GDPR Related
      Back to home
      1. Help Center
      2. Privacy and IT Security
      3. GDPR Related

      What Technical and Operational Measures (TOMS) does EVERYANGLE have in place to protect the Confidentiality, Integrity and Accuracy of the data it processes?

      Purpose

      This document details at a high level the Technical and Operational measures that EVERYANGLE employs to ensure the confidentiality, integrity and availability of personal data that EVERYANGLE processes as part of the data analytical services it provides to its customers.

       

      High Level description of the processing involved

      EVERYANGLE uses machine learning Computer Vision models to extract data from CCTV cameras and, where appropriate, combines it with data from other sources to provide powerful analytics to our customers. In doing so it acts a data processor to the customer who is the data controller.

      The nature and extent of the personal data processed by EVEYANGLE on behalf of its customers is limited to images of individuals. These images are analysed in order to extract information such as the age group the individuals belong to, their gender, how long they dwell in a particular zone and so on. This data is anonymised and there is no means of accessing the data that is collected about a given individual because the data gleaned from an image of a person is not stored with that image. In fact, after a default period of 2 days the processed images are deleted while the anonymised data is retained indefinitely.

      The storage of the images on the cameras from which they were collected is of no importance to EVERYANGLE and the retention period is normally determined by its use for other purposes such as safety and security.   If not required for other purposes then cameras may be set not to record at all and they will still work perfectly well with the EVERYANGLE applications.

      Processing is either done in the cloud or using on prem edge devices.  Below is a representation of the data flows when processing is done in the cloud.

      The Camera Recorder captures images from the Meraki camera and stores them for a maximum of 2 days on S3 buckets in AWS. The EVERYANGLE Artificial Intelligence Servers, also running in the cloud, process the images stored in the S3 buckets. Depending on the application this is done on a continuous basis or at the end of the working day. The data generated by this this processing is stored in a database in AWS (separate databases for every customer) where it is available for display in our data visualization platform known as the EVERYANGLE Portal.

      Processing is performed in the cloud meaning that the only part of the infrastructure that is physically present on the premises is the camera and the data on the cameras is encrypted.

       

      Authentication and Access Control measures

      Users may log in to the portal using a registered email address and password with a two factor authentication in place by means of a code sent to the email address in question

      Users may also log in by means of SSO if applicable.

      Trust boundaries are defined whereby user access may be restricted to defined levels within the organisation and to specific dashboards only.

      A strong password policy is in place with password requirements consisting of

      At least 8 characters,      

      At least 1 lower case letter    

      At least 1 upper case letter  

      At least 1 number or symbol  

      Three failed attempts and account is permanently locked to prevent brute-force attacks.



      Network Security
      Network boundaries are protected by firewalls. The EVERYANGLE firewall infrastructure is designed to ensure the security and integrity of our platform and the data it processes. The nature and scope of our firewalls include:

      1. Perimeter Firewalls: We deploy robust perimeter firewalls at the network edge to safeguard against unauthorized access from the internet. These firewalls use state-of-the-art packet filtering and deep packet inspection techniques to scrutinize incoming and outgoing traffic, allowing only legitimate and authorized connections.
      2. Application Layer Firewalls: Our firewall setup includes application layer filtering to analyze and control traffic based on specific application protocols. This enhances security by identifying and mitigating potential threats at the application level.
      3. Intrusion Prevention: Our firewalls are equipped with intrusion prevention systems (IPS) that actively monitor network traffic for suspicious patterns and known attack signatures. This helps us detect and block malicious activities in real-time.
      4. Virtual Private Network (VPN) Firewalls: For secure communication between different components of our SaaS infrastructure, we utilize VPN firewalls. These firewalls establish encrypted tunnels, ensuring the confidentiality and integrity of data transmitted within our network.
      5. Micro-Segmentation: Within our SaaS environment, we implement internal firewalls to create network segments, enhancing security by controlling communication between different parts of our infrastructure. This approach limits the potential impact of a security breach.
      6. Traffic Monitoring and Logging: Our firewalls maintain detailed logs of network traffic, including allowed and blocked connections. This enables us to perform thorough analysis, audit network activity, and respond promptly to any security incidents.
      7. Regular Updates and Patching: We ensure that our firewalls are kept up to date with the latest security patches and firmware updates. This proactive approach helps us address vulnerabilities and maintain a strong defense against emerging threats.
      8. Security Policy Enforcement: Our firewall configuration is based on comprehensive security policies that define how traffic is handled and which connections are permitted. These policies align with industry best practices and compliance standards.
      9. Scalability and Redundancy: Our firewall infrastructure is designed to scale as our SaaS platform grows. We incorporate redundancy and failover mechanisms to ensure continuous protection even in the event of hardware or network failures.

       

      Data Protection

      Data is encrypted both in transit and at rest.

      1. Encryption at rest.
      2. Images, AWS S3. Server-side encryption with AWS KMS keys.
      3. Databases, AWS RDS. Data, logs, backups, and snapshots are encrypted with AWS KMS keys.
      4. Servers, AWS EC2 and AWS EBS. Data, logs, backups, and snapshots are encrypted with AWS KMS keys.
      5. Encryption/keys are managed by the AWS KMS.

       

      1. Encryption in transit.

             Always redirected and enforced traffic with TLS 1.2/TLS 1.3.

       

       

      Back up and recovery

      Data, server and database backups are managed in AWS using AWS backup functionality. EVERYANGLE employs a strict backup and recovery policy that enforces weekly backups of their critical information, including their proprietary servers, source code repositories, software documentation, communication artifacts, etc.

      Data is backed up to an AWS date centre that is separate from the production data centre while within the same geographic area.