Q -How does Clarity manage data privacy, protection and security ?
A - At Alchemy IoT privacy, security and data protection are the areas of paramount importance.
Security and identity checks for data transmissions :
All traffic to and from Clarity is encrypted over Transport Layer Security (TLS) version 1.2 and secured with mutual authentication and encryption.
TLS is used to ensure the confidentiality of the application protocols (MQTT, HTTP) supported by Alchemy IoT.
For MQTT, TLS encrypts the connection between the device and the broker. TLS client authentication is used to identify IoT devices. For HTTP, TLS encrypts the connection between the device and the broker. Authentication is delegated to AWS Signature Version 4.
Access authentications and secure views of Clarity UI :
All accesses and specific views of the Clarity data are controlled through a password protected and authenticated scheme. Administrator for the tenant has control and modify authority for the users and user groups for these accesses and granted views.
Data protection and retention :
All user data is securely stored in the Clarity app MongoDB in a persistent state and routinely backed up. User data retention is for a period of 4 days from the last data received meaning there will be a maximum of 4 days of customer data in the app at any given time.
Data ownership and dissemination policy :
User data ownership remains with the app tenant or the "customer" as it relates to the telemetry data tables. Alchemy IoT will only disseminate use case data in form of the derived results with no discernible identity labels or under a "Reference Account" agreement with the customer.
OAuth 2.0 :
All http and third party access into the Clarity UI or RESTful Apis is thru the OAuth 2.0 protocol and Server-Client Token framework that Clarity implements. The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf.