We believe that every user should take an interest in the privacy of their data and understand what measures have been taken to ensure that privacy. This document is created to provide you with an overview of some of the steps we have taken in order to ensure our user's privacy and security is maintained.
Separation of Store and App user information
Our online store where customers purchase Mango Mirror is hosted with Shopify the most secure and industry leading e-commerce platform.
Our App backend database is hosted with Amazon Web Services (AWS) which is the worlds most secure and trusted cloud platform used and trusted by companies like the Nasdaq and the FDA.
For our users, this means that if you purchased Mango Mirror you would have an account on our store and a separate account on the App. While this may be inconvenient, we have made this choice on purpose. Why did we choose this? To make sure there is no way to link a user's app data back to a users real identity.
Online Store: When you purchase Mango Mirror we require Personally Identifiable information (PII) like first and last name, address and payment information. All of this information is required in order to verify payment and complete shipping. We do not assign any App related information to this account. This account is purely for the purchase transaction.
App: When you sign up on the app we only ask for your email address and display name as mandatory. It is to this account that we assign all the data that is required to be displayed on Mango Mirror for that user. But we also encrypt your e-mail address using AWS Key Management Service, so that only our application can retrieve the key to authenticate a user when they log in. Any other PII (or close to PII) classified information provided in the widgets that you use, like approximate location used in the weather widget or attendees of a meeting are similarly encrypted. Furthermore all requests for the key to encrypt/decrypt that data is logged so that there is a complete trail of the key being used by our application for our security auditing purpose.
What this means is that even our authorized employees who have access to our database for technical reasons can't obtain the email addresses or any PII of our App users, each user is simply stored and displayed a random unique string of characters. This allows us to anonymously store the data and run our analytics and machine learning algorithms to provide you with extremely valuable insights, without ever being able to identify you. We give you insight on your data but we can never identify who you are.
No information is stored on Mango Mirror device. Everything that you see displayed is served up from memory and cleared after the session. So if you were to connect and use Mango Mirror at a friends place or a hotel, you can rest assured that your data is not available for anyone to review after you have left. Also, Mango Mirror's operating system data and files (non user data) is stored encrypted on disk.
Third Party integration
Whether data is displayed via Apple Health, Fitbit or Twitter, we only use the authentication methods made available by these services and use the data in accordance with the terms of those services. So we never see or store your user account for those services, you simply authorize those services to provide the data to us, and you can revoke that authorization anytime from those services.
User and Mango Mirror specific authentication. If someone else tries to impersonate you and logs into the app on their phone with your username and password, they will not be able to see any of your data over the web or even if they own another Mango Mirror. This is because your data is linked to you and the specific Mango Mirror you added to your profile.
Hyper Text Transfer Protocol Secure (HTTPS)
Mango Mirror communicates to our AWS backend servers via HTTPS and Secure MQTT. All connections to our backend server via our App also happen over HTTPS.
We've implemented both client side and server side certificates (mutual authentication) to ensure that both the backend server and Mango Mirror can authenticate each other before sharing any data between them.
Mango Mirror securely pairs and communicates with your iPhone during the initial setup of any later communication. All data sent and received is encrypted.
Automatic OS updates
Mango Mirror OS is constantly being updated with new features, fixes and security enhancements. These updates happen automatically and in the background to ensure that your device is running our latest software.
Mango Mirror uses beacon technology in order to identify which user profile to display based on the proximity of the user's phone. In order for this feature to work without you opening the Mango Mirror App every time, iOS requires that we obtain 'Always' authorization to location services using their Core Location Framework. We do not track, capture or store your location for this purpose. It is only used by iOS to notify our App when you are in proximity to Mango Mirror so we can display your information.
If you choose use 'current location' in the weather widget in the Mango Mirror App we capture and store the approximate location during setup (or when modified) to provide you with the most accurate local weather.
Deleting your Information
You are in charge of your information. If you decide to no longer use our services, you can chose to delete your account and all related data immediately from our servers via the Mango Mirror App. We do not inactivate your account, we delete it completely. If you decide to join us again, you can setup an account again.
Sharing of Information
Simple. We do not share or sell the information you choose to display on Mango Mirror with any other party.
We hope that this document provides you with a glimpse into how seriously we take the privacy and security of our users.
If you have any questions or concerns about our privacy or security policies please contact us.