Legal

Terms of Service

Please read these terms carefully before using WhoVisited. By accessing our platform, you agree to be bound by the terms below.

Last updated: 2 June 2026

Agreement to Terms

These Terms of Service ("Terms") constitute a legally binding agreement between you and WhoVisited Ltd ("WhoVisited", "we", "our", or "us") governing your access to and use of the WhoVisited platform, website, and related services (collectively, the "Service").

By creating an account, accessing the Service, or authorising others to use it on your behalf, you confirm that you have read, understood, and agree to be bound by these Terms and our Privacy Policy. If you are entering into these Terms on behalf of an organisation, you represent that you have the authority to do so.

If you do not agree to these Terms, you must not use the Service.

Service Description

WhoVisited is a cloud-based site attendance and visitor-management platform. It enables companies to:

  • Register physical sites with addresses, GPS coordinates, and timezone settings.
  • Maintain a roster of staff, contractors, and visitors, each assigned a unique 6-digit PIN.
  • Record check-in and check-out events at kiosk devices locked to a specific site.
  • View live attendance (derived from the most recent log per user), filter records, and export reports as CSV.
  • Configure auto-logout to automatically close open check-ins at a daily cut-off time per site.

The Service is provided as software-as-a-service (SaaS). We reserve the right to modify, enhance, or discontinue features with reasonable notice.

Account Types & Registration

The Service supports three principal account types:

  • Manager accounts — company operators who configure sites, manage user rosters, run kiosk mode, and access reporting. Managers authenticate via email and password.
  • Standard user accounts — staff, contractors, and visitors who check in and out using their 6-digit PIN at a kiosk. Standard users do not have direct platform login credentials.
  • Super admin accounts — internal WhoVisited platform administrators with elevated access. These accounts are not available to Customers.

You must provide accurate, current, and complete information when registering. You are responsible for maintaining the confidentiality of your password and for all activity under your account. Notify us immediately at contact@whovisited.com if you suspect unauthorised access.

Manager Responsibilities

As a Manager, you are responsible for:

  • Accuracy of company and site data — ensuring all registered site addresses, coordinates, and settings are correct.
  • User roster management — creating, updating, and removing standard user profiles in a timely manner, including when staff leave or change role.
  • Legal compliance — obtaining any required consents from employees, contractors, and visitors before collecting their attendance data, in accordance with applicable employment and privacy law in your jurisdiction.
  • PIN security — issuing PINs to users securely and advising users not to share them.
  • Data handling — handling attendance exports and emailed reports in compliance with applicable data protection law. You are the data controller for your company's attendance data.
  • Kiosk device security — see the Kiosk Mode section below.

Standard User Accounts

Standard users (staff, contractors, and visitors) interact with the Service via the kiosk interface. By checking in, standard users agree that:

  • Their 6-digit PIN is personal and must not be shared with any other person.
  • They will check in and out accurately and will not enter false attendance records.
  • Their employer or hosting company has the authority to record their attendance using the Service.
  • Visitor-type users must provide accurate company name, purpose of visit, and vehicle registration where requested.

Managers are responsible for communicating these obligations to the users in their roster.

Kiosk Mode

Kiosk mode allows a Manager to lock a device to a single site for unattended check-in use. When kiosk mode is active:

  • A site-scoped kiosk token replaces the Manager's full-access token. This token can create attendance logs but cannot manage company settings, export data, or change credentials.
  • Exiting kiosk mode requires the Manager to enter their account password.
  • The Manager is solely responsible for the physical security of the kiosk device. We accept no liability for unauthorised check-ins arising from an unsecured or unattended device.
  • Super admins may record attendance at a kiosk without a PIN when operating the device directly.

Location Services

The app can use the device's GPS/geolocation to automatically detect and select the nearest registered site within 1 km at the start of a kiosk session. This feature is optional; sites can always be selected manually.

Managers are responsible for ensuring that:

  • Users are informed that location access may be requested when starting a kiosk session.
  • Any consent or notification requirements under applicable employment or privacy law in their jurisdiction are met before enabling geolocation-based site detection.

Location coordinates are processed client-side only and are not stored on our servers. See the Privacy Policy for full details.

