Version: 8.0
Applies to: Netgraph Connectivity Platform (All modules)
Effective Date: 2026-03-23
This Privacy Data Sheet describes the processing of personal data (or personally identifiable information) by the Netgraph Connectivity Platform.
This Data Privacy Sheet is provided for informational and transparency purposes.
The binding description of personal data processing is set out in the applicable Data Processing Agreement (DPA), including the Netgraph Data Processing & Privacy Annex.
Netgraph Connectivity Platform is a cloud-based enterprise networking solution made available by Netgraph Sverige AB to partners or companies who acquire it for use by their authorized users.
For the purposes of data protection:
- The Customer acts as Data Controller or, where applicable, as Data Processor on behalf of its end customers.
- Netgraph acts as:
- Data Controller for personal data processed to administer and manage the customer relationship (e.g., administrator accounts, billing, and support);
- Data Processor where personal data is processed on behalf of the Customer; or Sub-processor where the Customer acts as a Data Processor.
Processing Instructions
Where Netgraph acts as a Data Processor or Sub-processor, processing of personal data is carried out solely on documented instructions from the Customer or, where applicable, from the Customer acting as Data Processor.
Netgraph will process personal data in accordance with the applicable Data Processing Agreement (DPA), including the Netgraph Data Processing & Privacy Annex, and in compliance with applicable data protection legislation. This Data Privacy Sheet provides additional information regarding such processing.
Overview of Netgraph Connectivity Platform Capabilities #
The Netgraph Connectivity Platform is a cloud-based and innovative connectivity platform that can be integrated into any network. It consists of four main modules:
- Sign In – Guest Wi-Fi and BYOD onboarding with policy-based network access.
- EntryPoint (RADIUSaaS) – Cloud-based RADIUS service for device authentication, VLAN assignments, and network policy enforcement.
- Netgraph EasyPSK – Private, per-user PSK environments for secure, isolated Wi-Fi access.
- Endpoint Manager for Cisco ISE – Integration with Cisco ISE for unmanaged device control, MAC orchestration, and iPSK key management.
Each module can be deployed individually or in combination, enabling a wide range of network access control scenarios.
The platform enables full control and traceability over users, devices, and applications. Self-service portals and delegated administration tools help minimize the administrative burden for IT teams and reception staff.
The service is flexible and scalable without limitations in geographic expansion, number of users, or capacity utilization.
The Netgraph Connectivity Platform is architected as a cloud-native, microservices-based platform, built for horizontal scalability and high availability. The system is actively distributed across three Availability Zones within our cloud provider’s infrastructure (AWS & ELASTX), enabling resilient operations, load balancing, and fault tolerance by design.
This architecture ensures that:
- Services can be scaled independently based on demand
- High availability is maintained even in the event of a failure in one Availability Zone
- Resource utilization can be optimized in real-time to maintain performance
Picture 1. Overview of Netgraph Connectivity platform deployed in AWS
Picture 2. Overview of Netgraph Connectivity platform deployed at Elastx, Sweden
Personal Data Processing – Module Overview #
The table below lists the personal data processed by Netgraph Connectivity Platform to provide its services and describes why the data is processed.
| Module | Personal Data Category | Types of Personal Data | Purpose of Processing |
| Sign In | Administrator Log-In | Admin username, email, password or (if SSO enabled) email | Provision of the service, authentication, troubleshooting, support |
| End User Identifiers | Name, email, phone (optional), company, device MAC address, device IP, online statistics | Authenticate end users, policy enforcement, troubleshooting, auditing | |
| EntryPoint (RADIUSaaS) | Administrator Log-In | Admin username, email, password or SSO email | Provision of service, manage RADIUS policies, support |
| Device Identifiers | Device MAC address, IP address, RADIUS authentication method, assigned VLAN, RADIUS attributes | Authenticate and authorize devices, apply access policies, generate audit logs | |
| Netgraph EasyPSK | Administrator Log-In | Admin username, email, password or SSO email | Provision of the service, authentication, troubleshooting, support |
| End User Identifiers | Name, email, device MAC address, device IP, assigned SSID, WPA2 keys | Provision of dedicated Private Network, ensure network isolation, support and troubleshooting | |
| Endpoint Manager | Administrator Log-In | Admin username, email, password or SSO email | Provision of service, integration with Cisco ISE, delegated admin |
| Device Identifiers | Device MAC address, endpoint profile, assigned access policy, iPSK keys | Manage unmanaged devices, IoT onboarding, MAC-based orchestration, audit logs |
Module-Specific Data Collection Tables #
Sign In – Authentication Methods & Data #
| Method | Personal Data Collected | Optional Fields | Purpose |
| Meeting Host | Host email, end user name, company name, device MAC, device IP, online stats | – | Identify meeting host, authenticate guest, audit logs |
