Updated October 25th, 2023
LIST OF DATA COLLECTED AND PROCESSED BY HOSTED MENDER
We need to process certain data in order to provide Hosted Mender. This might be data that you submit to us or data that is generated when you use the service. On this page, we will maintain an updated list of the categories of data that we process. You can read more about our processing of data in our privacy policy: https://northern.tech/legal/privacy-policy
- Signup process information
- Credit card information from signup process (stored with payment vendor Stripe.com)
- Name, organization, size
- User email addresses / account passwords
- Files uploaded by users such as "Artifacts" and their metadata
- Device public keys (for authentication)
- Device inventory information (mac address, ip, customizable by user)
- User / Device IP addresses (logs for operations)
- Overall product usage / API operations performed by user (logs for operations)
- Internal application data (such as deployment history, currently installed software, installation logs from devices, statuses)
Hosted Mender Security and Privacy
To comply with data protection laws like GDPR and relevant data retention and privacy policies, Northern.tech (“NT”) has developed a comprehensive legal and technical framework and internal processes to ensure compliance.
NT adheres to industry best practices by exercising the appropriate professional skill, care, diligence, prudence and reasonable foresight that is to be expected from a data processor.
Personal Data
Hosted Mender is a service to manage software on connected devices as well as ensure that they run correct versions of software, have applied the latest security patches, etc. In most cases, the only personal data NT has access to will be the IP-address and characteristics (OS, Mac-address, etc.) of managed devices. This means that we gain access to no or little personal data. Such non-personal data is not subject to the GDPR.
NT will in no event deconstruct, decompress and analyze, or scrape any of the data files (eg. images, files, etc.) to be deployed to the devices. NT maintains all personal data strictly confidential and does not disclose or grant access to the personal data to any unauthorized third parties.
Besides what is mentioned above, NT has access to the data you as a customer of NT has provided to us as part of signing up and using Hosted Mender. That could be your name, email address, our communication, your company address, etc.. See the relevant privacy policy.
Technical and organizational measures
The protection of your personal data is a high priority for us. We continuously work to protect personal data and other confidential information. Our security measures include physical, technical and administrative measures that will ensure that your personal data is not compromised, not unintentionally changed and available when required.
Any threats to data security are handled efficiently as security and the protection of your personal data is part of the daily work of our business.
We comply with the requirements for the protection and safeguarding of personal data as provided by applicable privacy laws, including GDPR, and good industry practice. Login information and all other data are encrypted and separation of customer data is provided by the software. We use sub-processors who require two- factor authentication to store personal data.
Our employees receive training and guidance on how to handle personal data safely. We have routines and access control to prevent unauthorized disclosure and unauthorized access to your personal data. All developer and system administrator laptops have encrypted harddisks.
Any breach of security practices will be documented. We have procedures and capacity to detect and deal with any breaches of security. If a security breach is detected, it will be reported to the management, the risk of privacy breaches will be assessed and the Norwegian Data Inspectorate (Datatilsynet) will be notified if required. You will also be notified if the breach poses a risk to you and your rights.
Our security measures are continually monitored and improved to reflect technological developments.
Any questions or comments regarding NT’s security and data privacy policies can be sent to its Head of Data Privacy, Gaustadalleen 21, N-0349 Oslo, Norway, Email: data-privacy-officer@mender.io.
Sub-processors
NT seeks to keep the number of sub-processors to a minimum. Every sub-processor shall comply with the same standards as NT. Hosted Mender currently uses four sub-processors that store personal data; Amazon AWS, Atlas MongoDB, Cloudflare and Microsoft Azure. In addition, NT uses various sub-processors to conduct the business with you as a customer. A complete list of sub-processors follows below.