Fortix AI – Security and Data Protection Policy

1. Project Aims and Data Processing

Fortix AI is a cloud-based CCTV platform enhanced with AI-driven object recognition and continuous learning. The platform provides intelligent surveillance services such as object detection, behavior analysis, and incident alerts, primarily for commercial and industrial clients.

  • Continuous video and image data ingestion from 4G CCTV cameras.
  • Automated AI processing for real-time event detection.
  • Metadata generation and event tagging.
  • User access control for review and alert handling.
  • Optional long-term data storage for forensic analysis or training improvements.

2. Data Storage

All data is stored electronically, mainly in the cloud:

  • Real-time processing at the edge (AI edge computers).
  • Short-term encrypted caching on edge devices.
  • Cloud storage (e.g., AWS S3) for video clips, alerts, and metadata.
  • No physical storage used, except for temporary edge buffering.

Encryption: AES-256 at rest, TLS 1.2+ in transit.

3. Data Review Process

  • Automated Review: AI models tag and flag video data in real-time.
  • Manual Review: Authorized users can review flagged events via secure dashboard.

All sessions are logged with audit trails.

4. Data Monitoring

  • Automated anomaly detection in video feeds.
  • Real-time dashboard showing health, alerts, and events.
  • SIEM integration and immutable logs with periodic reviews.

5. Access Control

Access is limited to authorized roles using:

  • Role-Based Access Control (RBAC)
  • Multi-Factor Authentication (MFA)
  • Single Sign-On (SSO)

User roles include Client Admins, Fortix Operations, and AI Dev Team (sandbox only).

6. Data Processing Mechanism

  • Edge: Real-time AI analysis
  • Cloud: Event enrichment, storage, analytics
  • No third-party sharing without consent/legal basis

7. Purpose of Data Storage

  • Live surveillance and alerting
  • Post-event analysis
  • Model training (optional)
  • Regulatory compliance

Storage is configurable and compliant with laws.

8. Lawful Data Protection Framework

  • GDPR & UK DPA 2018
  • ISO/IEC 27001-aligned
  • Consent-based collection
  • Data Processing Agreements & PIAs

9. Data Safeguarding, Transfer, and Oversight

  • AES-256 encryption at rest, TLS 1.2+ in transit
  • Penetration tests, secure APIs, cloud-native controls
  • Cross-region transfers use SCCs/IDTA

10. Data Usage Guidelines

  • Only for surveillance, investigations, AI improvement (opt-in), and compliance
  • No unauthorized data selling/sharing
  • Anonymization applied where possible

11. Collateral Intrusion Mitigation

  • Camera placement reviews & privacy masking
  • Real-time redaction and restricted access
  • Signage, consent mechanisms, and automated deletion
  • Regular privacy audits