Reply
Aruba Employee
Posts: 20
Registered: ‎11-10-2015

PII in Meridian?

Before we start using Meridian-based wayfinding in our sites, my CyberSecurity team is requiring a security review of Meridian.  This is standard practice for us when an internal solution uses a third party for any aspect of the solution.  One of the questions they've asked me is if any Personally Identifiable Information is sent to or stored in Meridian.

 

I know that Meridian must know about the mobile devices commuicating with it through the wayfinding app but I don't what specific information is transferred to Meridian from each device.  Is it just a device MAC address, IMEI or other unique ID or is there more information, like user information or phone number?

 

Thank you in advance for helping me understand.

 

-Jeff

Aruba Employee
Posts: 27
Registered: ‎11-02-2015

Re: PII in Meridian?

Hi Jeff,

 

I'm the Meridian team's technical writer. We've had some questions about Meridian and personally identifiable information come up before, so I thought I'd take a little time to explain how all of this works.

 

In short: Meridian-powered apps do not send personally identifiable information to anyone, whether the Meridian server or a third-party.

 

Meridian-powered apps use Bluetooth signals generated from Aruba Beacons to calculate a user's current location and also to send notifications--what we call campaigns. 

 

When Aruba Beacons are configured for proximity, they can either send a notification message to the end-user's device or send data along to a third-party server. These campaigns are configured by the Meridian administrator for a particular location. In some cases, for example, a Meridian-powered app may have a user login. A campaign could send that user ID to a third-party endpoint when that user enters a specific area in a location.

 

By default, though, when a campaign is triggered, no personally identifiable data is sent.

 

On iOS, the Meridian-powered app sends its identifierForVendor value. On Android, it sends its advertising ID. These are used for the purposes of cooldowns, so that a user doesn't continue to receive the same notification over and over again. These two values can't be used to personally identify someone.

 

I hope this helps answer your questions. If not, I'm happy to clarify anything that isn't clear.

 

For more information on this, please see documentation:

http://docs.meridianapps.com/help/intro_faq#what-data-does-meridian-store

 

 

Cheers,

Shawn

 

Search Airheads
Showing results for 
Search instead for 
Did you mean: