Short version: Vestibule stores visitor, contractor, and staff access records for the operational management of a secure establishment. Data is used only for that purpose, retained for 12 months, and is never shared with third parties or used commercially.
What this system is
Vestibule is an operational access management tool used by authorised staff to log and manage visitor and contractor access at secure establishments. It replaces paper-based vestibule records.
Access requires a registered account that must be approved by a manager. All actions are performed by authorised staff only.
Data controller
The data controller for information processed through Vestibule is the establishment at which the system is deployed. Queries about data held at a specific establishment should be directed to that establishment's manager or their Data Protection Officer.
The system is developed and maintained by Ignis Software, acting as a data processor on behalf of the establishment.
What data is stored
| Category | Data held |
|---|---|
| Staff accounts | Name, staff ID number (used as login identifier), role |
| Visitor & contractor records | Name, organisation, purpose of visit, visit dates, point of contact, contact extension, email address (if provided) |
| Authorisation details | Who authorised the visit, escort arrangements, authorising officer name |
| Device & tools authorisation | Details of any authorised personal computing devices (PCD) or contractor tools, including authorisation codes |
| Access log | Timestamps and staff names for ID confirmation, arrival, and departure |
| Deliveries | Mail and parcel records including addressee, tracking numbers, prisoner numbers where applicable |
| Audit trail | A time-stamped record of every key action (record created, edited, ID confirmed, arrived, departed) and the staff member who performed it |
Lawful basis for processing
Data is processed under Article 6(1)(e) of the UK GDPR — public task — specifically the operational requirement to manage and record access to a secure establishment, maintain accountability, and provide an audit trail for security and safeguarding purposes.
Where data relating to prisoner numbers is processed, this falls within the scope of Schedule 1, Part 2 of the Data Protection Act 2018 (substantial public interest — administration of justice and the exercise of public functions).
How data is used
Records are used solely to manage access to the establishment — tracking expected visitors, confirming identity, logging arrivals and departures, processing deliveries, and providing an audit trail if required for security or investigation purposes. Data is never used for commercial purposes, advertising, or profiling, and is never shared with any third party outside the operating organisation.
Data retention
Visitor and contractor records are retained for 12 months from the date of the visit, after which they are archived and no longer visible within the operational system. Archived records remain in the database and can be reviewed or permanently deleted by an administrator upon request.
Staff account data is retained for the duration of employment at the establishment. Accounts that are no longer active should be removed by a manager via the staff management panel.
Audit log entries are retained for 12 months in line with visitor records.
Where data is stored
Data is stored using Supabase, a cloud database provider. A Data Processing Agreement is in place with Supabase in accordance with UK GDPR Article 28. All data is encrypted in transit (TLS) and at rest (AES-256). Infrastructure is located within the European Economic Area.
No other third parties have access to the data.
Security measures
- All data transmitted over HTTPS — no unencrypted communication
- Login required for all access; accounts must be approved by a manager before activation
- Role-based access control — staff, manager, and FLM roles with enforced permissions at the database level
- Manager and FLM accounts require a 6-digit PIN as a second factor for sensitive actions
- Sessions expire automatically after one hour with no extension
- All actions are logged with the staff member's name, timestamp, and event type
- Passwords and PINs are never stored in plain text (bcrypt hashing, cost factor 12)
- Row-level security enforced at the database — no data is readable without an authenticated session
Your rights under UK GDPR
You have the following rights regarding personal data held about you:
- Right of access (Article 15) — you may request a copy of personal data held about you
- Right to rectification (Article 16) — you may request correction of inaccurate data
- Right to erasure (Article 17) — you may request deletion of your data where it is no longer necessary
- Right to restrict processing (Article 18) — you may request that processing be limited in certain circumstances
- Right to object (Article 21) — you may object to processing based on public task grounds
Requests should be directed to the establishment manager or their Data Protection Officer. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).
Changes to this policy
If this policy changes materially, the "last updated" date at the top of this page will be updated. Staff will be notified of any significant changes.