Privacy Policy

Last Updated: May 3, 2026

1. Introduction

Allegion PLC ("we", "us", or "our") operates the Romanworks Access system, which includes the realtime.romancontrols.com website and the Romanworks Access mobile application (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect information in connection with this Service.

The Romanworks Access iOS app is an enterprise tool that allows employer-provisioned users to authenticate and provision NFC mobile access credentials into Apple Wallet. Users cannot create accounts within the app — accounts are provisioned by your employer or administrator.

2. Information We Collect

The Service collects the following categories of information:

a) Account and Authentication Data

b) Access Credential Data

c) SDK Analytics Events (collected automatically by Microsoft AppCenter via the Allegion SDK)

d) Device Security Information

3. How We Use Your Information

We use the collected information to:

We Will NOT:

4. Third-Party Services

The Service uses the following third-party services. Each processes data as described below. We encourage you to review their respective privacy policies.

Auth0 (Authentication) Used to authenticate users via web-based login using the OpenID Connect protocol. When you log in, the app requests the OAuth2 scopes openid email profile, which allows Auth0 to share your email address, name, and profile information with the app. Authentication tokens are stored in the iOS Keychain on your device and cleared when you log out.

Data received by Auth0: Email address, name, profile information, login activity
Privacy Policy: https://auth0.com/privacy
Amazon Web Services — AWS (Infrastructure) Allegion's backend infrastructure runs on AWS. Your account, credential, and access rights data are stored and processed on AWS servers.

Data stored: Account data, credential data, access logs
Privacy Policy: https://aws.amazon.com/privacy/
Microsoft AppCenter (SDK Analytics) The Allegion mobile access SDK used by this app automatically sends usage analytics events to Microsoft AppCenter. This occurs automatically when the SDK is initialized and does not require any action from you.

Data collected: App bundle identifier, SDK initialization and configuration events, authentication flow success/failure events (no personal information), NFC access rights retrieval success/failure events (no personal information)
Linked to identity: No — these events contain only the app bundle identifier and generic event descriptions. No email addresses, user IDs, tokens, or credentials are included.
Opt-out: To request opt-out of SDK analytics data collection, contact developer.support@allegion.com. We will work with our SDK provider to process your request.
Privacy Policy: https://privacy.microsoft.com/
Allegion Backend Services The Allegion API receives your authentication token to retrieve your NFC access credentials. The app communicates with Allegion servers to provision credentials into Apple Wallet.

Data received: Authentication tokens, NFC credential data, provisioning status
Privacy Policy: Allegion Privacy Notice

5. Data Storage and Security

6. Your Rights and Choices

As a user of the Service, you have the right to:

SDK Analytics Opt-Out: The Allegion mobile access SDK automatically collects usage analytics events via Microsoft AppCenter. These events do not include personal information. To request opt-out of SDK analytics data collection, please contact developer.support@allegion.com. We will work with our SDK provider to process your request.

To exercise any of these rights, please contact us using the information provided in Section 13.

7. Mobile Application (Romanworks Access)

The Romanworks Access mobile application is an enterprise tool for iPhone that allows employees to provision NFC mobile access credentials into Apple Wallet. The app requires an employer-provisioned account and cannot be used to create new accounts. An NFC-capable iPhone is required.

Authentication: The app uses Auth0 web-based authentication. When you log in, your browser opens Auth0's login page and the app requests your email address, name, and profile information via the OAuth2 scopes openid email profile. Authentication tokens are stored securely in the iOS Keychain on your device and are cleared when you log out.

NFC Credential Provisioning: After authentication, the app retrieves your NFC access rights from Allegion's servers using your authentication token. You are then guided through adding those credentials to Apple Wallet using Apple's PassKit framework. The data exchanged during this process includes your authentication token and NFC credential data.

SDK Analytics: The Allegion mobile access SDK used by this app automatically sends usage analytics events to Microsoft AppCenter when the SDK initializes. These events include SDK initialization status, authentication flow success or failure, and NFC rights retrieval status. No personally identifiable information is included in any of these events. See Section 4 for details and Section 6 for opt-out instructions.

Security: The app performs a jailbreak detection check at launch using a local security library. If your device is detected as jailbroken, the app will immediately terminate to protect the security of your access credentials. No jailbreak detection data is transmitted externally.

8. Data Linked to Your Identity vs. Not Linked

The following table describes how the data collected by this app is classified in accordance with Apple App Store privacy standards.

Data Category Classification Collected By
Email address, name, Auth0 user ID Linked to your identity Auth0 / Allegion backend
NFC access credentials and access rights Linked to your identity Allegion backend
Authentication tokens Linked to your identity — stored locally in iOS Keychain Auth0 (stored locally)
SDK analytics events (app bundle ID, generic init/auth/NFC events) Not linked to your identity — no user identifiers included Microsoft AppCenter
Jailbreak detection result Not transmitted externally — local only On-device only

Tracking: We do not use your data to track you across third-party apps or websites for advertising purposes.

9. Data Sharing and Disclosure

We do not sell, trade, or rent your information. We may share data only in the following limited circumstances:

10. Children's Privacy

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect information from children under 18. If you believe a child has provided information to the Service, please contact us immediately.

11. International Users

The Service is hosted in the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. By using the Service, you consent to such transfer.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the "Last Updated" date at the top of this policy. For material changes, we will make reasonable efforts to notify you. Continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or the Service — including requests to exercise your data rights or opt out of analytics — please contact us at:

Email: developer.support@allegion.com
Company: Allegion PLC


© 2026 Allegion PLC. All rights reserved.