Privacy Policy for NiceCheckIn NFC Writer System

Last Updated: January 17, 2025

Introduction

The NiceCheckIn NFC Writer System consists of two components that work together to write booking ticket information to NFC tags for contactless venue access control:

1. Chrome Extension – Browser extension that integrates with Roller POS
2. Native Bridge Application (n1c-nfc-bridge) – Local application that communicates with NFC hardware

This privacy policy explains how both components handle data and protect your privacy.

Our Commitment

We do not collect, store, or transmit any personal data to external servers. All processing occurs locally on your computer.

System Components

Chrome Extension

• Function: Integrates NFC write buttons into Roller POS booking pages
• Access: Reads ticket IDs from web pages you visit on pos.roller.app domains
• Communication: Sends ticket IDs to the local bridge application via Chrome Native Messaging
• Storage: Stores only debug mode preference (on/off)

Native Bridge Application (n1c-nfc-bridge)

• Function: Communicates with ACR1252 NFC reader hardware
• Access: Requires USB/system permissions to access NFC reader
• Operation: Receives ticket IDs from the extension and writes them to NFC tags
• Storage: Does not store any data; processes commands in real-time only
• Network: Makes no network connections whatsoever

How They Work Together

1. You open a booking page on Roller POS
2. Extension injects NFC write buttons next to tickets
3. You click a button and place an NFC tag on the reader
4. Extension sends ticket ID to the bridge application (locally)
5. Bridge writes the ticket ID to the NFC tag
6. Bridge reports success/failure back to the extension
7. Extension displays result notification

All communication occurs locally on your computer. No data leaves your machine.

Data Collection and Usage

What Data We Access

Chrome Extension:

• Ticket IDs: Reads booking ticket IDs (format: XXXXXXXXX-XXXXXXXXX) from Roller POS booking pages at pos.roller.app domains
• Page Content: Scans the booking page HTML to locate ticket information and inject NFC write buttons

Native Bridge Application:

• Ticket IDs: Receives ticket IDs from the Chrome extension via local messaging
• NFC Hardware: Communicates with ACR1252 NFC reader via PC/SC protocol
• System Resources: Accesses USB/PC/SC daemon to control NFC reader

How We Use This Data

Data Flow:

1. Extension extracts ticket IDs from Roller POS web pages
2. Extension sends ticket IDs to bridge application (local communication only)
3. Bridge writes ticket IDs to NFC tags via hardware
4. Bridge reports status back to extension
5. All ticket data is discarded immediately after use

Privacy Guarantees:

• All data processing occurs entirely on your local machine
• No data is transmitted to external servers or the internet
• No analytics or tracking of any kind
• No cookies are used
• No personal information is collected by either component

What We Store

Chrome Extension:

• Debug Mode Setting: A single boolean preference (true/false) to enable verbose console logging for troubleshooting
• This setting is stored locally in Chrome’s storage and never leaves your computer
• No ticket IDs or personal information are ever stored

Native Bridge Application:

• No data storage: The bridge application does not persist any data
• Ticket IDs are held in memory only during active write operations
• All data is cleared immediately after tag writing completes or fails

Permissions Explanation

Chrome Extension Permissions

1. activeTab

• Purpose: Access the current Roller POS booking page when you click an NFC write button
• Usage:
  • Read ticket IDs from the visible page
  • Inject NFC write buttons into the interface
  • Display write progress notifications
• When Used: Only when you explicitly click an NFC button
• Data Access: Limited to the active tab, only while in use

2. Host Permissions (pos.roller.app/*)

• Purpose: Run the extension on Roller POS booking pages
• Specific Domains:
  • pos.roller.app
  • pos1.roller.app through pos9.roller.app
• Usage: Insert NFC write functionality into the booking interface
• Scope: Extension only operates on these specific domains
• No Network Requests: The extension makes no outbound network calls

3. nativeMessaging

• Purpose: Communicate with the n1c-nfc-bridge application on your local computer
• Usage:
  • Send ticket IDs to the local NFC writer application
  • Receive write progress updates (waiting, writing, success, errors)
  • Check NFC reader connection status
• Communication: All via Chrome’s Native Messaging API using local stdin/stdout
• Network: Zero external network communication

4. storage

• Purpose: Store debug mode preference only
• What’s Stored: Single boolean value for logging preference
• What’s NOT Stored: No tickets, no personal data, no browsing history
• Access: Data never leaves your computer

Native Bridge Application Permissions

The native bridge application requires system-level permissions to function:

1. USB/Hardware Access

• Purpose: Communicate with ACR1252 NFC reader connected via USB
• Usage: Send commands to read/write NFC tags
• Scope: Only accesses the specific ACR1252 NFC reader device
• Privacy: No access to other USB devices or system resources

2. PC/SC Service Access (Linux/macOS/Windows)

• Purpose: Interface with the operating system’s smart card services
• Usage: Required protocol for all NFC reader communication
• Standard: Industry-standard PC/SC protocol (no proprietary access)

