View Categories

Data Privacy Sheet

This Privacy Data Sheet describes the processing of personal data (or personally identifiable information) by the Netgraph Connectivity Platform.

Netgraph Connectivity Platform is a cloud-based enterprise networking solution made available by Netgraph Sverige AB to partners or companies who acquire it for use by their authorized users.

In jurisdictions that distinguish between Data Controllers and Data Processors:

  • Netgraph acts as the Data Controller for personal data processed to administer and manage the customer relationship. This includes, for example, administrator account details, billing and licensing information, and support communication.

  • Netgraph acts as the Data Processor for personal data processed by the Netgraph Connectivity Platform on behalf of the Customer, in order to provide the service functionality. This includes, for example, end user and device identifiers collected and processed through the Sign In, EntryPoint, WPN, and ISE Device Management modules.

Netgraph will process personal data in a manner that is consistent with this Privacy Data Sheet and in accordance with applicable data protection legislation.

 

Overview of Netgraph Connectivity Platform Capabilities #

The Netgraph Connectivity Platform is a cloud-based and innovative connectivity platform that can be integrated into any network. It consists of four main modules:

  • Sign In – Guest Wi-Fi and BYOD onboarding with policy-based network access.
  • EntryPoint (RADIUSaaS) – Cloud-based RADIUS service for device authentication, VLAN assignments, and network policy enforcement.
  • Wi-Fi Personal Network (WPN) – Private, per-user PSK environments for secure, isolated Wi-Fi access.
  • ISE Device Management – Integration with Cisco ISE for unmanaged device control, MAC orchestration, and iPSK key management.

Each module can be deployed individually or in combination, enabling a wide range of network access control scenarios.

The platform enables full control and traceability over users, devices, and applications. Self-service portals and delegated administration tools help minimize the administrative burden for IT teams and reception staff.

The service is flexible and scalable without limitations in geographic expansion, number of users, or capacity utilization.

The Netgraph Connectivity Platform is architected as a cloud-native, microservices-based platform, built for horizontal scalability and high availability. The system is actively distributed across three Availability Zones within our cloud provider’s infrastructure (AWS & ELASTX), enabling resilient operations, load balancing, and fault tolerance by design.

This architecture ensures that:

  • Services can be scaled independently based on demand
  • High availability is maintained even in the event of a failure in one Availability Zone
  • Resource utilization can be optimized in real-time to maintain performance

Picture 1. Overview of Netgraph Connectivity platform deployed in AWS

 

Picture 2. Overview of Netgraph Connectivity platform deployed at Elastx, Sweden

Personal Data Processing – Module Overview #

The table below lists the personal data processed by Netgraph Connectivity Platform to provide its services and describes why the data is processed.

Module Personal Data Category Types of Personal Data Purpose of Processing
Sign In Administrator Log-In Admin username, email, password or (if SSO enabled) email Provision of the service, authentication, troubleshooting, support
End User Identifiers Name, email, phone (optional), company, device MAC address, device IP, online statistics Authenticate end users, policy enforcement, troubleshooting, auditing
EntryPoint (RADIUSaaS) Administrator Log-In Admin username, email, password or SSO email Provision of service, manage RADIUS policies, support
Device Identifiers Device MAC address, IP address, RADIUS authentication method, assigned VLAN, RADIUS attributes Authenticate and authorize devices, apply access policies, generate audit logs
Wi-Fi Personal Network (WPN) Administrator Log-In Admin username, email, password or SSO email Provision of the service, authentication, troubleshooting, support
End User Identifiers Name, email, device MAC address, device IP, assigned SSID, WPA2 keys Provision of dedicated Private Network, ensure network isolation, support and troubleshooting
ISE Device Management Administrator Log-In Admin username, email, password or SSO email Provision of service, integration with Cisco ISE, delegated admin
Device Identifiers Device MAC address, endpoint profile, assigned access policy, iPSK keys Manage unmanaged devices, IoT onboarding, MAC-based orchestration, audit logs

