Privacy & Security
We believe that every user should take an interest in the privacy of their data and understand what measures have been taken to ensure that privacy. This document is created to provide you with an overview of some of the steps we have taken in order to ensure our user’s privacy and security is maintained.
App user information
Our App backend database is hosted with Amazon Web Services (AWS) which is the worlds most secure and trusted cloud platform used and trusted by companies like the Nasdaq and the FDA.
App: When you sign up on the Mango Mirror app we only ask for your email address and display name as mandatory. It is to this account that we assign all the data that is required to be displayed on Mango Display for that user. But we also encrypt your e-mail address using AWS Key Management Service, so that only our application can retrieve the key to authenticate a user when they log in. Any other PII (or close to PII) classified information provided in the widgets that you use, like approximate location used in the weather widget or attendees of a meeting are similarly encrypted. Furthermore all requests for the key to encrypt/decrypt that data is logged so that there is a complete trail of the key being used by our application for our security auditing purpose.
What this means is that even our authorized employees who have access to our database for technical reasons can’t obtain the email addresses or any PII of our App users, each user is simply stored and displayed a random unique string of characters. This allows us to anonymously store the data and run our analytics and machine learning algorithms to provide you with extremely valuable insights, without ever being able to identify you. We give you insight on your data but we can never identify who you are.
No information is stored on Mango Display device. Everything that you see displayed is served up from memory and cleared after the session. So if you were to connect and use Mango Display at a friends place or a hotel, you can rest assured that your data is not available for anyone to review after you have left. Also, Mango Display’s operating system data and files (non user data) is stored encrypted on disk.
Third Party integration
Whether data is displayed via Apple Health, Fitbit or Twitter, we only use the authentication methods made available by these services and use the data in accordance with the terms of those services. So we never see or store your user account for those services, you simply authorize those services to provide the data to us, and you can revoke that authorization anytime from those services.
User and Mango Display specific authentication. If someone else tries to impersonate you and logs into the app on their phone with your username and password, they will not be able to see any of your data over the web or even if they own another Mango Display. This is because your data is linked to you and the specific Mango Display device you added to your profile.
Hyper Text Transfer Protocol Secure (HTTPS)
Mango Display App communicates to our AWS backend servers via HTTPS and Secure MQTT. All connections to our backend server via our Mango Mirror App also happen over HTTPS.
We’ve implemented both client side and server side certificates (mutual authentication) to ensure that both the backend server and Mango Display can authenticate each other before sharing any data between them.
Mango Display App securely pairs and communicates with Mango Mirror App on your iPhone during the initial setup. All data sent and received is encrypted.
Automatic OS updates
Mango Display OS is constantly being updated with new features, fixes and security enhancements.
If you use multi user mode Mango Mirror App uses beacon technology in order to identify which user profile to display based on the proximity of the user’s phone. In order for this feature to work without you opening the Mango Mirror App every time, iOS requires that we obtain ‘Always’ authorization to location services using their Core Location Framework. We do not track, capture or store your location for this purpose. It is only used by iOS to notify our App when you are in proximity to a Mango Display device so we can display your information.
If you choose use ‘current location’ in the weather widget in the Mango Mirror App we capture and store the approximate location during setup (or when modified) to provide you with the most accurate local weather.
Deleting your Information
You are in charge of your information. If you decide to no longer use our services, you can chose to delete your account and all related data immediately from our servers via the Mango Mirror App. We do not inactivate your account, we delete it completely. If you decide to join us again, you can setup an account again.
Sharing of Information
Simple. We do not share or sell the information you choose to display on Mango Display with any other party.
We hope that this document provides you with a glimpse into how seriously we take the privacy and security of our users.
If you have any questions or concerns about our privacy or security policies please contact us.