Security and Privacy
We know how important your data is, and we take its security and privacy very seriously. This document provides a deep dive into our security practices, protocols and privacy.
Nirovision leverages world-class partners that meet the strictest compliance standards. Our authentication partner is Auth0, an industry leading identity management platform. Our cloud infrastructure provider is AWS, with all data being stored and transmitted solely in Australia
Where is your information stored?
Your on-premise server stores video footage with a rolling- delete functionality, which automatically deletes old footage once you reach 80% HDD capacity.
Your identity metadata is stored in the cloud for 60 (sixty) days, but non-standard retention times can be accommodated. Similarly, faces detected that have not been added to an identity expire after 60 (sixty) days, however custom retention periods can be accommodated upon request.
The model (your database comprising all your identities) is stored in the cloud infrastructure, with your local server/s containing a copy of the latest model available. Your model (and the data contained within) has no expiration date.
Nirovision will not sell your data nor send to any third- party company without your explicit consent.
Our cloud infrastructure provider is AWS, with all data being stored and transmitted solely in the AWS Sydney Availability Zone. In 2019, the Australian Cyber Security Centre (ACSC certified AWS for hosting Australian Government data classified up to the PROTECTED classification level.
Security and privacy operations and best practices
Nirovision adheres to international control standards that are applicable to our product development and our operations. Our engineers work with our auth and cloud providers to ensure our software and infrastructure has security patches applied wherever possible.
AWS certifications include
• HTTPS APIs using 256bit SSL encryption. All outbound and inbound traffic securely transferred in this way.
• RS265 signed JWTs for authentication (Auth0), in line with OIDC compliance.
• AES-256 server-side encryption for data stores.
• A combination of AWS-KMS and IAM resource policies, derived from using AWS infrastructure.
Management of your data
While Nirovision manages security of the cloud through AWS and Auth0, security in the cloud is the responsibility of the customer, as customers retain control of what security and privacy procedures they choose to implement to protect their users, their generated content when using Nirovision, their systems and network.
We adhere to the Australian Privacy Principles contained in the Privacy Act 1988 (Cth) and to the extent applicable, the EU General Data Protection Regulation (GDPR).
Biometric data is sensitive information and Nirovision takes every measure to protect it.
Each time you select a face to create or update an identity, Nirovision extracts its facial features and generates a fingerprint as a random alphanumeric string of code. This anonymizes the facial data therein, the fingerprint cannot be reverse engineered back into a photo. When you compare faces and identities in our system, you are actually comparing fingerprints.
Identities don’t require a name to be stored in our system, so you can use any naming convention of your choice, along with custom metadata as you require.
Access to data
Nirovision will not sell your data nor send to any third-party company without your explicit consent. Nirovision will only access your data on permission for troubleshooting purposes.
Sign up to our newsletter
Never miss a thing. Get our monthly newsletter to stay up to date on company updates, new feature announcements and more.