Privacy and Security

Privacy and security is a core principle at MeltSpot. Through years of research, testing and development – we know for a fact that relevant, high-precision data can be acquired in a respectful and non-intrusive way.

MeltSpot allows tracking behaviour of visitors and customers, providing a detailed picture of a person's movement without ever revealing any personally identifiable information.

Processing and storing Personally Identifiable Information

Abstract: One can only collect personal data if they have a legal reason to do so. Personally identifiable information includes any data that can either directly or indirectly identify a person or sensitive information about a person (gender, age, race, contact information, etc.)

At MeltSpot, information is immediately anonymized - on-premise - before being sent to us in a non-reversible format. Specifically, any “device identifiers” are taken through a series of anonymizing processes, including removing bits of data and then running them through a non-reversible hashing format. By ensuring that the resulting “Visitor ID” is irreversible and also has chance of collusion, we and our customers are not only not able to uniquely identify devices; data we handle cannot be correlated with external systems to uniquely identify devices or people either.

MeltSpot then provides a cloud-service for our customers which allows access to this completely anonymized data.

Right of Access and Right of Removal

Abstract: The GDPR ensures that individuals have the right to request a company to provide any information they are storing about this individual. The person should also be able to “opt-out”, requesting a company to delete all information they have concerning this person.

As MeltSpot performs irreversible damage to our data in order to only handle metadata for business intelligence, it is completely impossible for us to pinpoint which data belongs to a specific person or device.

Security and Compliance

As mentioned previously, security is a core principle at MeltSpot. We follow industry best practices to secure our infrastructure and do not use any data processors except our cloud provider.

As part of our rigorous compliance, we do continuous monitoring and regularly perform full inspections of all systems for integrity. If we should ever find any sign of breach we will naturally inform all customers within 24 hours.

Any transfer of data between nodes and our infrastructure is, in addition to the anonymization, also transferred through a 2048 bit encrypted SSL connection.

Please see the DPA for Google Cloud certifying their compliance with GDPR and industry standards.

Needless to say, MeltSpot fully agrees with, and are 100% committed to applicable Swedish (PUL 1998: 204) and European (GDPR EU 2016: 679) laws and regulations.

Subscribe to our newsletter

Interested in hearing more about our products, services and upcoming events?

Subscribe to our newsletter - no spam, we promise!