Data & Privacy
Data, including the type of data processed, storage location, retention period, encryption methods, data transfer, and isolation practices, are key considerations when handling privacy.
Types of Data
The system processes and stores various types of data, each serving a specific purpose and requiring appropriate handling. The data types are categorized as follows:
Data | Format |
---|---|
Data about watchlists, cameras, detections, and matches | Relational database |
Face Templates | Numeric vector |
Enrollment Pictures | Image |
Detected Faces | Image |
Detected Pedestrians | Image |
Detected Objects | Image |
Full images of particular detections | Image |
Face Biometry
Mechanism
When Face Detection is turned on (default setting), the face detection neural network analyzes incoming frames for faces.
Each segment passing quality threshold is sent to face extraction neural network that creates face template. A face template is a mathematical vector representation of a face. The original image or physical appearance cannot be reversibly reconstructed from this data. Primary purpose of face template is matching between each other for similarity - vector comparison.
The face template itself is anonymous - it does not contain any name, ID, or personal details.
Each extracted template is compared to all enrolled templates in a process called matching.
Privacy
SmartFace can be configured to store
- All detected faces - all detected (matcher or not-matched) faces are stored in database for defined retention period
- Matched faces only - only matched faces are stored in database for defined retention period. Not-matched faces, i.e. people that are not enrolled and walking around are not stored at all.
Considerations
Detected pedestrians or objects may include faces of people passing by that haven’t been processed or matched. Also, the full image of a detection might contain faces or details that weren’t specifically targeted. For instance, when focusing on detecting cars or trucks, a pedestrian’s visible face or a truck driver’s face might still appear in the background or in a cropped part of the image.
Data Storage Locations
There are two data storage systems:
- Relational databases, either PostgreSQL or Microsoft SQL
- BLOB storage, either Min.IO or AWS S3
Type of Data | Storage | Configurable |
---|---|---|
Relational data about watchlists, cameras, detections, and matches | Relational database | No |
Face Template | Relational database | No* |
Enrollment Pictures | BLOB storage | Yes |
Detected Faces | BLOB storage | Yes |
Detected Pedestrians | BLOB storage | Yes |
Detected Objects | BLOB storage | Yes |
Full images of detected modalities | BLOB storage | Yes |
Data Retention Period
The retention period can be configured from one to an unlimited number of days. Data is continuously stored, with a cleanup job running daily that safely deletes all data older than the defined age.
BLOB data storage for images can be turned off entirely, so no pictures of detected faces, pedestrians or objects is stored at all.
Data Encryption
Data encryption includes two parts: encrypting data at rest (where it is stored) and encrypting data in transit.
Encryption at Rest
Full disk encryption is recommended. Additionally, each data storage service supports further encryption:
Encryption in Transit
All internal SmartFace communication can be configured to run encrypted via TLS. Running TLS requires custom TLS certificates, so by default, this is disabled.
Data Transfer
The SmartFace solution (SmartFace Station, SmartFace Platform, SmartFace Embedded Stream Processor) only downloads binaries, executables, and Docker images over the internet. If needed, these components can be downloaded to another machine and transferred into an isolated environment via local storage (e.g., USB).
In default configuration SmartFace does not send any data to the internet. Each SmartFace component communicates with others via a (local) network; no internet connection is required.
Data Isolation
Multiple deployment strategies are available, ranging from public internet-facing deployment to completely isolated, secure local networks without internet access.
Single Machine Deployment
SmartFace is deployed on a single machine with a USB camera directly attached or IP cameras on a secured, isolated LAN without internet access. No data leaves the SmartFace machine.
Single Machine on Local Network
SmartFace is deployed on a secured, isolated LAN without internet access. One or many IP cameras or Edge devices are connected in the LAN. No data leaves the LAN.
SmartFace in a Datacenter
SmartFace is deployed in a datacenter, with one or many Edge devices sending data over the internet via SSL-secured connections. Data is securely stored in the datacenter.
SmartFace on Multiple Locations
Multiple SmartFace instances are deployed at different locations connected over the internet. Data is securely stored at each location and transmitted over the internet via TLS secured connections.