In advance of GDPR, Beambox made necessary changes to the WiFi login flow to ensure compliance and adopt best practices.

We also reviewed our existing data protocols to ensure our infrastructures security was proportionate to the data we collect and that we mitigate attached risks.

Connecting customers in the right way

Analysing our login flow, there were 3 main attributes our logins needed to maintain.

  1. Speed - Beambox logins are designed to be fast, quicker than traditional password logins. 
  2. Security - Ensuring we provide terms of WiFi, with a strong privacy stance and clear opt-ins.
  3. Transparency - Clear communication across the login flow and creating systems for data access, modification and deletion.

Speed

We have minimised the speed impact by requiring only 2 extra clicks for the login process. Using quick dialog pop-ups we are able to provide an overview of the Terms of WiFi & Privacy Policy, with optional links to full documents. We then use the same dialog to provide an email opt-in, with a clear skip button.

Using early data we retracted the opt-in checkbox, instead designing a dialog with a 'Skip' and 'Opt-in' button. Doing so increased speed and opt-in rates 

We have persisted the collection of MAC addresses, so that when the user returns they are automatically logged in.

Security

Our Terms of WiFi & Privacy Policy provide blanket compliance and protection for businesses hosting Beambox WiFi networks.

We record the acceptance of these policies, as well as the opt-in selection. We do this to protect businesses by ensuring they are able to access records of when opt-ins were provided.

Transparency

Each dialog provides a brief review of what we are communicating. 

Our Terms of WiFi & Privacy Policy dialog provides a short overview of why we collect data and how it improves the users experience.

Our opt-in dialog provides an overview of what emails the user will receive, plus how they can manage this preference in the future.

We have also provided a data review, modification and deletion system. We have opened a new mailbox (data@yourhotspot.net) and provided instructions in the Privacy Policy. 

Storing data safely and securely

An important part of GDPR is in how data is stored, to mitigate the risk of data leaks.

Beambox hardware is only a proxy of our cloud network, which means no data is stored on the hardware itself. Instead, users are simply shown the cloud-hosted login across a secure SSL connection.

When the Beambox cloud receives the data, it is securely stored in a AWS hosted data centre. 

AWS data centres have PCI, ISO and SOC compliance certificates, among others. These can be provided on request.

Did this answer your question?