Privacy At Protex AI

‍At a Glance

• Live CCTV streams: Processed in real time on an on-site edge device and never stored in full. Only short event clips (e.g., 10 seconds) are generated when a configured risk is detected, then encrypted and stored securely in the cloud for review.
  
• Privacy-first features: Facial blurring, full-body blurring, and silhouette ghosting are configurable per site.
  
• Hybrid architecture: Local edge processing for speed and privacy; secure cloud platform for analytics and reporting.
  
• No biometric identification: Models detect safety and operational events and behaviours, not personal identity.
  
• Robust security controls: TLS 1.2+ encryption in transit, AES-256 at rest, role-based access, MFA, and full audit logs.

How Protex AI Works

1. Footage Source
Protex AI connects to your existing fixed-position CCTV cameras via RTSP (Real-Time Streaming Protocol). The live feed is processed on-site by the Protex AI edge device. The stream itself is never stored. It’s analysed in real time and discarded.

2. Event Detection
Our computer vision models detect predefined safety and operational risks (e.g., PPE non-compliance, unsafe behaviours, vehicle proximity). Models are trained to recognise objects and actions in the physical environment. Not to identify individuals.

3. Privacy Features at the Edge
Before any event footage leaves your site, privacy features such as facial blurring, full-body blurring, or ghosting can be applied. 

4. Cloud Analytics & Insights
When a configured event is detected, the system captures event metadata and an anonymised, encrypted 10-second video clip. This is sent securely to the Protex AI cloud platform, where you can search, review, and analyse events.

5. Security & Access Controls
Data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Role-based access controls (RBAC) and multi-factor authentication (MFA) ensure only authorised users can access event data. All access is logged for audit purposes.

Privacy Features You Can Configure

Our edge device is deployed on-site and processes event video locally. Before any event footage is transmitted to the cloud, you can apply privacy features to help meet legal obligations and your organisation’s internal policies.

• Ghosting: Removes people entirely from event footage by replacing them with a neutral background, creating a “ghost-like” effect where the person’s outline is no longer visible.
• Full Body Blurring: Applies a blur over the entire person in the footage, obscuring both facial features and body shape while retaining the context of the surrounding scene.
• Facial Blurring: Blurs only the face of individuals in the footage, keeping the rest of the image clear so the event context remains visible.
• No Blurring: Leaves footage unaltered, preserving all visual details.
• Videoless: Protex AI can be configured to operate in a videoless mode. In this setting, no video clips are retained or accessible through the platform. Only event metadata and analytics are available.

Our Privacy & Compliance Principles

No biometric identification
Protex AI does not use AI models or other technology to identify or verify individuals using biometric identifiers (e.g., facial features, gait, voice).

Privacy by design & default
Privacy is embedded into our product development lifecycle, from model training to feature design.

Contractual safeguards
Our Data Processing Addendum (DPA) details our technical and organisational measures.

Support for DPIAs & employee communications
We provide a DPIA template and an Employee Communications Playbook to help clients meet privacy obligations and build workforce trust. View our Privacy Policy.

Technical & Privacy FAQ

AI Use Summary
Protex AI uses computer vision models deployed on an on-site edge device to analyse live CCTV streams and detect predefined safety and operational risks. Models are trained to recognise objects, activities, and PPE usage. Not to identify individuals or perform biometric analysis. 

When a configured risk is detected, the system captures event metadata and an anonymised, encrypted 10-second clip, which is sent securely to our cloud platform for analytics and review. The Protex Intelligence™ generative AI layer provides contextual insights, trend analysis, and predictive analytics based on aggregated event data, but does not create individual-level profiles or make automated decisions with legal or employment consequences.

1. Does the tool use live or recorded CCTV footage?
Protex AI processes live CCTV streams via RTSP (Real-Time Streaming Protocol) from fixed-position security or operational cameras. Streams are analysed in real time on-site by our edge device and never stored.

2. How is the tool configured to monitor specific risks?

Risk monitoring is fully configured through the Protex AI platform using our flexible rule builder, which allows you to:

• Select specific cameras to monitor.
  
• Define zones of interest within each camera’s field of view.
  
• Choose event or risk types (e.g., PPE non-compliance, unsafe behaviours, vehicle to person proximity).
  
• Adjust sensitivity thresholds (e.g., speed, distance) and set exclusion zones to avoid false positives.
  

3. Is Protex deployed on-premises or via the cloud?
Protex AI uses a hybrid deployment model:

• On-premises: An edge compute appliance is connected to the local camera network, processing video feeds locally in real time.
  
• Cloud: When a configured risk is detected, the system captures associated metadata and an encrypted 10-second video clip. This clip is sent securely to the Protex AI cloud platform, where it is used to provide analytics, reporting, and event review capabilities. If a privacy feature has been configured (e.g., facial blurring), the event video clip will have that feature applied before transmission to the cloud.

4. Does Protex AI process biometric data for the purpose of identifying individuals?
No.  Protex AI does not perform biometric identification. Our computer vision models are trained to detect and classify safety and operational-related events and behaviours, not to verify or recognise an individual’s identity.

5. What safeguards prevent biometric identification?

• Flexible privacy controls. Configurable facial blurring, full-body blurring, or silhouette “ghosting,” with adjustable blur intensity.
  
• Model architecture excludes any biometric identification or facial recognition capability.
  
• Training datasets are curated to detect object types, PPE usage, and actions, not to recognise individuals.
  
• Privacy by design. All features undergo privacy impact review to ensure no identity-matching functionality is introduced.
  

6. How is footage associated with identified risks flagged and accessed?

• Events are time-stamped, tagged by event type, and linked to the originating camera.
  
• A 10-second event video clip is generated and stored securely in the platform.
  
• Role-based access controls (RBAC) and Multi factor authentication (MFA) restrict who can view or download event footage.
  
• All access to event video footage is logged for audit purposes.

7. Does Protex provide a DPIA or other resources?
Protex AI is committed to helping deployments of Protex AI meet global privacy laws and requirements. 

We make available:

• A partially completed Data Protection Impact Assessment (DPIA) template to support you in creating your own DPIA when deploying Protex AI.
• An Employee Communications Playbook. This is a ready-to-use toolkit to help explain the deployment of Protex AI clearly, consistently, and transparently to employees.
• Security and privacy resources (ISO 27001 certificate, privacy policies, and technical documentation) available through our Trust Centre (NDA required for some materials).

You can also find details of our processing activities and Technical and Organisational Measures (TOMs) in our Data Processing Addendum (DPA).

8. What safeguards ensure compliance with privacy laws?

• Privacy by design & default embedded into the product lifecycle.
  
• System architecture in alignment with GDPR, CCPA, and other global privacy laws.
  
• ISO 27001 certification.
  
• Data minimisation. We process only what is required for event/risk detection and associated insights.
  
• Configurable data retention policies with automatic deletion made available through the platform.
  
• Encryption. TLS 1.2+ in transit, AES-256 at rest.
  
• Role-based access controls and full audit logs for all access.

Compliance & Certifications

We are ISO 27001 certified and aligned with GDPR, UK DPA, CCPA, and other applicable privacy frameworks.

Trust Centre

Our Trust Centre is your gateway to our current security documentation and third-party assessments. Available materials include: our ISO/IEC 27001 certification, a copy of our latest third-party penetration test summary, and a catalog of internal security policies. To protect the confidentiality of this information, access is granted under a non-disclosure agreement (NDA). Upon execution, authorised stakeholders will receive secure access to the requested materials.

‍