Location Permissions, User Privacy, and Personal Data Protection FAQ
How Oriient keeps its customers and end users safe and secure
Oriient’s indoor location services significantly improves the user experience of brick-and-mortar spaces by providing navigation and enabling foot traffic analytics, but does it threaten user privacy in the process? This (understandable) concern is one we often hear from our customers that would like to serve their visitors.
At Oriient, we take privacy seriously; it’s something we consider with every design decision we make. As part of our commitment to transparency and superb customer service, we wanted to address some of these concerns in one centralized place, so organizations and individuals considering Oriient can refer to it.
Is Oriient compliant with privacy regulations?
Yes. Our solution is completely GDPR and CCPA compliant.
What kind of data does Oriient collect?
Oriient only collects the minimum amount of information necessary for our technology to determine the precise location of the user, mainly the phone’s sensor reading. While this is not considered personally identifiable information (PII) on its own, we make sure it is never linked to any other data —no name, email address, IP address, or any other sensitive information associated with the user.
However, since Oriient is an SDK embedded in our customer’s hosting app, they may choose to connect the location data to the individual user’s profile. But in order to do this, the hosting app must disclose this in the user service agreement.
By anonymizing the user’s data, only the app owner (that was granted permission) can tie the location of the phone to the identity of the user, Oriient will never know who the user is.
Where is this data stored? Who has access to it?
Oriient stores all data on a secure cloud server with the highest security and encryption standards. We never share data with 3rd parties without the explicit consent of our customers and app developers.
Should the user remove the app from their device, Oriient stops using their (randomly generated) user ID and any associated data. If the user re-installs the app, Oriient generates a completely new user ID.
What permissions does Oriient require to run?
Allowing the app to use your location “While Using” or “Only This Time” is sufficient to use Oriient.
While selecting “Always Allow” can speed up pinpointing your location once in the space, it’s not necessary.
How can the end-user know their indoor location is being tracked?
For full transparency, we notify the operating system of the phone to signal that the location is being tracked while the service is running if it’s in the background, and it may show up a banner throughout the visit.
source: TechCrunch and Twitter
Can the user disable the indoor location service?
The service won’t start running until it gets explicit permission from the user, without it the service will be denied.
Users can update or decline location permissions at any time.
Advanced users also have the option to go into their device settings for location tracking and select “approximate” instead of “accurate location,” which won’t allow the service to run.
Are you applying any other protections to make sure indoor location is used only when needed?
We only start the service if the phone is in/around the buildings related to the app that were mapped by Oriient for the purpose of indoor navigation. if the user leaves the specific geofenced area of that building, the service stops tracking their location and won’t resume until they re-enter such an area.
More about privacy at Oriient
User privacy is paramount at Oriient. While this was an overview of our general privacy policies, we work with individual organizations and their teams to ensure they are using our technology in ways that are in accordance with their privacy policies. For additional information or questions about how we keep our users safe, contact sales@oriient.me.