GDPR Compliance Statement

Last updated: January 2024

IronWifi complies with the General Data Protection Regulation (GDPR) for handling personal data. This page explains our role as a data processor, what data we collect, how we protect it, and how to exercise your rights.

Our Role

As a Data Processor

When you use IronWifi services, we act as a Data Processor on your behalf. You, as the customer, are the Data Controller.

Data Processing Agreement

We offer a Data Processing Agreement (DPA) for customers who require one. Contact support@ironwifi.com to request a DPA.

Data Collection

What We Collect

Account information (name, email, company)
Authentication logs (username, timestamp, result)
Network data (MAC addresses, IP addresses, session data)
Usage analytics

Purpose of Collection

Data is collected to:

Provide the authentication service
Generate reports and analytics
Improve service quality
Comply with legal obligations

Data Subject Rights

We support the following rights for data subjects:

Right to Access

Users can request access to their personal data.

Right to Rectification

Users can request correction of inaccurate data.

Right to Erasure

Users can request deletion of their data ("right to be forgotten").

Right to Data Portability

Users can request their data in a portable format.

Right to Object

Users can object to certain processing activities.

Exercising Rights

To exercise these rights, contact your organization (the Data Controller) or IronWifi support.

Data Storage and Security

Location

Data is stored in secure data centers within regions you select:

United States
European Union
Other regions as available

Security Measures

Encryption in transit (TLS)
Encryption at rest
Access controls
Regular security audits
Incident response procedures

Data Retention

Retention Period

Authentication logs: Configurable, default 90 days
Account data: Duration of service plus legal retention period
Analytics: Aggregated data retained longer

Deletion

Upon account termination, data is deleted within 30 days unless legal retention is required.

International Transfers

For transfers outside the EU/EEA:

Standard Contractual Clauses (SCCs)
EU-US Data Privacy Framework (where applicable)
Adequacy decisions

Sub-Processors

We use sub-processors for:

Cloud infrastructure (Google Cloud Platform)
Email services
Payment processing

A list of sub-processors is available upon request.

Breach Notification

In case of a data breach affecting personal data:

We notify affected customers within 72 hours
We provide details of the breach and remediation steps
We cooperate with investigations

Contact

Data Protection Inquiries

Email: privacy@ironwifi.com
Support: support@ironwifi.com

Data Protection Officer

Contact our DPO at dpo@ironwifi.com for GDPR-related inquiries.

Compliance Documentation

Upon request, we provide:

Data Processing Agreement
Sub-processor list
Security documentation
Compliance certifications

Our Role​

As a Data Processor​

Data Processing Agreement​

Data Collection​

What We Collect​

Purpose of Collection​

Data Subject Rights​

Right to Access​

Right to Rectification​

Right to Erasure​

Right to Data Portability​

Right to Object​

Exercising Rights​

Data Storage and Security​

Location​

Security Measures​

Data Retention​

Retention Period​

Deletion​

International Transfers​

Sub-Processors​

Breach Notification​

Contact​

Data Protection Inquiries​

Data Protection Officer​

Compliance Documentation​