Privacy and data protection are at the core of every aspect of our business, from initial product design and development to device deployment and our personnel policies.
Here you’ll find information regarding our “privacy by design” approach: Why we don’t use cameras, how we safeguard your data, and where our products are designed and manufactured. You can also view the current and historical status of Density’s systems and services.
Density’s technology is built with the latest industry-standard best practices for data protection and security. Every element of Density’s service—the Density sensor, APIs, cloud-hosted infrastructure and software—is designed to ensure that data is captured, processed and transmitted in a secure manner. Our platform is built and maintained by experienced teams with extensive experience building secure technology systems for enterprise customers.
- HTTPS/TLS 1.2 encryption over Port 443 (data in transit)
- AES-256 encryption (data at rest)
- Regular over-the-air firmware upgrades and security enhancements
- Validated by 3rd party vulnerability tests
- Redundant cloud-hosted services
- OAuth-enabled single-sign on and enterprise identity management options
- 2-factor authentication with your SSO provider
Questions related to data security? Email email@example.com.
The sensor receives Bluetooth requests from the Density Unit Setup mobile application in order to be provisioned with network credentials. The BLE requests are authenticated and authorized via the Density API and the network connection details are stored securely on the device; they are not transmitted to our cloud servers. Further, Density can remotely disable BLE connectivity after network connectivity has been established.
Once the sensor establishes a network connection, it communicates solely via outbound requests over TLS/SSL connections via WiFi or Ethernet.
There are three main types of data that are processed/served via Density servers:
- Events (entrance/exit + timestamp data)
- Logs / Metrics (critical errors and device metrics, such as temp)
- OS Releases (new software packages)
Sensors transmit information to a number of locations, including api.density.io and ntp.org. For a full list of domains and locations, please see our sensor Tech Specs datasheet in Density Docs.
The root filesystem on the Density sensor is read-only. Depth-data is collected and processed in-memory, analyzed by our on-board algorithm and determined to be an entrance or exit (“Event”). The Event data (+1/-1) along with a timestamp is stored on a read-write partition in a relational data-store. Depth data is never stored on the device. Density stores network credentials in a secure file onboard the read-write partition. Density manufactures its devices at its factory in Syracuse, New York. Physical access to these facilities is restricted through the use of access control procedures for authorized users (badge access and security guards at entrance). Visitor access must be logged in a physical access log and visitors are escorted through restricted areas in the facility. Density has multiple security cameras recording 24/7 to the cloud.
Density supports Single Sign-on (SSO) to authenticate customers with their own systems without requiring them to enter additional Density-specific login credentials. 2-Factor Authentication (2FA) can be utilized via the provided SSO mechanism.
Density enables permission levels within the app to be set for your teammates. Permissions can be set to give specific users access to the count data, virtual environment as well as team management.
Density enforces industry-standard password complexity requirements, and credentials are stored using a PBKDF2 algorithm with a SHA256 hash. Density also supports forced password resets with its SSO integrations.
Density uses a RESTful API that requires Token Authentication for access. Access Tokens can be generated via logging into our Dashboard and creating them under our Developer Tools section.
In accordance with the US/EU and US/Swiss Privacy Shield and GDPR, Density has taken the necessary steps to ensure personally identifiable information is not stored outside the area of origin. Density continually audits its internal systems to ensure there are clear boundaries in place to safeguard sensitive data.
Density can help you meet your data portability requirements for GDPR. Density allows customers to export and permanently delete all data linked to a customer account. Density automatically expires data from visitors that have not been seen in 9 months.
Density acts as a Processor with relation to GDPR standards. Density has taken the following steps to ensure compliance with the GDPR:
- Investments in our security infrastructure and certifications
- Support for international data transfers by certifying for US/EU and US/Swiss Privacy Shield self-certifications
- Releasing a formal Data Processing Agreement outlining how Density uses customer data and how it can be removed
- Import and export tools that allow customers to access data collected by Density
- User and Account deletion tools
Density was founded with the notion that people dislike being tracked or recorded. We accept it where physical security requirements demand it. But beyond that, the thought of someone recording our daily activities—at the office, in a store, at the gym—is generally viewed with skepticism.
At Density, protecting privacy is fundamental to our technology approach. The people-counting sensors we’ve developed are not only highly accurate, they’re also 100% anonymous. Our unique approach safeguards occupant privacy while enabling customers to drive value from Density’s people-counting analytics and applications.
We believe that buyers have a right to know about the products they buy — where they’re made, how they’re designed and manufactured, and who makes them. This information is particularly important when it comes to connected enterprise hardware that’s deployed in public spaces and/or sensitive areas. The following information pertains to Density’s commitment to transparency.
Visit our System Status Page to get real-time updates on system uptime and performance.