Module-Specific Data Collection Tables #

Sign In – Authentication Methods & Data #

Method Personal Data Collected Optional Fields Purpose
Meeting Host Host email, end user name, company name, device MAC, device IP, online stats Identify meeting host, authenticate guest, audit logs
Conference End user email, phone, name, company name, device MAC, device IP, online stats Email, phone Event guest authentication, policy enforcement
Self-provision (email) End user email, device MAC, device IP, online stats Self-onboarding via email validation
Self-provision (mobile phone) End user phone, device MAC, device IP, online stats Self-onboarding via SMS validation
Self-provision (SAML federation) End user username, device MAC, device IP, online stats Federation-based onboarding
Password Device MAC, device IP, online stats Local password-based authentication
Click to Connect Device MAC, device IP, online stats Open access tracking & auditing
Event Access Device MAC, device IP, online stats Time-limited event access
Whitelisting Device MAC, device IP, online stats Permanent/temporary MAC allow-list
Username & Password Device MAC, device IP, online stats Credential-based authentication
Self-service Portal (Activated Service) End user email or SSO email Access to account management 


EntryPoint (RADIUSaaS) – Authentication & Data #






Authentication Scenario
Personal Data Collected
Optional Fields
Purpose




802.1X (EAP-TLS/EAP-PEAP)
Device MAC, username (if provided), device IP

Certificate or credential-based authentication




MAC Authentication Bypass (MAB)
Device MAC, device IP

IoT or unmanaged device onboarding




Static Credentials
Username, device MAC, device IP

Manual provisioning of credentials




Self-service Portal (Activated Service)
End user email or SSO email

Access to account management






Wi-Fi Personal Network (WPN) – Private Network Provisioning & Data #






Action
Personal Data Collected
Optional Fields
Purpose




WPN Assignment
End user email, device MAC, private WPN name, WPA2 passphrase

Assign unique Wi-Fi Personal Network (Private Network) to user




Device Onboarding
Device MAC, device IP, private WPN name

Map device to private network




Key Rotation
WPA2 passphrase

Maintain network security




Self-service Portal (Activated Service)
End user email or SSO email

Access to account management






ISE Device Management – Integration & Data #






Function
Personal Data Collected
Optional Fields
Purpose




Device Registration
Device MAC, End user email

Add unmanaged/IoT devices to ISE




Self-service Portal (Activated Service)
End user email or SSO email

Access to account management and distributed IoT management






Access Control #






Personal Data Category
Who has access
Purpose of access




Administrator Log-In information
Netgraph
Provide troubleshooting and technical support for the service, provision of the service, communicate service and product updates to customer





Customer
Use the service (authenticate authorized users of the solution)




End User Identifiers & Device Identifiers
Netgraph
Provide troubleshooting and technical support for the service





Customer
Provide troubleshooting and technical support for end users, configure access and service policies based on identifiers





End User
Use the optional Self-Service Portal






Data Deletion & Retention #






Personal Data Category
Retention Period
Reason for Retention




Administrator Log-In information
During customer’s active Netgraph Connectivity Platform subscription, plus 6 months thereafter
Customer’s use of the service, troubleshooting and technical support, insights and statistics




End User Identifiers & Device Identifiers
During customer’s active Netgraph Connectivity Platform subscription – minimum retention period configurable by customer (default 1 month)
Customer’s use of the service, troubleshooting and technical support, insights and statistics




iPSK Keys
During active subscription, automatically removed upon device/account deletion
Network security, authentication, device isolation






Personal Data Security #


Netgraph has implemented appropriate technical and organizational measures designed to secure personal data from accidental loss and unauthorized access, use, alteration, and disclosure.






Personal Data Category
Security controls and measures




Administrator Log-In information
Encrypted at rest with AES-256 algorithm. Encrypted in transit with TLS 1.2 or higher. Role-based access control.




End User & Device Identifiers
Encrypted at rest with AES-256 algorithm. Encrypted in transit with TLS 1.2 or higher.






Data Minimization and Purpose Limitation #


Netgraph processes only the personal data strictly necessary to deliver the contracted services.

Data is not repurposed or shared with third parties for marketing or unrelated analytics.Customer Responsibilities


Customer Responsibilities #


Customers are responsible for:

– Ensuring lawful collection of personal data from end users.