Acceptable Use

You agree not to:

  • Use the Service for any unlawful purpose or in violation of these Terms.
  • Enter false attendance records or impersonate another person at the kiosk.
  • Reverse engineer, decompile, or attempt to extract the source code of the Service.
  • Use automated scripts, bots, or scrapers to access the platform.
  • Attempt to bypass PIN validation, authentication, or any other security control.
  • Upload content that is unlawful, harmful, or infringes third-party rights.
  • Use the Service to process data of minors under the age of 16 without appropriate lawful authority.
  • Interfere with or disrupt the integrity or performance of the Service.

We reserve the right to suspend or terminate access for violations of this section without prior notice.

Your Data

You own your data. All company information, site data, user profiles, and attendance records that you create or upload remain your property. We process this data solely to provide and operate the Service.

By using the Service, you grant WhoVisited a limited, non-exclusive, worldwide licence to store, process, and transmit your data for the sole purpose of delivering the Service and complying with legal obligations.

On termination of your account, you may request an export of your data in CSV format. We will delete your data within 30 days of account closure, subject to any legal retention requirements.

For details of how we handle personal data, please read the Privacy Policy.

Intellectual Property

The Service, including its software, design, trade marks, logos, and content (excluding Customer data), is owned by or licensed to WhoVisited Ltd and is protected by intellectual property law. Nothing in these Terms transfers any intellectual property rights to you.

You may not reproduce, distribute, modify, or create derivative works of any part of the Service without our prior written consent.

The WhoVisited API is made available under an MIT licence. Refer to the platform documentation for details of permitted API use.

Service Availability

We aim to provide a reliable, always-on service but do not guarantee uninterrupted availability. The Service is provided "as is" and "as available". We may perform scheduled maintenance with advance notice where possible.

The auto-logout scheduler runs every minute but is subject to normal cloud infrastructure delays. You should not rely on auto-logout as a substitute for manual attendance management in safety-critical situations.

Limitation of Liability

To the fullest extent permitted by law:

  • WhoVisited's total aggregate liability to you for any claim arising from or related to these Terms or the Service shall not exceed the greater of (a) the amounts paid by you in the 12 months preceding the claim, or (b) £100.
  • We are not liable for any indirect, incidental, consequential, special, or punitive damages, including loss of profits, loss of data, business interruption, or reputational harm, even if advised of the possibility of such damages.
  • We are not responsible for losses arising from your failure to secure kiosk devices, PIN compromise, inaccurate attendance records, or your non-compliance with applicable employment or privacy law.

Nothing in these Terms limits liability for death or personal injury caused by negligence, fraud or fraudulent misrepresentation, or any other liability that cannot be excluded by law.

Indemnification

You agree to indemnify, defend, and hold harmless WhoVisited Ltd, its officers, directors, employees, and agents from and against any claims, damages, losses, liabilities, and expenses (including reasonable legal fees) arising from:

  • Your use of the Service in breach of these Terms.
  • Your violation of any applicable law or regulation, including data protection law.
  • Any claim by your employees, contractors, or visitors relating to the collection or use of their personal data through the Service.

Termination

Either party may terminate the service relationship at any time. We may suspend or terminate your access immediately for material breach of these Terms, including (but not limited to) violations of the Acceptable Use section.

On termination, your right to access the Service ceases. Sections that by their nature should survive termination (including Limitation of Liability, Indemnification, Governing Law, and the Data section) will continue to apply.

Governing Law & Disputes

These Terms are governed by and construed in accordance with the laws of England and Wales. Any disputes arising from or related to these Terms shall be subject to the exclusive jurisdiction of the courts of England and Wales, except where mandatory consumer protection law in your jurisdiction provides otherwise.

Changes to These Terms

We may revise these Terms from time to time. For material changes, we will provide at least 30 days' notice by email to registered Managers and by displaying a prominent notice within the platform. Minor or clarificatory changes may take effect immediately.

Continued use of the Service after the effective date of revised Terms constitutes your acceptance of the changes. If you do not agree, you must stop using the Service before the effective date.

Contact Us

If you have questions about these Terms, please get in touch:

contact@whovisited.com
WhoVisited Ltd, United Kingdom