yAppointment Scanner App Privacy Policy
Privacy policy for the yAppointment Scanner companion mobile application
Last updated: 2026-07-09
Purpose of the App
The yAppointment Scanner is a companion mobile application used by a business's own staff and employees to scan barcodes and QR codes for warehouse and inventory management, goods receipt, stock-taking (inventory sessions), and the validation of passes, tickets, and other credentials issued through the yAppointment platform. The app is not intended for use by end customers or consumers.
Data Controller and Data Processor
The business that deploys yAppointment and operates the Scanner app ("the Business") is the data controller for the operational data processed through the app, including staff accounts, inventory records, and scanned credentials. LohiSoft s.r.o., the provider of the yAppointment platform, acts as a data processor / service provider on behalf of the Business. LohiSoft s.r.o. Komenskeho 317/135 Sturovo, 943 01 Slovak Republic Email: info@yappointment.com
Data Access and Permissions
The app requests the following device permissions and access:
- Camera – Used solely to scan barcodes and QR codes in real time. The app does not capture, store, or transmit photographs or video; only the decoded code value is processed.
- Local network – The app may connect to the Business's local network or backend service to communicate with the yAppointment backend.
- Internet – Required to synchronize scans and inventory operations with the yAppointment backend server.
Data Processed
The app processes the following data:
- Authentication token – A JWT issued when the staff user logs in with their yAppointment account, used to identify the user and their company/tenant.
- Scanned codes – The decoded value of barcodes and QR codes scanned during warehouse, inventory, and credential-validation operations.
- Stock, inventory, and credential operations – The results of scans (e.g. stock adjustments, goods receipt entries, pass/ticket validation outcomes) linked to the staff user's account and the Business's company ID.
- Diagnostic data – Device model, operating system version, app version, and crash/stack-trace information (see 'Crash and Diagnostic Reporting' below).
Data Transfer
Scanned codes and the resulting stock, inventory, and credential operations are transmitted to the Business's yAppointment backend (api.yappointment.com) over encrypted HTTPS connections and synchronized in real time over a secure WebSocket connection (wss.yappointment.com). In collaborative inventory sessions, relevant events are broadcast to other authorized devices of the same company so staff can work together on the same stock-taking session. The app does not transmit data to any third party other than those listed under 'Third-Party Services' below.
Data Storage
The authentication token is stored on-device using the platform's secure storage mechanisms (the iOS Keychain or Android's encrypted storage, accessed through a dedicated secure-storage plugin). App settings and preferences are stored locally on the device. If the device is temporarily offline, pending scan operations may be queued and stored locally until connectivity is restored and they can be synchronized with the backend.
Crash and Diagnostic Reporting
The app uses Sentry to collect crash reports and technical diagnostic data, including device model, operating system version, app version, and stack traces, in order to identify and fix stability issues. This diagnostic data does not include scanned code values, camera images, or inventory content. Sentry's privacy policy applies: https://sentry.io/privacy/
Security
All communication between the app and the yAppointment backend uses HTTPS and secure WebSocket (WSS) connections. Access is scoped to the staff user's authenticated account and the Business's company ID, so staff can only view and modify data belonging to their own company. The authentication token is stored using the operating system's secure storage mechanisms.
Third-Party Services
The app uses Sentry (Functional Software, Inc., USA) solely for crash and diagnostic reporting, as described above. The app does not use advertising SDKs, marketing trackers, or third-party analytics services. Sentry's privacy policy applies: https://sentry.io/privacy/
Your Rights
Staff users processed as data subjects have the right to access, correct, or request deletion of their personal data. Because the Business using yAppointment is the data controller for operational data created through the app, requests relating to your employment or work data should first be directed to your employer (the Business). You may also contact LohiSoft s.r.o. directly using the details below, and we will forward or assist with your request as appropriate.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes to the app or applicable law. Material changes will be reflected in an updated 'Last updated' date at the top of this page. We recommend reviewing this policy periodically.
Contact
For questions about this privacy policy: LohiSoft s.r.o. Komenskeho 317/135, Sturovo, 943 01, Slovak Republic Email: info@yappointment.com
Contact
For questions about this privacy policy: LohiSoft s.r.o. Komenskeho 317/135, Sturovo, 943 01, Slovak Republic Email: info@yappointment.com