| Conference | End user email, phone, name, company name, device MAC, device IP, online stats | Email, phone | Event guest authentication, policy enforcement |
| Self-provision (email) | End user email, device MAC, device IP, online stats | – | Self-onboarding via email validation |
| Self-provision (mobile phone) | End user phone, device MAC, device IP, online stats | – | Self-onboarding via SMS validation |
| Self-provision (SAML federation) | End user username, device MAC, device IP, online stats | – | Federation-based onboarding |
| Password | Device MAC, device IP, online stats | – | Local password-based authentication |
| Click to Connect | Device MAC, device IP, online stats | – | Open access tracking & auditing |
| Event Access | Device MAC, device IP, online stats | – | Time-limited event access |
| Whitelisting | Device MAC, device IP, online stats | – | Permanent/temporary MAC allow-list |
| Username & Password | Device MAC, device IP, online stats | – | Credential-based authentication |
| Self-service Portal (Activated Service) | End user email or SSO email | – | Access to account management |
EntryPoint (RADIUSaaS) – Authentication & Data #
| Authentication Scenario | Personal Data Collected | Optional Fields | Purpose |
| 802.1X (EAP-TLS/EAP-PEAP) | Device MAC, username (if provided), device IP | – | Certificate or credential-based authentication |
| MAC Authentication Bypass (MAB) | Device MAC, device IP | – | IoT or unmanaged device onboarding |
| Static Credentials | Username, device MAC, device IP | – | Manual provisioning of credentials |
| Self-service Portal (Activated Service) | End user email or SSO email | – | Access to account management |
Netgraph EasyPSK – Private Network Provisioning & Data #
| Action | Personal Data Collected | Optional Fields | Purpose |
| PSK Assignment | End user email, device MAC, Personal PSK name, WPA2 passphrase | – | Assign unique PSK (Personal Network) to user |
| Device Onboarding | Device MAC, device IP, Personal Network name | – | Map device to Personal Network |
| Key Rotation | WPA2 passphrase | – | Maintain network security |
| Self-service Portal (Activated Service) | End user email or SSO email | – | Access to account management |
Endpoint Manager for Cisco ISE – Integration & Data #
| Function | Personal Data Collected | Optional Fields | Purpose |
| Device Registration | Device MAC, End user email | – | Add unmanaged/IoT devices to ISE |
| Self-service Portal (Activated Service) | End user email or SSO email | – | Access to account management and distributed IoT management |
Access Control #
| Personal Data Category | Who has access | Purpose of access |
| Administrator Log-In information | Netgraph | Provide troubleshooting and technical support for the service, provision of the service, communicate service and product updates to customer |
| Customer | Use the service (authenticate authorized users of the solution) | |
| End User Identifiers & Device Identifiers | Netgraph | Provide troubleshooting and technical support for the service |
| Customer | Provide troubleshooting and technical support for end users, configure access and service policies based on identifiers | |
| End User | Use the optional Self-Service Portal |
Data Deletion & Retention #
| Personal Data Category | Retention Period | Reason for Retention |
| Administrator Log-In information | During customer’s active Netgraph Connectivity Platform subscription, plus 6 months thereafter | Customer’s use of the service, troubleshooting and technical support, insights and statistics |
| End User Identifiers & Device Identifiers | During customer’s active Netgraph Connectivity Platform subscription – minimum retention period configurable by customer (default 1 month) | Customer’s use of the service, troubleshooting and technical support, insights and statistics |
| iPSK Keys | During active subscription, automatically removed upon device/account deletion | Network security, authentication, device isolation |
Personal Data Security #
Netgraph has implemented appropriate technical and organizational measures designed to secure personal data from accidental loss and unauthorized access, use, alteration, and disclosure.
| Personal Data Category | Security controls and measures |
| Administrator Log-In information | Encrypted at rest with AES-256 algorithm. Encrypted in transit with TLS 1.2 or higher. Role-based access control. |
| End User & Device Identifiers | Encrypted at rest with AES-256 algorithm. Encrypted in transit with TLS 1.2 or higher. |
Data Minimization and Purpose Limitation #
Netgraph processes only the personal data strictly necessary to deliver the contracted services.
Data is not repurposed or shared with third parties for marketing or unrelated analytics.
Customer Responsibilities #
Customers are responsible for:
- Ensuring lawful collection of personal data from end users.
- Configuring retention periods and optional fields (email, phone) in accordance with local regulations.
- Informing end users of the applicable privacy policy when using the service.
Data Center Locations #
| Data Center Locations | Data Centers |
| Sweden, Germany (AWS) | Customers that order Netgraph Connectivity Platform standard services (NC-PL-GL), can choose one of the following region-specific data centers to store their data |
| Sweden (Elastx) | Customers that order Netgraph Connectivity Platform optional Swedish hosting service (NC-PL-SE). A Swedish company acts as sub-processor partner. This data center will then store their data |
Sub-Processors #
Netgraph engages sub-processors as part of the service delivery. A current list of sub-processors is maintained and made available to Customers.
