Privacy policy - EZIIL IO
Effective Date: June 8, 2026
Last Updated: June 8, 2026
1. Introduction
Eziil Standard OÜ (“Eziil”, “we”, “us”, or “our”) operates Eziil IO, a desktop application for Windows that reads RFID/NFC chip events from USB hardware devices and transmits them to a configured Eziil backend service. This Privacy Policy explains what data is collected, how it is used, and your rights regarding that data.
This application is designed for business and industrial use only and is deployed by organizations (customers) to their employees’ workstations. If you are an employee using this application, your organization’s own privacy and data-processing policies also apply.
2. Data Controller
Eziil Standard OÜ
Registry code: 17403943
Address: Tartu 7d, Viljandi, 71004, Estonia
Contact: support@eziil.com
Website: https://eziil.com
3. What Data We Collect
3.1 Data Transmitted to the Eziil Backend
Each time the application reads an RFID or NFC chip, the following data is sent to the Eziil backend API (api.eziil.com):
| Data | Description |
|---|---|
| Chip ID | The unique identifier stored on the RFID/NFC chip |
| Masked Chip ID | A partially masked version of the chip ID (for display purposes) |
| Timestamp | Date and time of the scan event |
| Machine hostname | The network name of the workstation running the application |
| Device settings | USB reader device ID, reader label, selected machine, operation, and department identifiers |
| Application metadata | Application name, version number, platform, and runtime information |
Note: RFID/NFC chip IDs may constitute personal data if chips are assigned to individual employees (e.g. as employee badges). In such cases, the employing organization is responsible for ensuring a lawful basis for processing under applicable data protection law (e.g. GDPR).
3.2 Data Stored Locally on the Device
| Data | Storage location | Encryption |
|---|---|---|
| API Key | Application data folder | Yes – encrypted via OS-level secure storage (Windows DPAPI) |
| Application logs | Windows: %ProgramData%\eziil-io\logs\ |
No |
3.3 Data We Do NOT Collect
Eziil IO does not collect:
- Personal names, email addresses, or passwords
- Location data or GPS coordinates
- Browser history or cookies
- Camera or microphone input
- Keystrokes other than RFID/NFC reader wedge input (USB keyboard-emulated scan output)
- Any data when the application is not actively running
4. How We Use the Data
We use the collected data for the following purposes:
- Core functionality: Forwarding RFID/NFC scan events to the customer’s Eziil backend workspace for operational tracking (e.g. machine usage, time and attendance)
- Device identification: Associating scan events with the correct workstation
- Application updates: Contacting GitHub Releases to check for and deliver application updates
- Diagnostics: Local log files for troubleshooting connection and hardware issues
We do not sell, rent, or share personal data with third parties for marketing purposes.
5. Third-Party Services
| Service | Purpose | Privacy Policy |
|---|---|---|
Eziil API (api.eziil.com) |
Receiving and storing scan events | https://eziil.com/eziil-io-privacy-policy/ |
| GitHub (GitHub Releases) | Delivering application auto-updates | https://docs.github.com/en/site-policy/privacy-policies/github-general-privacy-statement |
| Windows OS Credential Store | Securely storing the API key locally | Microsoft Privacy Statement |
6. Data Retention
- Scan event data is retained by the Eziil backend according to the data retention policy agreed between Eziil and the customer organization.
- Local API key is deleted when the user performs a “Reset” operation or uninstalls the application.
- Local log files are stored until manually deleted or the application is uninstalled.
7. Data Security
- The API key is encrypted using Windows DPAPI (Data Protection API) via Electron’s
safeStorageand is never transmitted in plain text in logs. - All communication with
api.eziil.comis encrypted in transit using HTTPS/TLS. - The application uses a least-privilege architecture: the settings UI renderer process has no direct access to the API key or network.
8. Legal Basis for Processing (GDPR)
For users within the European Economic Area, we process data on the following legal bases:
- Legitimate interests (Art. 6(1)(f) GDPR): Operational functionality of the application and workstation identification
- Contract (Art. 6(1)(b) GDPR): Fulfilling the service agreement between Eziil and the customer organization
- Legal obligation (Art. 6(1)(c) GDPR): Where applicable
If RFID chips are assigned to identifiable individuals, the customer organization acts as data controller for that personal data and is responsible for establishing an appropriate legal basis (e.g. employment contract, consent, or legitimate interest).
9. Your Rights
If personal data about you is processed through this application, you may have the following rights under GDPR or other applicable law:
- Right of access – request a copy of data processed about you
- Right to rectification – request correction of inaccurate data
- Right to erasure – request deletion of your data
- Right to restrict processing
- Right to data portability
- Right to object to processing based on legitimate interests
To exercise these rights, contact your employer (if deployed by your organization) or email us at support@eziil.com.
10. Children’s Privacy
Eziil IO is a business application not directed at children under 16 years of age. We do not knowingly collect personal data from children.
11. Changes to This Policy
We may update this Privacy Policy from time to time. The latest version will always be available at:
https://eziil.com/eziil-io-privacy-policy/
Material changes will be communicated through the application or via the customer organization.
12. Contact
Eziil Standard OÜ
Email: support@eziil.com
Website: https://eziil.com