Enterprise-Grade Security & Compliance
Protect your network, your data, and your reputation. IronWiFi is built from the ground up with the security controls and compliance certifications that regulated industries require.
Certifications & Standards
Built to meet the security requirements of the most regulated industries
SOC 2 Type II
Our infrastructure and processes are audited annually against Trust Service Criteria for security, availability, and confidentiality.
HIPAA Ready
Technical safeguards, access controls, and audit logging that meet HIPAA requirements. BAA agreements available.
GDPR Compliant
Data residency controls, right-to-erasure support, consent management, and DPA agreements for EU data protection.
CCPA Compliant
California Consumer Privacy Act compliance with data access, deletion, and opt-out capabilities.
ISO 27001 Aligned
Information security management practices aligned with ISO 27001 standards.
PCI DSS Ready
Payment card data protection when processing WiFi access payments through our captive portal.
Complete Audit Trail
Every authentication event is logged with who connected, what device they used, when they connected, and which access point they used. Immutable logs that satisfy even the most demanding compliance audits.
- Full authentication event logging
- Device and AP identification
- Timestamp and geolocation data
- 12+ month default retention
- Export to CSV, Syslog, or SIEM
Data Residency You Control
Choose where your authentication data lives. With 6 global regions, your data stays in the jurisdiction you need — no exceptions, no surprises.
- US East (Virginia)
- US West (Oregon)
- Europe (Frankfurt)
- Asia-Pacific (Singapore)
- Australia (Sydney)
- Canada (Montreal)
Encryption at Every Layer
From the moment a device connects to the last byte of stored data, everything is encrypted.
- TLS 1.3 for all connections
- RadSec (RADIUS over TLS) support
- Certificate-based authentication (EAP-TLS)
- AES-256 encryption at rest
- Perfect forward secrecy
Agreements for Regulated Industries
Whether you need a Business Associate Agreement for HIPAA or a Data Processing Agreement for GDPR, we've got you covered. Our legal team works with yours to ensure every requirement is met.
Business Associate Agreement (BAA)
Required for healthcare organizations handling PHI. Our BAA covers all IronWiFi services including authentication logging, data storage, and support interactions.
Contact SalesData Processing Agreement (DPA)
Required for GDPR compliance when processing EU personal data. Covers data handling, sub-processors, breach notification, and data subject rights.
View DPAFrequently Asked Questions
Is IronWiFi HIPAA compliant?
Yes. IronWiFi supports HIPAA compliance requirements with encrypted data transmission (TLS 1.3), complete audit logging of all authentication events, role-based access controls, and Business Associate Agreements (BAA) available for healthcare organizations. All authentication data is encrypted at rest and in transit.
Does IronWiFi offer a BAA?
Yes. We provide Business Associate Agreements for healthcare organizations and Data Processing Agreements for GDPR compliance. Contact our sales team to request your agreement.
Where is my data stored?
IronWiFi operates across 6 global regions — US East, US West, Europe (Frankfurt), Asia-Pacific (Singapore), Australia (Sydney), and Canada (Montreal). You choose where your data lives, and it stays there. This ensures compliance with data sovereignty requirements like GDPR and regional privacy laws.
How long are audit logs retained?
Authentication logs are retained for a minimum of 12 months by default. Extended retention periods are available on Enterprise plans. All logs include who authenticated, from what device, at what time, and which access point — providing the complete audit trail regulators require.
Ready to Secure Your Network?
Start a 14-day free trial with full access to enterprise security features. No credit card required.