Inpixon Information Collection Practices
100% Privacy, 100% of the Time. Guaranteed.
The Inpixon platform provides the industry’s most accurate mobile device and asset locationing without compromising the privacy or anonymity of the device owner. As a technology originally developed for security purposes, Inpixon’s mobile device detection and locationing platforms adhere to best practices and standards when it comes to data protection and privacy. Nonetheless, many people have questions about the type of information Inpixon technology gathers and how it is used. Below you’ll find answer to the most frequently asked questions.
How does Inpixon Technology Work?
Mobile devices – cellphones, tablets and the like – regularly broadcast a short radio burst to notify cellular towers and/or wireless (WiFi) access points when they are in the area. This burst, called a “ping” or a “probe” is broadcast over public airwaves. Based on the strength of the ping a cell tower or WiFi access point can tell within a 360 degree radius approximately how close the mobile device is. This is called proximity.
Inpixon uses a group of passive sensors that “listen” for these public pings. Based on the signal strength each sensor hears, the Inpixon system performs a calculation called “trilateration” to determine the location of the device broadcasting the ping within two to three meters. Because these devices ping at regular intervals, when the Inpixon sensors hear a series of pings, the system can also determine direction of travel (similar to sonar on ships).
Because most adults now carry a cellphone with them, counting pings is both a highly accurate way of counting people and measuring traffic flows, and much less intrusive than other technologies such as video cameras.
What Information Does Inpixon Collect from Mobile Devices?
Inpixon technology is a passive technology that collects the minimum amount of information necessary to detect and locate a mobile device for the purpose of headcounts and traffic flow. Unlike mobile apps and other technologies, Inpixon has no registration mechanism and therefore cannot uniquely identify and/or associate a person with a device. Here is the information Inpixon collects:
- Cellular — For cellular, Inpixon only collects unencrypted information publicly broadcast by the device. This includes the cellular band (GSM, CDMA, etc.), and a broadcast frequency (e.g., 800mhz). Additionally, Inpixon logs the length of the transmission and strength of the device’s broadcast signal as observed by each sensor. While this information can be used to detect the presence of a cellular device in a location, it cannot be used to uniquely identify a person.
- WiFi and Bluetooth — For WiFi and Bluetooth devices, Inpixon only collects unencrypted information publicly broadcast by the device. This includes the device’s broadcasted MAC address (which may not be the device’s true MAC address), the broadcast channel, and in some cases, the manufacturer of the radio chipset(s). This information, along with a code specific to the facility in which Inpixon is operating, is combined to create a unique, encrypted “token” which is used to log the device’s location, journey, and length of stay within the monitored area. The original information broadcast by the device, including the MAC address, is discarded and cannot be used to either uniquely identify a person, or identify the device at another location.
Is the Inpixon Information Secure?
Yes. At its core, Inpixon is a security technology and as such follows best practices when it comes to the collection and storage of data. The Inpixon platform is segmented from public networks and the Inpixon sensors communicate with the Inpixon server platform using high-grade SSL encryption. The Inpixon server itself uses a security-enhanced operating system and follows “least privilege” security protocols with no services or software other than those necessary to run the Inpixon software. Access to the Inpixon administrative interface requires either direct physical access to the server itself or remote access via high-grade SSL encryption, as well as high-grade user/password authentication. The system can be further secured using dual-factor authentication and data-at-rest encryption minimizing the risk of unauthorized access and data leakage. Additionally, the Inpixon system stores only encrypted, “tokenized” sensor data used to identify a device during its stay within a monitored area. This data cannot be decrypted, reverse-engineered, or used in any way to unique identify an individual or collect any personal information about an individual.
Does Inpixon Share Information With Other Parties?
No. The information collected by Inpixon technology is owned by the organization that licenses the Inpixon system. While that organization is free to share the information with other parties, Inpixon does not and cannot.
Does Inpixon “Track” Visitors?
Inpixon is a detection and location technology, not a “tracking” technology like GPS or WiFi tracker systems such as Google, Apple and Cell carrier location services. Inpixon technology can anonymously monitor visitor travel patterns through a building or sensor-equipped “zone” during a single visit, and in the case of WiFi-enabled devices, log when a device makes a return visit to the same location. Inpixon cannot, however, uniquely identify the person carrying the device, nor can it track a device once it leaves a monitored area.
Can Visitors “Opt Out” of Inpixon Technology?
While Inpixon has no mechanism of identifying people based on their devices, Inpixon does have a mechanism that allows licensors of Inpixon technology to offer their visitors the ability to remove their device’s MAC address from the Inpixon system logs. Because most smartphones manufactured in the past several years change or “spoof” a random MAC address when they are not connected to a WiFi network, this feature is available is available only for WiFi-enabled devices that actively connect to a WiFi network and reveal their “real” MAC address. Cellular devices have no public unique identifier and thus do not need to “opt out.”
What are Best Practices for Notifying Visitors When Inpixon Technology is in Use?
Even though Inpixon technology, unlike video, mobile apps and other systems, does not collect any personally identifiable information, we recommend that facilities equipped with Inpixon technologies disclose the use of the system and its purpose. Generally, this is in the form of signage posted at the entrances of a building with language similar to those disclosing that closed circuit video cameras are in use. Inpixon can also provide customers with information that can be printed or posted to a website detailing in plain language how the technology works, what information is gathered and why, as well as how to opt out. To request the public disclosure language and information, please contact your Inpixon Support Representative.
What if I have Additional Questions?
Inpixon is happy to answer any additional questions you might have regarding Inpixon technology, security and privacy and implementation of best practices. Please direct any additional questions you might have to your Inpixon Support Representative and they will provide answers promptly.