– Configuring retention periods and optional fields (email, phone) in accordance with local regulations.

– Informing end users of the applicable privacy policy when using the service.


Data Center Locations #


Netgraph Connectivity Platform leverages third party cloud hosting providers to provide services globally. The following table shows where the data centers that store customer data are located, for reference purposes only. Please note that specific data center locations where customer data is stored may change over time and this Privacy Data Sheet will be updated to reflect those changes if they occur. For data center regions where customer can select their Netgraph Connectivity Platform services deployment, see Section 7 (Sub-processors) below.






Data Center Locations
Data Centers




Sweden, Germany (AWS)
Customers that order Netgraph Connectivity Platform standard services (NC-PL-GL), can choose one of the following region-specific data centers to store their data




Sweden (Elastx)
Customers that order Netgraph Connectivity Platform optional Swedish hosting service (NC-PL-SE). A Swedish company acts as sub-processor partner. This data center will then store their data






 


Sub-Processors: #


Netgraph partners with service providers that act as sub-processors and contract to provide the same level of data protection and information security that you can expect from Netgraph. A current list of sub-processors for the service is presented below:


 






Sub-processor (NC-PL-GL)
Personal Data
Service Type
Location of Data Center




AWS, reg. no. 516411-0669
Sys Admin Username and Password
Hosting of Netgraph Connectivity Platform Service (NC-PL-GL)
Sweden, Germany




 
Customer Data Storage

Sweden




 
Email Relay (Amazon SES Service)

Ireland




Sub-processor (NC-PL-SE)
Personal Data
Service Type
Location of Data Center




ELASTX AB, reg. no. 556906-5617
Sys Admin Username and Password
Hosting of Netgraph Connectivity Platform Service (NC-PL-SE)
Sweden




 
Customer Data Storage

Sweden




 
Email Relay (Elastx Relay Service)

Sweden






Information Security Incident Management #


Breach and Incident Notification Processes

The Data Protection & Privacy team within Netgraph coordinates the Data Incident Response Process and manages the response to data-centric incidents.

The Incident Commander directs and coordinates Netgraph’s response.


The team works with customers, partners, consultants, and vendors to identify possible security issues with the Netgraph Connectivity Platform.


 


Exercising Data Subject Rights #


Users whose personal data is processed by the Service have the right, under applicable data protection laws (such as the EU General Data Protection Regulation – GDPR), to:

– Request access to their personal data.

– Request rectification of inaccurate or incomplete personal data.

– Request suspension or restriction of processing.

– Request deletion (“right to be forgotten”) of their personal data.

– Request a copy of their personal data in a portable format, where applicable.


All such requests must be submitted to and handled by the Customer (our direct contracting party, such as a partner or end-customer organization).

The Customer is responsible for verifying the requester’s identity, assessing the request, and using the Service’s built-in functionality to fulfil it.


Netgraph does not process or respond directly to data subject rights requests from individual end users.

Upon receipt of a validated request from the Customer, Netgraph will provide assistance as required under the applicable Data Processing Agreement and relevant laws.


General Information #


Netgraph Privacy Data Sheets are reviewed and updated annually, or as needed.

For the most current version, go to the ‘Netgraph Connectivity Platform – Common’ section of the Netgraph Docs: https://netgraph-connect.com/docs/service-description/ncp-docs/data-privacy-sheet/


Download as pdf – Privacy Data Sheet – Netgraph Connectivity Platform v7.0


FAQ #


1. Which Cloud Service Providers (CSPs) do you utilize for hosting your SaaS product? How do you implement and adhere to their best practices from a technical and security perspective?


Netgraph Connectivity Platform – is hosted on Amazon Web Services (AWS) and ELASTX AB. Customers’ data is stored within AWS or ELASTX data centers located in Sweden or Germany, depending on service configuration.


We follow AWS-recommended security and operational best practices, including:


    

  • 

    Data encryption at rest using AES-256
    

    • 

  • 

    Data encryption in transit using TLS 1.2
    

    • 

  • 

    Role-based access control and secure authentication for system administrators
    

    • 

  • 

    A structured and documented security incident response process
    

    • 



All sub-processors, including AWS, are contractually bound to maintain the same high standard of data protection and information security as Netgraph.