The use of sub-processors is governed by the applicable Data Processing Agreement and the Netgraph Data Processing & Privacy Annex.
| Sub-processor (NC-PL-GL) | Personal Data | Service Type | Location of Data Center |
| Amazon Web Services EMEA SARL, reg. no. B186284 | Sys Admin Username and Password | Hosting of Netgraph Connectivity Platform Service (NC-PL-GL) | Sweden, Germany |
| Customer Data Storage | Sweden | ||
| Email Relay (Amazon SES Service) | Ireland | ||
| Sub-processor (NC-PL-SE) | Personal Data | Service Type | Location of Data Center |
| ELASTX AB, reg. no. 556906-5617 | Sys Admin Username and Password | Hosting of Netgraph Connectivity Platform Service (NC-PL-SE) | Sweden |
| Customer Data Storage | Sweden | ||
| Email Relay (Elastx Relay Service) | Sweden |
Information Security Incident Management #
Breach and Incident Notification Processes
The Data Protection & Privacy team within Netgraph coordinates the Data Incident Response Process and manages the response to data-centric incidents.
The Incident Commander directs and coordinates Netgraph’s response.
The team works with customers, partners, consultants, and vendors to identify possible security issues with the Netgraph Connectivity Platform.
Exercising Data Subject Rights #
Data subjects whose personal data is processed through the Service have rights under applicable data protection laws (such as the EU General Data Protection Regulation – GDPR). These rights are exercised via the Customer acting as Data Controller.
- Request access to their personal data.
- Request rectification of inaccurate or incomplete personal data.
- Request suspension or restriction of processing.
- Request deletion (“right to be forgotten”) of their personal data.
- Request a copy of their personal data in a portable format, where applicable.
All such requests must be submitted to and handled by the Customer acting as Data Controller.
The Customer is responsible for verifying the requester’s identity, assessing the request, and using the Service’s built-in functionality to fulfil it.
Netgraph does not process or respond directly to data subject rights requests from individual end users.
Upon receipt of a validated request from the Customer, Netgraph will provide assistance as required under the applicable Data Processing Agreement and relevant laws.
#
FAQ #
- Which Cloud Service Providers (CSPs) do you utilize for hosting your SaaS product? How do you implement and adhere to their best practices from a technical and security perspective?
Netgraph Connectivity Platform – is hosted on Amazon Web Services (AWS) and ELASTX AB. Customers’ data is stored within AWS or ELASTX data centers located in Sweden or Germany, depending on service configuration.
We follow AWS-recommended security and operational best practices, including:
- Data encryption at rest using AES-256
- Data encryption in transit using TLS 1.2
- Role-based access control and secure authentication for system administrators
- A structured and documented security incident response process
All sub-processors, including AWS, are contractually bound to maintain the same high standard of data protection and information security as Netgraph.
- How do you ensure the scalability and performance of your SaaS product? What measures are in place to handle increased load and ensure consistent performance?
The Netgraph Connectivity Platform is architected as a cloud-native, microservices-based platform, built for horizontal scalability and high availability. The system is actively distributed across three Availability Zones within our cloud provider’s infrastructure (AWS & ELASTX), enabling resilient operations, load balancing, and fault tolerance by design.
This architecture ensures that:
- Services can be scaled independently based on demand
- High availability is maintained even in the event of a failure in one Availability Zone
- Resource utilization can be optimized in real-time to maintain performance
- Can you describe your approach to designing and implementing security measures within your system?
Security is an integral part of our system architecture. Our approach includes:
- Role-based access controlsto limit data access to authorized users only
- Encryption of all personal dataat rest and in transit
- Audit loggingfor both administrative and end-user actions
- Structured incident response management, led by a designated Incident Commander within our Data Protection & Privacy team
- Sub-processors are selected based on their compliance with relevant data protection frameworks and are subject to strict contractual security obligations
- How is data encrypted both at rest and in transit within your system? What encryption standards and protocols do you use?
We ensure robust data protection through encryption:
- At rest:All stored data is encrypted using the AES-256 standard
- In transit:Data is encrypted using TLS 1.2
This applies to all administrator credentials and end-user device data transmitted and stored by the platform.
- How do you manage multi-tenancy within your system to ensure the separation and security of customer data?
Our platform is built to support multi-tenant environments with strict data separation:
- Each customer instance is logically isolated
- Access to data is restricted and governed by policy-based controls
- Customers can configure access rules, usage policies, and retention periods independently
- Data visibility is scoped so that only the customer and authorized Netgraph personnel (for support purposes) can access the relevant data
This always ensures complete data segregation and confidentiality between tenants.