Access control
Owners sign in to the company account. Concierge devices use a separate site ID and password, and staff select their individual profile after site sign-in. Plan and device limits are checked whenever access is granted.
LobbyPost operations access is kept separate from owner and site access and protected with additional sign-in controls.
Resident and parcel data
LobbyPost records the information needed to match, receive, and release parcels. Resident email is optional per site and remains off until the owner enables it.
Connections are encrypted in transit, and application credentials are not included in the website or mobile app.
Operational safeguards
Parcel records retain the receiving staff profile, release staff profile, method, timestamp, and signature where captured. Administrative subscription and access changes are audited.
Customers are responsible for securing site credentials, removing unused devices, keeping staff profiles current, and limiting device access to authorised building staff.
Report a security concern
Do not include resident records, passwords, authentication codes, or payment details in an initial report. Send a summary to [email protected]. LobbyPost will provide a secure route for any supporting information.