Mobile SDK
(Maps, Search, Indoor Navigation)
We take security & data privacy very seriously and we continuously ensure all data is secured safely and in line with regulations.
The General Data Protection Regulation (GDPR) has come into effect as of the 25th of May 2018, this act replaces the EU Data Protection Directive of 1995. The act aims to provide more protection of natural person’s data and how it is used by Data Controllers and Data Processors. This statement and policy aims to address the protection of data and user privacy according to the new rules and regulations of GDPR.
The protection of personal data is of the utmost importance to Pointr. According to GDPR, any information relating to an identified or identifiable individual is personal data. If any information on its own or with another set of information can identify an individual, it is personal data. Personal data can include: name, email, phone number, social security number, etc as well as IP address, physical address, behavioral data, location data, biometric data, financial information, and much more.
IP and MAC addresses can be classified as Identifiable data, provided this can be used to determine a natural person’s identity. A device ID (MAC/IP) is not sufficient by itself to make such a connection. A device ID can identify a natural person if the data is reviewed in conjunction with some other form of data not held by Pointr such as CCTV or records of purchases in a specific area.
The table below highlights Pointr’s products and identifies the types of data collected by each as well as how this data is secured/protected.
(Maps, Search, Indoor Navigation)
The table below highlights Pointr’s products and identifies the types of data collected by each as well as how this data is secured/protected.
Secured https communication Completely randomized/anonymized device ID user permission required before location is tracked
No personally identifiable data used of end users are collected or processed– only one-way encrypted data is analysed, stored and processed.
No personal data used – only record general usage stats
Secured https communication (read-only)
When a phone runs an app containing our SDK (software library), it creates a random unique identifier for this device ("device identifier"). The device identifier is globally unique to that smartphone and app; this device identifier does not give away any personally identifiable information or device information such as MAC/IP. It is unique to that particular app running the Pointr SDK (hence, even if our SDK was used in another app on the same device, it would be a different identifier).
When the app starts, the SDK triggers a permission dialog (on iOS and Android) to request permission from user to track their location (while running the app and/or in background). If a user declines this request, no location tracking is carried out. Users may at any time opt in / out of location tracking for the particular app that includes our SDK.
The SDK detects Bluetooth signals and processes them along with phone inertial motion sensors (such as gyroscope and accelerometer) to calculate indoor position of the device (smartphone).
Similarly, the SDK detects GPS signals to calculate the outdoor position of device (smartphone). The SDK uploads this location information to Pointr Cloud, along with Device Identifier.
Through this process, the SDK produces a random device identifier (eg. "ABCD") with timestamp and location (eg. "Device ABCD was at this position at this time") it is important to note:
However, there is a possibility that:
If you can see real-time location information coming from a specific device identifier at that time and location then you can guess that this user must have that specific device ID which is unique to Pointr and has no other information attached to it.
A random device identifier (eg. "ABCD") with timestamp and location (eg. "Device ABCD was at this position at this time") and Session ID is used for analytics along with the Event data.
Thus our analytics do not process personal data (PII - Personally Identifiable Data is excluded by design)
By default, our web maps and kiosk software do not capture any information about the user. There is no login system either. They only record general usage stats (such as "how many people used Poi search today" or "what is the most frequently searched for product")
We are committed to the protection of personal data and will ensure adequate preventative measures are in place at all times to ensure compliance with the new GDPR rules and regulations. This new regulation entitles data subjects to the following rights:
As Pointr is not a data controller and keeps limited to no personal data, we can confirm compliance and support of the above rights where applicable.
Although high care is taken to protect our systems and databases, no system is 100% secure and it is always possible for an external party to access our database. Given all data is anonymous no personal data would be attained from the data alone. In the event a breach is uncovered, Pointr personnel will follow the data procedures and ensure timely resolution.
Pointr ensures all contractors, consultants and employees agree to uphold Pointr’s privacy policies as well as to protect any personal data.
All projects are hosted on Azure with regional instances ensuring data is not passed outside of the area the data is collected. It is possible for client users to open the Pointr dashboard (where data is converted to visual data and analytics) is stored form abroad, however access to these systems are protected with HTTPS, secure password and optionally multi factor authentication. All activity is logged with activity detail, any unusual behavior triggers alerts and the venue is notified immediately.
See our services and features in action
and how they add value to different industries.