Privacy and Security Overview

Data security and compliance

How we ensure data security

All data processing systems existing in a virtual private cloud and are not accessible to the outside world.

This allows for highly secure data processing.

We conduct regular security assessments to ensure we are protecting our customer’s data and utilizing industry-standard security tools and processes.

InnerSpace is also certified to the SOC2 and ISO27001 information security standards. Certifying to these standards involves an independent audit confirming the security practices, policies, procedures and operations meet or exceed standards for protecting customer information.  

Detailed compliance and infosec documentation is available upon request.

Where our data is stored

All InnerSpace customer data is stored in the Microsoft Azure cloud, in the East US region. Azure uses multiple layers of security, including physical security measures, network security, and access control, to ensure the safety of customer data. 

Additionally, all data is encrypted both in transit and at rest, and strict access policies are implemented to further enhance security. Microsoft undergoes regular security audits and certifications to ensure the ongoing robustness of their security posture. 

User privacy

Anonymizing PII

The only personally identifiable data processed by our systems is a device MAC address. No names, user IDs or other identifiers are ever captured, processed or stored.

The MAC addresses are immediately anonymized by applying a one-way hash, with client specific salts. The original MAC address is discarded and never stored.

One-way hashes make it computationally infeasible to recreate the original MAC from its hash. A client specific salt ensure that the same MAC address results in a different hash if proceeded at different client location, preventing cross-location tracking.

Aggregation - going the extra mile

In addition to rigorous encryption and anonymization protocols, InnerSpace employs additional measures to protect against identity inference - the ability to infer identity from behaviour.

Data is only made available in aggregate form and individual behavioural patterns - such as pathways or locations - are obfuscated, ensuring that individual identities cannot be inferred from behavioural patterns.

See also our privacy policy and trust center.