Ensuring the security of consumers data within the Catalyst IoT platform is crucial and we have taken all steps to ensure that the part our solution plays as part of the overall security of the cellular service ecosystem is secure.
Catalyst IoT is hosted in a robust and secure cloud environment (Microsoft Azure) and we ensure that all customer information is fully encrypted and never shared. Where the platform is used to process credit card transactions we comply fully with the Payment Card Industry Data Security Standards and have partnered with Stripe to securely process these transactions. Stripe has been audited by an independent PCI Qualified Security Assessor (QSA) and is certified as a PCI Level 1 Service Provider. This is the most stringent level of certification available in the payments industry.
As a global company operating its platform across different boarders and jurisdictions, we ensure that all local laws and practices regarding certification are fully adhered to. Airfi is already compliant to the new General Data Protection Regulation coming in force from May 25th 2018 ensuring that:
- All stored, user identifiable data is accessible through Airfi’s platform and systems by end users
- We only collect data we need to deliver our service and specify clearly why we need to collect all data throughout our registration and activation experience
- All information that can be encrypted is encrypted, only one user account can be accessed at a time and no “sensitive data” as defined by GDPR is stored
In advance of GDPR coming in force later this year, additional features will be deployed within Catalyst IoT, ensuring full adherence and compliance. This includes the following features:
- Data breach notification – Our data breach policy will be updated to reflect the rules around which we need to notify data breaches both for data subjects and supervisory authorities, and the timescales to be followed.
- Data processing activities – A new log will be added to Airfi’s KnowHow to detail what data we store, why we store it and how it is used and processed.
- Data protection by design – All new product specifications to include a ‘Data Protection’ section detailing impacts to data security and how they have been dealt with.
- Registration – All Airfi data holding companies MUST be registered with the ICO – https://ico.org.uk/for-organisations/register/
- Right to data portability – Our multi-device features ensure that data is shared across all relevant hardware partners to keep user data up to date. All stored user identifiable data is accessible through MyCatalyst and Catalyst Fragments and can be downloaded/exported by the end user manually.
- Right to erasure – During the cancellation process, EU members will have the opportunity to request that their data is erased.
As an organization, we will continue to constantly evolve our platform whist adhering to industry regulation and guidelines regarding the security of our customers’ data. This includes working with our partners to ensure the highest level of diligence is conducted.