Unlike cameras and Wifi-enabled MAC address tracking, at no point does Density’s device collect personally identifiable information (PII) from its environment. If you are a customer of Density, we do collect some information that is required to create your Dashboard login and enable a helpful experience with our software. This includes information such as your name, work email and company name.

Yes, Density conducts periodic third-party penetration tests and security audits. Density SaaS offerings will be subject to third party audits in accordance with the auditing standards under the Statement on Standards for Attestation Engagements (SSAE) No.16., Reporting on Controls at a Service Organization (“SSAE 16”) published by the American Institute of CPAs (AICPA). The resulting SOC-2 reports will be made available as these audits are performed.

Density services rely on several third-party providers, such as Amazon Web Services (AWS). These providers publish their own SOC-2 reports which Density will make available upon request.

The Density services are multi-tenant. Access to customer data is via mandatory role-based access control. Customers cannot access the data of other customers. Density staff have access to customer data only on a need-to-know basis. All access to Density services is logged.

The data collected will be available for the duration of the subscription. We collect and store every count event that occurs at each door and don’t delete this data from our database. Your subscription includes unlimited cloud storage for all your devices’ real-time and historic analytics. At the end of the subscription, customers are given a grace period of 30 days to download/archive all the data they wish to retain. After that period, the subscription concludes and all customer data is permanently deleted from the device and the cloud.

Density developers and operations teams monitor for new CVEs affecting applications in use. Patches for applications are continuously tested and delivered immediately upon validation.

No. Density devices are designed with enterprise security best practices in mind. Accordingly, there are no login credentials or factory default passwords. The only way to provision the device is by accessing its network credentials and authentication tokens, which are securely provided via the provisioning app.

To enable our analytics software, and allow our customers to view and utilize their count data, Density sends all count data on the device to the cloud. The data that leaves the device is minimal and anonymous — it is a 0.5kb file containing a timestamp and direction (+1 or -1) and doorway ID.

Anonymous depth data, processed count and telemetry data (device health, system logs, uptime, temperature, etc).

Density provides customers with an API and analytics dashboard for viewing people count data in real-time and on a trend/historical basis. The service includes customer-provided metadata about the spaces associated with each sensor, such as location (building, floor, room), doorway name, capacity, time segments and timezones, room square footage and more.

Density’s services also handle data pertaining to users in your company/organization with a Density account. When a user is associated with a Density Dashboard account, Density stores the email address for each user for login purposes, as well as their hashed-and-salted password. No customer email addresses or login information is ever shared with any third party except as required for operational monitoring.

Density uses Amazon Web Services (AWS) instances. In addition to industry-leading data security protocols and practices, our integration with AWS makes use of geographically redundant data centers with standard processes for disaster recovery in place. Density also uses third-party services such as GitHub for source control and Sentry or NewRelic for application monitoring.

During initial setup, the sensor is given a persistent token by the Unit Setup app. The sensor uses this token for all communication with the Density API. The sensor mutually authenticates the Density API by the API’s HTTPS certificates.