Density named one of Fast Company's Most Innovative Companies for 2023.
Anonymity matters
Privacy and data protection are at the core of every aspect of our business, from initial product design and development to device deployment and our personnel policies.
Unlike cameras, the GDPR-compliant sensors we’ve developed are anonymous by design. They can’t capture any personally identifiable information (PII), and no data captures leave the sensors during normal operations. This gives our customers the benefit of highly accurate analytics and applications, while safeguarding occupant privacy.
Transparency
We believe buyers have rights
Especially when it comes to connected enterprise hardware that’s deployed in public spaces and/or sensitive areas, buyers should know where, how, and by whom their products are made.
Here’s how Density does it:
All devices are built using custom components, which we design in-house, and standard hardware components
We manufacture the devices at our factory in Syracuse, New York
We control 100% of the software (firmware) that is loaded on to the device and use cryptographic integrity checking to ensure that only authentic and authorized software is uploaded to the depth-processing system
All of the hosted services that Density’s sensors use run on U.S.-based servers we control
Data Security
Built with industry-standard best practices
When it comes to data protection and security, every element of Density’s service—the Density sensor, APIs, cloud-hosted infrastructure and software—is designed to capture, process and transmit data securely. Our platform is built and maintained by experienced teams with extensive experience building secure technology systems for enterprise customers. Questions related to data security? Email security@density.io.
Highlights
HTTPS/TLS 1.2 encryption over Port 443 (data in transit)
AES-256 encryption (data at rest)
Regular over-the-air firmware upgrades and security enhancements
Validated by 3rd party vulnerability tests
Redundant cloud-hosted services
OAuth-enabled single-sign on and enterprise identity management options
2-factor authentication with your SSO provider
Network Security & Data Transmission
The sensor receives Bluetooth requests from the Density Unit Setup mobile application in order to be provisioned with network credentials. The BLE requests are authenticated and authorized via the Density API and the network connection details are stored securely on the device; they are not transmitted to our cloud servers. Further, Density can remotely disable BLE connectivity after network connectivity has been established.
Once the sensor establishes a network connection, it communicates solely via outbound requests over TLS/SSL connections via WiFi or Ethernet. There are three main types of data that are processed/served via Density servers:
- Events (entrance/exit + timestamp data) - Logs / Metrics (critical errors and device metrics, such as temp) - OS Releases (new software packages)
Sensors transmit information to a number of locations, including api.density.io and ntp.org. For a full list of domains and locations, please see our sensor Tech Specs datasheet in Density Brochures & Docs.
Device Hardware Security
The root filesystem on the Density sensor is read-only. Depth-data is collected and processed in-memory, analyzed by our on-board algorithm and determined to be an entrance or exit (“Event”). The Event data (+1/-1) along with a timestamp is stored on a read-write partition in a relational data-store. Depth data is never stored on the device. Density stores network credentials in a secure file onboard the read-write partition. Density manufactures its devices at its factory in Syracuse, New York. Physical access to these facilities is restricted through the use of access control procedures for authorized users (badge access and security guards at entrance). Visitor access must be logged in a physical access log and visitors are escorted through restricted areas in the facility. Density has multiple security cameras recording 24/7 to the cloud.
Account Security
Density supports Single Sign-on (SSO) to authenticate customers with their own systems without requiring them to enter additional Density-specific login credentials. 2-Factor Authentication (2FA) can be utilized via the provided SSO mechanism.
Account Permissions
Density enables permission levels within the app to be set for your teammates. Permissions can be set to give specific users access to the count data, virtual environment as well as team management.
Password and Credential Storage
Density enforces industry-standard password complexity requirements, and credentials are stored using a PBKDF2 algorithm with a SHA256 hash. Density also supports forced password resets with its SSO integrations.
API Authentication
Density uses a RESTful API that requires Token Authentication for access. Access Tokens can be generated via logging into our Dashboard and creating them under our Developer Tools section..
GDPR Compliance
Density can help you meet your data portability requirements for GDPR. Density allows customers to export and permanently delete all data linked to a customer account. Density automatically expires data from visitors that have not been seen in 9 months.
Density acts as a Processor with relation to GDPR standards. Density has taken the following steps to ensure compliance with the GDPR:
In accordance with the US/EU and US/Swiss Privacy Shield and GDPR, Density has taken the necessary steps to ensure personally identifiable information is not stored outside the area of origin. Density continually audits its internal systems to ensure there are clear boundaries in place to safeguard sensitive data.
Investments in our security infrastructure and certifications
Support for international data transfers by certifying for US/EU and US/Swiss Privacy Shield self-certifications
Releasing a formal Data Processing Agreement outlining how Density uses customer data and how it can be removed
Import and export tools that allow customers to access data collected by DensityUser and Account deletion tools
System Status
Get real-time updates on system uptime and performance