Privacy is the architecture, not a policy

The three things to know

1. Device identifiers never leave the Collector. They are anonymised and processed for less than 60 minutes and then discarded — not hashed, not stored, not transmitted.
2. Only aggregate counts are sent. About 10 KB an hour per Collector. No identifier of any kind, raw or transformed, traverses the network.
3. It's not personal data. The information that leaves a Collector cannot single out, link to, or infer about any individual. It aligns with the safe-harbour described in the ICO's 2016 Wi-Fi Location Analytics guidance.

What the ICO actually said

Remove identifiable elements by, for example, anonymising the MAC address so that individuals cannot be identified, where this would still enable a data controller to achieve the specified purpose of data collection (e.g. where the data controller's intention is to measure the number of visitors to a store, only).

Crowd-Sense goes one step further than the ICO's example: identifiers aren't anonymised by hashing — they're deleted. We hold this is the strongest defensible posture under UK GDPR.

How we're different from other vendors

Most Wi-Fi analytics products from the past decade hash MAC addresses and retain them in a back-end database. Mobile-SDK aggregators collect location data via consenting apps. Camera vendors do on-device inference but the camera is the issue. Crowd-Sense rejects all three patterns: no back-end identifier database, no SDK consent chain, no image, no audio.

For your DPO

We provide compliance-grade documentation for any deployment: DPO technical note, DPIA template, methodology disclosure, and venue signage artwork. The full architectural verification packet — including firmware source review — is available under NDA. Get in touch.