and protected using device security controls.
  • Secure offline credentials: After the app obtains an authorized credential, it may keep that credential in device-bound protected storage to support offline lock operation. Credentials for ongoing tenant or owner access may remain on an offline device until the user signs out, the app reconnects and receives an access change, or the physical credential is rotated. Temporary shared credentials remain subject to their configured expiration.
  • Operation logging: Lock and unlock events are recorded with a timestamp and user or access-grant identifier for security and audit purposes. If the device is offline, the event may be uploaded after connectivity returns.

10. Photographs and Media

During the move-out process, you are required to take photos of your storage unit. These photos are:

  • Uploaded to and stored in encrypted cloud storage.
  • Shared with your facility operator as part of the move-out record.
  • Retained according to your facility operator's policy.

You may also submit optional notes and a brief survey as part of the move-out process. This information is shared with your facility operator.

11. Facility Vision

Vision is an optional facility feature. Authorized organization owners and facility managers with the required permission may view camera feeds for assigned facilities. Video is routed from facility-controlled camera equipment through secured connections. The current Lockstry Vision service analyzes frames only to indicate visible people or vehicles; it does not identify individuals or use facial recognition.

Lockstry does not retain Vision video, frames, clips, or detection results in Lockstry cloud storage as part of the current service. A facility's separate camera system or NVR may record the same feed under the facility operator's own settings and policies. Questions about facility recordings should be directed to the facility operator.

12. Changes to This Policy

We may update this policy. Significant changes will be notified via email or app notifications. Continued use constitutes acceptance.

13. Contact

For privacy concerns, contact [email protected].