Privacy Policy

EllipsGA Access App

Last updated: 2026-01-26

1. Introduction

EllipsGA Access App (“the App”) is designed to provide secure, NFC-based authentication for EllipsGA access controllers. We respect user privacy and are committed to protecting information processed by the App.

This Privacy Policy explains what data is processed, how it is used, and how it is protected when using the App on iOS and Android devices.

2. Data Collection

The EllipsGA Access App does not collect, store, or transmit personal data such as names, email addresses, phone numbers, contacts, photos, or precise location information.

Device-Related Data

• The App processes a device-specific identifier solely for authentication purposes.
• This identifier is:
  • Generated and used locally on the device
  • Encrypted using AES-128
  • Transmitted only via NFC during authentication
  • Not stored on external servers
• The App does not create user profiles or track users across apps or services.

3. Purpose of Data Processing

• Secure NFC-based authentication
• Verification with EllipsGA access controllers
• Ensuring controlled, hardware-bound access workflows

No data is used for advertising, analytics, marketing, or behavioral tracking.

4. Data Encryption and Security

• AES-128 encryption (FIPS 197 / ISO/IEC 18033-3)
• Electronic Codebook (ECB) mode (ISO/IEC 10116)
• Manual zero padding (ISO/IEC 9797-1 variant)
• NFC communication compliant with ISO/IEC 14443-B

Key material is generated internally. While functional, it may not fully comply with ISO/IEC 18031 random bit generation standards. This does not affect personal data protection, as no personal data is stored or retained.

5. Data Storage and Retention

• No personal data is stored on servers.
• Authentication data is processed temporarily and ephemerally during NFC communication.
• No historical logs, identifiers, or usage records are retained.

6. Data Sharing

• The App does not share data with third parties
• The App does not use third-party analytics, advertising SDKs, or tracking services
• The App does not sell or transfer data to external entities

7. Permissions

The App may request the following permission solely for functionality:

• NFC access – required for proximity-based authentication

No other device permissions (camera, microphone, contacts, location, storage) are required.

8. Children’s Privacy

The EllipsGA Access App is not intended for use by children under the age of 13.

The App does not knowingly collect any personal data from children.

9. User Rights

• There is no personal data to access, modify, or delete.
• Users may uninstall the App at any time to stop all data processing.

10. International Use

The App operates entirely on-device and via local NFC communication. No cross-border data transfers occur.

11. Changes to This Privacy Policy

We may update this Privacy Policy to reflect technical or regulatory changes.

Updates will be published at the same public URL where this policy is hosted.

12. Contact Information

If you have questions about this Privacy Policy or the App’s data practices, please contact:

• Email: info@sec.am
• Company / Organization: Ellips GA LLC