top of page

With Great Data, comes Great Responsibility

Personal data is a big thing, particularly when you are the custodian of a lot of it, we take that very seriously.

ISO 27001 and 9001

Highly

Secure

99.99% 

Uptime

Compliantly Collect
First Party Data on
Auto-Pilot

Empower Compliance with Data Privacy Laws Worldwide. Purple's Captive Portal Offers Unmatched Flexibility for Implementing Necessary Conditions, Opt-In or Opt-Out Choices, and Custom Data Fields to Meet Global Data Protection Requirements

Data & Data Security

Data in Transit

​​

​

  • All public portals and websites use TLS encryption.

  • TLS 1.2 minimum supported.

  • Regular review of TLS ciphers.

​

​

DNS Data

​​

​​

  • Collects domain lookup data via WebTitan.

  • Logged against venue's IP.

  • Not traceable to individual users.

Webhooks

​​

​​

  • Real-time data export triggers.

  • HTTPS POST to user-defined endpoint.

Data Sovereignty

​​​

​

  • Data stored in three GCP locations.

  • Compliant with regional data storage laws.

Data Reset

​​

​

  • Hosted on Google Cloud (GCP) or Amazon Web Services (AWS).

  • Data disks encrypted (AES-256).

​

​

​

Location-Based Services

​​

  • Passive collection of device data.

  • MAC address, RSSI, date/time recorded.

  • Location coordinates with right hardware.

Personal Identifiable Information

​​

​

  • Data varies by configuration.

  • Encrypted and stored in three locations.

  • PII data retention of 13 months of inactivity.

Data Retention

​​

  • User data anonymized after 13 months of inactivity.

  • Non-identifiable information retained.

  • Raw data discarded sooner if needed.

Data Protection
  • Compliant with EU's GDPR.

  • Clear data purposes and rights in EULA and privacy policy.

  • Separate active opt-in for EU marketing consents.

  • Users can view, modify, or delete data.

  • Purple Data Protection Officer for queries.

Connectors

​​

​​

  • Third-party integrations for CRM data.

  • Connector connection/session data encrypted.

Payments

​​

​​

  • No handling or storing of financial data.

  • Payments via Stripe, PCI-DSS compliant.

Data Storage and Backup
 

​​

​

​

  • Databases replicated with real-time backups.

Captive Portal
  • Stores device MAC, user agent, AP MAC.

  • User data stored based on login method.

  • Data secured via TLS in transit.

  • RADIUS accounting for network metrics.​

API

​​

​

  • RESTful API for extracting user data.

  • Encrypted with HTTPS, requests signed.

ISO Compliance

​​

​​

  • ISO 9001 for business practice.

  • ISO 27001 for data security.

  • Audited annually.

Data Ownership/
Controller

 

​​

  • Customers share data ownership.

  • Joint Controller with Purple & Flow.

  • Data treated per local legislation.

Application Components

Captive Portal

​​

​

  • Configurable splash page.

  • T&Cs acceptance required.

  • OAuth access via social media.

Location/Presence Data Collection

​​

  • Collects MAC addresses and RSSI.

  • Coordinates with the right hardware.

  • Location data linked to WiFi users.

Customer Portal

 

 

  • User account hierarchy.

  • Password policies and rotation.

  • Secure access control.

Radius

​​

​​

  • Authentication required for all traffic.

  • One-time password for security.

Personnel Management,
Procedures, and Policies

Staff Access

​​

​

  • Limited access to key staff.

  • Contractors strictly prohibited from live data.

Incident Response

​​

  • Security Incident Reporting Policy.

  • Data protection contacts notified.

  • Clear staff termination procedure.

Development and Testing

​​

​​

  • Secure development policy.

  • Code review, testing, and QA.

Releases

 

​

  • Weekly deployments for maintenance.

  • Large releases on a quarterly basis.

Threat Management

​​

​

  • Monthly automated tests.

  • Weekly software patches.

  • Third-party penetration test annually.

bottom of page