3. Native Messaging Host Registration

• Purpose: Allow Chrome to launch the bridge application
• Setup: Requires manual installation of native messaging manifest
• Security: Only the Chrome extension with matching ID can communicate
• Isolation: Bridge can only be invoked by the authorized extension

Important: The native bridge application:

• ❌ Does NOT require admin/root privileges
• ❌ Does NOT access network or internet
• ❌ Does NOT access files, clipboard, or other system resources
• ❌ Does NOT run in the background (only when extension sends commands)
• ✅ Runs in user space with minimal permissions
• ✅ Only communicates via stdin/stdout with Chrome

Data Security

Chrome Extension:

• Local Processing: All operations occur in your browser
• No Remote Servers: Extension does not connect to any external servers
• No Remote Code: All code is bundled in the extension; nothing is downloaded at runtime
• Isolated Communication: Only communicates with authorized native bridge application

Native Bridge Application:

• Offline Operation: No network capabilities whatsoever
• Minimal Permissions: Runs in user space, no elevated privileges required
• Hardware Isolation: Only accesses NFC reader, no other system resources
• Secure Communication: Only accepts commands from authorized Chrome extension

System-Wide Security:

• No Third Parties: No data is shared with any third parties
• No Analytics: No usage tracking or telemetry of any kind from either component
• Data in Transit: Communication between extension and bridge uses Chrome’s secure Native Messaging API
• No Persistence: Ticket data is never written to disk by either component

Your Privacy Rights

You Control Everything

Chrome Extension:

• Enable/Disable: Turn the extension on or off at any time via Chrome settings
• Explicit Activation: Extension only acts when you click NFC buttons
• Uninstall: Remove the extension completely through Chrome’s extension manager

Native Bridge Application:

• Manual Installation: You control when and if to install the bridge application
• On-Demand Execution: Bridge only runs when extension sends commands (not a background service)
• Complete Removal: Delete the bridge executable and native messaging manifest to fully remove
• No Auto-Start: Bridge never starts automatically at system boot

Full System Removal:

1. Uninstall Chrome extension via chrome://extensions
2. Delete native bridge application executable
3. Remove native messaging manifest from Chrome/Chromium config folder
4. Optionally unplug NFC reader hardware

What We Don’t Do

• ❌ Collect personal information
• ❌ Track your browsing
• ❌ Store ticket data
• ❌ Use cookies or tracking technologies
• ❌ Send data to external servers
• ❌ Share information with third parties
• ❌ Show advertisements
• ❌ Perform background monitoring

Third-Party Services

None. Neither the Chrome extension nor the native bridge application uses any third-party services, APIs, analytics platforms, or external dependencies that communicate over the network.

What This Means:

• No Google Analytics or similar tracking
• No error reporting to external services
• No CDN-hosted code or resources
• No advertisement networks
• No social media integrations
• No cloud storage or syncing
• All functionality is 100% self-contained and local

Data Retention

Chrome Extension:

• Ticket IDs: Processed in real-time, never stored
• Debug Setting: Retained in Chrome local storage until you change it or uninstall
• Other Data: None collected

Native Bridge Application:

• Ticket IDs: Held in memory only during active write operation, immediately discarded
• No Persistent Storage: Bridge maintains no database, logs, or cached data
• Other Data: None collected

Important: Neither component creates log files containing ticket IDs or personal information.

International Data Transfers

Since all processing occurs locally on your computer and no data is transmitted externally, there are no international data transfers.

Children’s Privacy

This extension is designed for business use by venue operators. It does not knowingly collect information from anyone, including children under 13.

Compliance

GDPR Compliance (European Union)

• No Personal Data Collection: The extension does not collect personal data as defined by GDPR
• No Data Processing: Ticket IDs are processed locally for immediate use, not stored
• Legal Basis: Not applicable as no personal data is collected
• Your Rights: Full control via Chrome’s extension management

CCPA Compliance (California)

• No Sale of Data: We do not sell user data
• No Data Collection: No personal information is collected to sell or share

Chrome Web Store Policies

This extension fully complies with Chrome Web Store Developer Program Policies:

• No undisclosed data collection
• No misleading functionality
• All permissions are justified and necessary
• No remote code execution

Changes to This Policy

We may update this privacy policy to reflect changes in the extension or legal requirements. Updates will be indicated by the “Last Updated” date at the top of this document.

Significant changes will be announced through:

• Updated extension description in Chrome Web Store
• Release notes on our website

Contact Information

For privacy questions or concerns:

• Email: support@aifinity.io
• Project: NiceCheckIn NFC Writer
• Publisher: NiceCheckIn / Aifinity

Your Consent

By installing and using the NiceCheckIn NFC Writer System (Chrome extension and/or native bridge application), you acknowledge that you have read and understood this privacy policy and agree to its terms.

Questions or Concerns?

If you have any questions about this privacy policy or how the system handles data, please contact us at support@aifinity.io. We’re committed to transparency and will respond promptly to any privacy-related inquiries.