Privacy policy

Data Security & Privacy Policy

Download Data Security PDF

Introduction

At TELLUS Networked Sensor Solutions, safeguarding the privacy and security of customer data is of paramount importance. We are committed to ensuring that personal, sensitive, and proprietary information is handled securely, transparently, and in full compliance with legal and regulatory requirements. This document outlines our data security and privacy policies across all levels of our operations, with specific focus on our air quality monitoring products, APIs, mobile apps, and any associated models or services. 

Scope

This policy applies to all employees, contractors, vendors, and partners who collect, process, manage, or store data on behalf of TELLUS Networked Sensor Solutions. It covers all customer data, including data collected from:

  • Air quality monitors
  • Mobile applications
  • Web services and APIs
  • Cloud services
  • Data analysis models used for air quality predictions

1. Data Collection

1.1 Types of Data Collected

We collect various types of data, including but not limited to:

  • Personal Data: Information such as name, email address, location data, and user preferences.
  • Environmental Data: Air quality metrics (e.g., particulate matter, gas levels, humidity) from devices.
  • Device Data: Device identifiers, firmware versions, operational status, and sensor calibration details.
  • Usage Data: Data related to app usage, user interaction with services, and access logs.

1.2 Purpose of Data Collection

We collect data for the following purposes:

  • Providing services: Delivering accurate air quality information and insights.
  • Improving our products: Optimizing device performance, refining models, and enhancing customer experience.
  • Compliance: Meeting regulatory requirements related to environmental monitoring.

2. Data Usage

2.1 Data Minimization

We limit the collection and use of personal data to what is strictly necessary for fulfilling the purposes outlined above. Only relevant data is used to deliver our services and improve our products.

2.2 Data Anonymization and Aggregation

Where possible, we anonymize personal data and aggregate environmental data to protect user privacy. For research, reporting, or data-sharing purposes, no personally identifiable information (PII) is disclosed without explicit consent.

2.3 Third-Party Access

We may share anonymized or aggregated data with partners, governmental bodies, or research institutions. When third parties require access to personal or sensitive data, such as in cases of third-party integrations (e.g., APIs), they are required to adhere to strict data protection agreements.

3. Data Storage and Retention

3.1 Secure Storage

Data collected through our devices, apps, and services are stored securely in our cloud infrastructure. We use industry-standard encryption methods (AES-256) to secure data both at rest and in transit.

3.2 Retention Period

We retain personal data only as long as necessary to provide services or meet legal obligations. Environmental data may be retained longer for research and analytical purposes, in which case all identifiable elements are removed.

3.3 Data Deletion and User Rights

Users have the right to request deletion of their personal data at any time. Deletion requests can be submitted through our support portal, and data will be permanently removed from our systems within 30 days of the request, barring any legal retention requirements.

4. Data Security

4.1 Encryption

All data is encrypted during transmission using TLS (Transport Layer Security) and at rest using AES encryption. Encryption keys are managed and rotated regularly as per our key management policies.

4.2 Access Control

We employ strict access control mechanisms. Only authorized personnel have access to sensitive data, and access is granted based on the principle of least privilege. Multi-factor authentication (MFA) is mandatory for access to any critical system or dataset.

4.3 Network Security

Our network infrastructure is protected by firewalls, intrusion detection systems, and continuous monitoring. Regular security audits and penetration tests are performed to ensure the robustness of our defenses.

4.4 Incident Response

In the event of a security breach, our Incident Response Team will take immediate action to mitigate the impact. All affected parties will be notified within 72 hours, in compliance with regulatory requirements.

5. Compliance and Regulatory Adherence

5.1 GDPR and CCPA Compliance

We comply with the General Data Protection Regulation (GDPR) for customers in the European Union, and the California Consumer Privacy Act (CCPA) for customers in California. This includes providing users with the right to access, rectify, delete, and transfer their data upon request.

5.2 Other Regulatory Frameworks

We adhere to any regional regulations related to environmental data, including but not limited to:

  • Clean Air Act regulations
  • OSHA guidelines for industrial hygiene data
  • HIPAA if applicable for health-related data

6. Employee Training and Responsibility

6.1 Security Awareness Training

All employees undergo regular security awareness training, covering data privacy principles, phishing prevention, and secure data handling practices.

6.2 Responsibility

Employees with access to sensitive data are responsible for ensuring its confidentiality, integrity, and availability. Any violation of this policy will result in disciplinary action, including termination if necessary.

7. Data Privacy by Design

7.1 Privacy Impact Assessments

We incorporate privacy into the design of our products and services. For every new product feature or service, we conduct a Privacy Impact Assessment (PIA) to evaluate the potential risks to user privacy and implement safeguards to mitigate those risks.

7.2 User Consent

Before collecting personal data, we seek explicit user consent through clear, easy-to-understand language. Users are provided with the option to opt-out of any non-essential data collection.

8. User Controls and Transparency

8.1 User Access

Customers can view, edit, or delete their personal data via their account settings in the mobile app or online portal. Detailed information about data collection practices is provided in our privacy policy, accessible at all times.

8.2 Privacy Notifications

We notify users of any changes to our privacy policy via email and through in-app notifications, ensuring full transparency.

9. Data Processing by Third Parties

We carefully select third-party service providers, ensuring that they maintain data security and privacy standards equivalent to our own. All third parties must sign a Data Processing Agreement (DPA) before they are given access to any customer data.

10. Continuous Improvement

We regularly review and update our data security and privacy policies to ensure they remain aligned with industry best practices and evolving regulatory requirements. Our commitment to continuous improvement includes third-party audits and incorporating customer feedback into our processes.

Contact Information

If you have any questions or concerns regarding our data security and privacy policies, please contact us at:

TELLUS Networked Sensor Solutions, Inc.

2319 S. Foothill Dr. Suite 140

Salt Lake City, UT 84109

contact@tellusensors.com

This document serves as the official policy of TELLUS Networked Sensor Solutions, Inc. and is reviewed annually or as necessary to comply with regulatory changes.