Security, privacy and data

How video is handled, protected and controlled

The most reasonable objection to AI CCTV is also the most common one: you are asking us to watch our policyholders' sites. This page sets out exactly how that is done responsibly, and where each control is agreed per deployment rather than assumed.

Behaviour, not identities

Faces are blurred by default. The system is built to recognise hazards and unsafe behaviour, not to identify people.

Processing where you choose

Video can be analysed on site (edge) so footage never leaves the premises, or in secure cloud infrastructure. The choice is made per deployment.

Data minimisation

Footage is processed only for the risk use cases agreed in writing. It is not retained or repurposed beyond them.

Retention set per deployment

Retention periods are configured, agreed and documented for each deployment rather than left open-ended.

Controlled, logged access

Who can see what is set per deployment, with access controlled and logged.

The customer owns their data

Data belongs to the customer and reaches an insurer only with their recorded consent, under clear policy terms. Sharing stops if consent is withdrawn.

How data sharing works

Nothing is shared without consent

Data only moves to an insurer when the customer has agreed to it, and only within the limits they agreed to.

01

Consent is captured

The customer agrees, in clear terms, to share defined camera-derived data with their insurer and partners.

02

Only the agreed data flows

With consent in place, the relevant risk data is shared. Faces are blurred and the scope is limited to the agreed use cases.

03

It stays in the customer’s control

The customer can review and withdraw consent. Without it, data sharing is disabled.

Where processing happens

On site, or in secure cloud. Agreed up front.

Every deployment chooses where video is analysed. Edge processing runs on a small compute device at the site itself, so raw footage stays on the premises and only risk events and alerts leave it. Secure cloud processing suits sites without spare hardware capacity. Which applies, and where the data lives, is agreed and documented before anything goes live.

  • Privacy by design and data minimisation from the outset
  • Support for data protection impact assessments (DPIAs) where appropriate
  • A defined lawful basis and documented processing purposes per deployment
  • Data-sharing agreements that set out exactly what flows to whom
  • Designed to meet UK GDPR obligations, including ICO CCTV guidance

Being specific

If a control is not listed here, ask us

Specific technical and organisational measures are agreed and documented per deployment as part of the data protection impact assessment, because sites and risk appetites differ. We would rather walk your compliance team through exactly how a deployment is configured than offer vague reassurance. For how the AI itself is used and overseen, see our AI transparency statement. For how this website handles your data, see the privacy policy.

Bring your compliance team

We are happy to walk compliance and underwriting through exactly how video is processed, blurred, stored and shared for a given deployment.