Your building watches people. Do they know what you're collecting?
14 cameras. WiFi analytics on every floor. A badge system that logs every entry. And a laminated A4 sheet that says 'CCTV in operation.' That's not consent. This is.
A posted notice isn't consent
CCPA gives California consumers the right to know what data is collected and opt out of its sale. BIPA requires written consent before collecting biometric data. State privacy laws are multiplying — and a generic sign at the entrance doesn't satisfy any of them.
- Illinois BIPA imposes $1,000–$5,000 per violation for collecting biometric data (facial recognition, fingerprint scans) without written consent — class actions have resulted in $650M+ settlements
- CCPA requires a 'notice at collection' that discloses categories of personal information collected and the business purpose — a generic sign doesn't qualify
- WiFi analytics that track device identifiers are covered by CCPA as personal information — passive collection without notice is a violation
- Texas, Washington, and Colorado have passed their own biometric privacy laws — the patchwork is growing
One scan. Every purpose. Auditable forever.
Visitors see a toggle for each type of data you collect — cameras, WiFi, marketing, waivers — and choose what they consent to
Camera-by-camera disclosure
Not just 'CCTV in operation' — your visitors see how many cameras, which zones they cover (lobby, gym floor, car park), what the footage is used for (security, analytics, marketing), and your retention period. Each zone gets its own toggle. Someone can consent to lobby cameras but decline gym floor recording. ICO CCTV Code compliant.
WiFi and beacon tracking
Your WiFi analytics system captures device MAC addresses from every phone in the building — even phones that never connect to your network. Overturo discloses this before the visitor's phone is in range. Separate toggles for WiFi analytics, Bluetooth beacons, and indoor positioning. No more 'we use cookies' banners for technology that has nothing to do with cookies.
20-second QR check-in
A printed QR code at the entrance. Visitors scan it with their phone camera — no app, no account, no download. The consent flow loads in their browser, pre-configured for your venue's specific data practices. Average completion time: 20 seconds. That's faster than signing a paper waiver on a clipboard.
Digital waivers that hold up
Every liability waiver and membership agreement captures: the exact text shown to the visitor, the timestamp of their acceptance, their device fingerprint, and an Ed25519 digital signature. The signature is hash-chained to the previous record — proving the waiver hasn't been altered after the fact. Try doing that with a pen on paper.
Standing consent for regulars
Your gym member who comes every morning at 6am doesn't need to re-consent daily. Standing mandates carry forward for 30, 60, or 90 days. When they expire, the member sees a single prompt on their next visit — not a full re-flow. Consent is continuous, not a speedbump.
Live dashboard with proof
Real-time view: 47 people checked in, 44 consented to cameras, 38 to WiFi analytics, 47 signed the waiver. Current occupancy: 47 of 120 capacity. Export the full consent manifest as JSON or CSV — timestamped, signed, and hash-chained — for your DPO, insurer, or the ICO.
How it works
Map your data
List what your venue collects: CCTV zones, WiFi analytics, membership data, marketing. Overturo creates a consent toggle for each one, with plain-language disclosure you can customise.
Print the poster
Download your QR poster as a PDF. Print it A3 and mount it at the entrance, reception desk, or turnstile. Multiple posters across multiple entrances all point to the same flow.
Visitors scan
Phone camera → QR code → consent flow loads in browser. No app. No login. They see each data practice, toggle what they consent to, and tap Submit. 20 seconds. Done.
You have proof
Every consent record is Ed25519-signed and hash-chained. You can prove what was disclosed, when they consented, and that the record hasn't been tampered with. Export any time.
Works everywhere people walk in
Gyms & fitness
Liability waivers + CCTV in workout areas + body scan consent + insurance data sharing. Members consent once on sign-up and check in daily with standing mandates. 6am regulars never see a prompt.
Offices & coworking
Visitor sign-in with NDA, security cameras, WiFi tracking, and third-party data sharing (café tab, cleaning service). Hot-desk users consent on first visit. Building management gets aggregated occupancy data — no PII.
Retail
In-store WiFi analytics, CCTV, loyalty programme, and marketing opt-in. QR at the entrance or checkout. Consent completion rates are 3x higher than cookie-style popups because visitors understand what they're agreeing to.
Healthcare
Patient check-in: HIPAA-aware consent for treatment records, waiting room cameras, and research participation. Integrates with FHIR endpoints. Parental consent flow for minors.
Education
Campus CCTV, student WiFi analytics, event photography. FERPA-aware flows for education records. Parental consent for under-16 visitors. University open days: temporary consent for one visit.
Hospitality
Guest check-in: corridor and lobby cameras, WiFi tracking, marketing, loyalty programme. The consent flow integrates with your PMS — guest room number links to their consent record.
Three ways to deploy
Choose what works for your entrance — or use all three
QR poster
Print an A3 poster. Mount it at the door. Visitors scan with any phone camera. No app, no account — works in Safari, Chrome, Firefox.
Kiosk tablet
Mount an iPad or Android tablet at reception. Visitors complete consent on the shared device. Auto-clears between sessions.
NFC tap
Stick an NFC tag at the entrance. Visitors tap their phone — the consent flow opens instantly. Sub-second deployment.
Built for US privacy compliance
State-level privacy laws are multiplying. One consent infrastructure covers all of them.
Venue consent included in every plan
Free plan: 1 venue, up to 50 visitors per day. Paid plans: unlimited venues, kiosk mode, NFC, real-time occupancy dashboards, and standing mandates.
"We operate 14 gym locations across Illinois and California. BIPA exposure was our biggest legal risk — one class action could have cost us more than our annual revenue. Overturo gave us written digital consent for every member, timestamped and signed. Our insurance premium dropped 22%."
— General Counsel, Midwest fitness chain (14 locations)
The laminated sign isn't going to save you
Print a QR poster. Stick it at the door. Start collecting consent that actually holds up. Setup takes under 5 minutes. No credit card required.