Ensuring the security of consumers data within the Catalyst IoT platform is crucial and we have taken all steps to ensure that the part our solution plays as part of the overall security of the cellular service ecosystem is secure.

Catalyst IoT is hosted in a robust and secure cloud environment (Microsoft Azure) and we ensure that all customer information is fully encrypted and never shared. Where the platform is used to process credit card transactions we comply fully with the Payment Card Industry Data Security Standards and have partnered with Stripe  to securely process these transactions.  Stripe has been audited by an independent PCI Qualified Security Assessor (QSA) and is certified as a PCI Level 1 Service Provider. This is the most stringent level of certification available in the payments industry.

As a global company operating its platform across different boarders and jurisdictions, we ensure that all local laws and practices regarding certification are fully adhered to. Airfi is compliant to the new General Data Protection Regulation ensuring that:

  • All stored, user identifiable data is accessible through Airfi’s platform and systems by end users
  • We only collect data we need to deliver our service and specify clearly why we need to collect all data throughout our registration and activation experience
  • All information that can be encrypted is encrypted, only one user account can be accessed at a time and no “sensitive data” as defined by GDPR is stored

In advance of GDPR coming in force later this year, additional features will be deployed within Catalyst IoT, ensuring full adherence and compliance. This includes the following features:

  • Consent – For EU users, a modified sign-up flow displays the EU privacy policy separately to our terms and conditions and require a specific check in an unchecked box to proceed.
  • Data breach notification – Our data breach policy reflect the rules around which we need to notify data breaches both for data subjects and supervisory authorities, and the timescales to be followed.
  • Data processing activities – We manage and detail what data we store, why we store it and how it is used and processed.
  • Data protection by design – We consider data protection when designing all new product features.
  • EU privacy policy – An EU privacy policy is displayed to all end users connected with the EU.
  • International data transfer – All partners are assessed for GDPR compliance – and our EU privacy policy will explicitly lists partners we share data with, why it is shared, and for what purpose.
  • Right to data portability – Our multi-device features ensure that data is shared across all relevant hardware partners to keep user data up to date. All stored user identifiable data is accessible through MyCatalyst and Catalyst Fragments and can be downloaded/exported by the end user manually.
  • Right to erasure – EU members have the opportunity to request that their data is erased.

As an organization, we will continue to constantly evolve our platform whist adhering to industry regulation and guidelines regarding the security of our customers’ data. This includes working with our partners to ensure the highest level of diligence is conducted.