Unloc users may grant Unloc permission to create and revoke keys to their locks. Lock vendors provide OAuth2 consent forms that users must accept in order to grant Unloc permission. The consent form is presented by the Unloc mobile app in the phone’s native web browser.
Stored customer data is limited to customers’ phone number, name and profile image, in addition to customer-entered data related to their locks. All customer data in rest (in database) is encrypted with AES 256.