Log in
Log in
Log in

Security

securityProtecting your data with enterprise-grade security everywhere

Access Control Framework

Role-based access, MFA, and device trust enforce least privilege across dashboards, APIs, player endpoints, and logs everywhere.

Data Encryption Standards

AES-256 at rest and TLS 1.2+ in transit safeguard databases, backups, uploads, and secrets; keys protected with TPM-backed storage hardware.

Secure Update Pipeline

Signed firmware and app releases prevent tampering; staged rollouts, health checks, and rollback ensure resilient deployments safely.

Enterprise LTSC Platform

Windows IoT Enterprise LTSC provides locked-down stability, predictable updates, and up to 10 years of support for secure, reliable deployments.

Security & Compliance

At Pickadspace, we prioritize platform security to ensure data integrity, user privacy, and system reliability. Our security architecture is designed to safeguard both advertiser and establishment data while optimizing performance through cutting-edge technologies. This report details the measures taken to secure the Pickadspace platform.

Edge Processing for Enhanced Privacy and Security

  1. AI-Based People Counting at the Edge
    1. Our digital signage units process viewership data at the edge to maintain privacy and reduce latency.
    2. The AI-based system counts people in front of the signage unit and categorizes them based on gender and age group.
    3. No images, videos, or personally identifiable information (PII) are captured or transmitted to the cloud.
  2. Data Transmission
    1. Only numerical count data is sent to the cloud, ensuring no raw video or visual data is stored or transmitted.
    2. End-to-end encryption secures data transmission, protecting it from unauthorized access.
    3. The system undergoes frequent third-party security audits to ensure compliance with industry standards.

OS Security & Software Patching

  1. Operating System Hardening
    1. Our signage units run on a hardened version of the OS to minimize attack vectors.
    2. Unnecessary services and ports are disabled to reduce exposure to threats.
    3. Secure boot mechanisms prevent unauthorized firmware modifications.
  2. Regular Security Updates & Patch Management
    1. We deploy routine OS security patches to ensure protection against known vulnerabilities.
    2. Automated monitoring detects outdated software versions and flags them for immediate updates.
    3. We subscribe to vendor security bulletins to stay informed about critical patches and updates.
  3. Controlled Access & Privileged Operations
    1. Access to the signage device OS is strictly restricted to authorized personnel.
    2. Secure shell (SSH) access is limited and protected by IP whitelisting and strong cryptographic keys.

Cloud Infrastructure & Data Security

  1. Encrypted Data Storage
    1. All viewership data is stored in encrypted databases using AES-256 encryption.
    2. Advertisers can only access aggregated viewership insights and not individual establishment-level data, thereby safeguarding business-related information from being exposed to competitors.
    3. Personal financial information is never stored on our servers—transactions are processed through third-party, PCI-compliant payment processors. We do retain bank account details solely to facilitate outgoing payments, but we never store credit or debit card information.
    4. Bank account details are stored in isolated systems and encrypted both at rest and in transit.
  2. Secure APIs & Role-Based Access Control
    1. Our APIs enforce strict authentication and authorization policies.
    2. Role-based access control (RBAC) ensures that only authorized users can access sensitive information.
    3. API calls are monitored and rate-limited to prevent abuse and attacks such as DDoS (Distributed Denial of Service).
  3. Incident Response & Threat Detection
    1. A dedicated Security Operations Center (SOC) monitors and responds to potential threats.
    2. Intrusion detection systems (IDS) track anomalous activities and trigger alerts for investigation.
    3. Users are notified in case of any detected data breaches, and corrective measures are immediately deployed.

Device Security & Physical Protection

  1. Tamper Detection Mechanisms
    1. We employ tamper detection both inside and outside all signage units. Any suspected tampering will prompt a thorough investigation and may result in account termination if unauthorized activity is confirmed.
    2. Our field agents conduct routine inspections to validate device integrity and ensure ongoing compliance.
  2. Secure Hardware & Firmware Management
    1. Firmware updates are cryptographically signed to ensure only verified updates are applied.
  3. Theft Protection Measures
    1. Each signage unit is registered and mapped to its deployment location.
    2. In case of theft, a remote wipe command can disable the device, ensuring that no data can be retrieved.
    3. Establishments must report thefts immediately and cooperate with law enforcement for recovery.

Compliance & Legal Adherence

  1. Regulatory Compliance
    1. We are ISO 27001 certified to protect the confidentiality, integrity, and availability of all customer, operational, and system data.
    2. Our signage units are BIS-certified, ensuring compliance with Indian quality, safety, and performance standards.
    3. Regular legal reviews ensure that Pickadspace aligns with regional and international security best practices.
  2. Data Retention Policies
    1. Viewership data is stored for three years and archived for an additional six years for internal audits.
    2. Application users can review our Privacy Policy for full transparency on how we collect, process, and protect their personal data.

App Security Audit

  1. Security Scan
    1. We perform regular Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) scans to identify and remediate vulnerabilities in our application.
    2. These ongoing security assessments ensure our app remains robust and protected against emerging threats.
  2. Vulnerability Disclosure & Bug Bounty
    1. Please refrain from running automated scans or testing tools against our production environment.
    2. We welcome responsible disclosures—report any security defects to security@pickadspace.com, and you’ll receive public acknowledgment, credits, and a small token of appreciation.

Conclusion & Future Security Enhancements

Pickadspace continuously invests in cybersecurity enhancements to stay ahead of emerging threats. Future plans include:

  1. Integration of AI-driven anomaly detection.
  2. Expansion of zero-trust architecture to further restrict unauthorized access.
  3. Enhanced encryption protocols for data at rest and in transit.

By implementing these security measures, we ensure the safety, reliability, and integrity of the Pickadspace platform, providing a secure and trusted environment for advertisers and establishments alike.

For security-related inquiries, contact: security@pickadspace.com