2. How do you ensure the scalability and performance of your SaaS product? What measures are in place to handle increased load and ensure consistent performance?


The Netgraph Connectivity Platform is architected as a cloud-native, microservices-based platform, built for horizontal scalability and high availability. The system is actively distributed across three Availability Zones within our cloud provider’s infrastructure (AWS & ELASTX), enabling resilient operations, load balancing, and fault tolerance by design.


This architecture ensures that:


    

  • 

    Services can be scaled independently based on demand
    

    • 

  • 

    High availability is maintained even in the event of a failure in one Availability Zone
    

    • 

  • 

    Resource utilization can be optimized in real-time to maintain performance
    

    • 





3. Can you describe your approach to designing and implementing security measures within your system?


Security is an integral part of our system architecture. Our approach includes:


    

  • 

    Role-based access controls to limit data access to authorized users only
    

    • 

  • 

    Encryption of all personal data at rest and in transit
    

    • 

  • 

    Audit logging for both administrative and end-user actions
    

    • 

  • 

    Structured incident response management, led by a designated Incident Commander within our Data Protection & Privacy team
    

    • 

  • 

    Sub-processors are selected based on their compliance with relevant data protection frameworks and are subject to strict contractual security obligations
    

    • 





4. How is data encrypted both at rest and in transit within your system? What encryption standards and protocols do you use?


We ensure robust data protection through encryption:


    

  • 

    At rest: All stored data is encrypted using the AES-256 standard
    

    • 

  • 

    In transit: Data is encrypted using TLS 1.2
    

    • 



This applies to all administrator credentials and end-user device data transmitted and stored by the platform.




5. How do you manage multi-tenancy within your system to ensure the separation and security of customer data?


Our platform is built to support multi-tenant environments with strict data separation:


    

  • 

    Each customer instance is logically isolated
    

    • 

  • 

    Access to data is restricted and governed by policy-based controls
    

    • 

  • 

    Customers can configure access rules, usage policies, and retention periods independently
    

    • 

  • 

    Data visibility is scoped so that only the customer and authorized Netgraph personnel (for support purposes) can access the relevant data
    

    • 



This ensures complete data segregation and confidentiality between tenants at all times.





	

 



	

			

		
 
		
	
 

 
		
		




	
	
	
	
			
			
































    
	
	
	
	

		    
		
				

		


	Netgraph



		
    
			

  • 
	

    • 

	
  • 
	
	
    • 





		

		


			Powered by  GDPR Cookie Compliance
		


		

		
		

		

			 
		

		
		


			

			


		Cookie Overview
		

	
What are cookies?


Cookies are small text files consisting of letters and numbers. These are sent from Netgraph Sverige AB or our partners' web servers and stored on your device (for example, computer or mobile). They can be stored in two different ways.


Session cookies are temporary cookies that disappear when you close your browser or app.

Persistent cookies are cookies that remain on your computer until you delete them or until they expire.


Different types of cookies


Both our website and others, such as Facebook or Google, may place cookies on your computer when you visit this website. Cookies from the website you are visiting are called first-party cookies and cookies from other websites are called third-party cookies.


Other files, similar to cookies, are web beacons and similar technologies. Web beacons are small transparent graphic images that may be contained in emails we send to you.


Why do we use cookies?


We use cookies to make your visit to our website as enjoyable as possible, and to improve it even more. However, we do not store IP numbers or similar personal data about you.


Functionality cookies improve your experience


We store cookies about the pages you have visited to make your experience on our website as smooth as possible. For example, we can prevent you from seeing a pop-up window more than once.


Analytics cookies help us to make our website better


We use cookies to collect aggregate analytical information about how you use the site, such as statistics on our most popular pages. With the information we get, we can improve our web and our offers.


Deleting cookies


Your browser or device usually allows you to set which cookies can be stored on your computer. For example, you can choose to block all cookies, only accept cookies from the website you are visiting or delete all cookies when you close your browser. Look under Settings.


Questions?


Do you have any questions about how we use cookies? You can always reach Netgraph Sverige AB's data protection officer at info@netgraph.se


This information was updated on August 26, 2024.