Privacy & Security
Spaceti is a fully secured and private platform fully compliant with GDPR regulations and ISO certification. The security of our clients is of the utmost importance, which is why we adhere to the Security Standard Audit.
We collect anonymised position data from people. Therefore, by default it is not possible to track a specific person nor to record where they spend their time during the day. We can tell, for example, that there were X number of people in a particular meeting room over a certain period of time. This measurement is taken once every 10 minutes if the app is running in the background. Moreover, building occupants can choose to opt-in or opt-out (be hidden and not seen by their colleagues).
Data can be accessed through both our analytics platform and the mobile application. The app has various access levels, such as user, facility administrator, cleaning service, and so forth. The analytical platform is closed to all but facility managers and building administrators.
All client data is stored in a secure AWS managed servers & cloud computing datacentre in Frankfurt, Germany (EU). The data is encrypted (SHA256 & AES). Data masking is performed for private data. Amazon Web Services is compliant with the following certifications: C5 [Germany], Cyber Essentials Plus [UK], DoD SRG, FedRAMP, FIPS, IRAP [Australia], ISO 9001, ISO 27001, ISO 27017, ISO 27018, MLPS Level 3 [China], MTCS [Singapore], PCI DSS Level 1, SEC Rule 17-a-4(f), SOC 1, SOC 2, SOC 3.
All data stored is guaranteed to remain within the EU. The data’s physical security is handled by Amazon as well, ensuring the highest security standards and complying with existing data security and privacy legislations.
The security of the system is vitally important for us, which is why we regularly perform security audits of the entire system. We do our utmost to maintain our high level of hardware and software security. The aforementioned areas of Spaceti solutions have been assessed to be in accordance with the relevant OWASP and NIST security standards. Boxtrap security methodology requirements were also taken into account in the assessment.