Privacy Policy
1. Who we are
Huvio AI provides an AI-powered surveillance monitoring platform that analyzes video streams to detect suspicious behavior and potential security incidents. When such activity is detected, the platform generates alerts for authorised users, helping organisations respond more quickly and improve loss prevention efforts.
Contact: solutions@huvio.ai · huvio.ai
2. Scope
This policy applies to account holders, administrators, invited team members, and third-party contacts (such as site supervisors or notification recipients) whose information is entered by account holders.
It covers data collected through our web and mobile applications, API, notifications, and billing systems. It does not cover video footage processed by customers on their own CCTV systems — for that data, the customer is the data controller (see Section 13).
3. Data we collect
Account & identity
When you create an account, we collect your name and email address. If you sign in via Google or Microsoft, we receive your name and email from that provider. You may optionally upload a profile photo.
Organisation & site information
Account holders provide details about their organisation (name, industry, size) and the sites they monitor (name, address, alert settings). Team members can be invited by name, email, and role — invitations expire after 90 days. Site supervisors and notification contacts are added by account holders to receive security alerts.
Camera configuration
To enable video monitoring, account holders provide connection details and authentication credentials for their cameras. These credentials are encrypted at rest and decrypted only on our servers when needed to access a live stream, run AI analysis, or deliver a security alert. They are not visible to other users and are not exposed through our APIs.
Video stream & incident data
Live video streams are accessed directly from cameras by our servers for the purpose of AI-based threat detection. Raw video is not stored continuously. When the AI system detects a potential security event, a short video clip is captured and stored in Google Cloud Storage alongside incident metadata (camera, site, time, severity). Video clips may contain images of employees, customers, or members of the public.
Access to stored incident video is restricted to authorised users within the account holder's organisation. Incident video is not automatically deleted when an account is closed — see Section 10.
Billing & payment
Payment processing is handled by Stripe, Inc. Payment card details are entered through Stripe's secure form and are never stored by Huvio. We retain billing identity (name, email), payment method tokens, and invoice records for subscription management and tax compliance. Stripe's handling of payment data is governed by its privacy policy.
Session & device data
Each login session records your device type, browser, IP address, and approximate location (country level). Sessions expire after 30 days of inactivity, and a maximum of three concurrent sessions are permitted per account.
4. How we use your data
| Purpose | Legal basis |
|---|---|
| Provide and operate the platform | Contract performance |
| Account security and authentication | Contract / Legitimate interest |
| Billing and subscription management | Contract / Legal obligation |
| Sending security alerts and account notifications | Contract / Consent (SMS & push) |
| Product analytics to improve the service | Legitimate interest |
| Customer support | Legitimate interest / Consent |
| Fraud prevention and platform security | Legitimate interest |
| Financial and tax compliance | Legal obligation |
5. AI processing & video analysis
Huvio AI uses machine learning models to analyse video streams in real time for signs of suspicious behaviour and potential theft incidents. This is the core function of the platform.
What the AI analyses
Video frames from connected cameras are processed by our AI detection models to identify behavioural patterns associated with security incidents. The AI does not perform facial recognition and does not identify or profile individuals by name or biometric data.
Where AI processing happens
AI inference runs on Huvio's own infrastructure. Video frames are not sent to third-party AI services (such as external cloud AI APIs) for analysis. Processing happens within our controlled environment and the results — incident detections — are what trigger alerts and clip storage.
Note: If this changes in the future — for example, if we integrate a third-party AI inference service — we will update this policy and notify you before that change takes effect.
How long AI-processed data is kept
Only confirmed incident clips and their metadata are stored. Frames that do not trigger a detection are discarded and not retained. Stored incident clips are subject to the retention terms in Section 9.
Human review
Incident alerts generated by the AI may be reviewed by authorised users within the customer's organisation. Huvio support staff may access incident data when assisting with a support request, with the customer's knowledge.
6. Subprocessors
We work with the following third-party providers to operate the platform. All are bound by data processing agreements.
| Provider | Purpose |
|---|---|
| MongoDB Atlas | Database storage |
| Google Cloud Storage | File and video storage |
| Stripe, Inc. | Payment processing and subscriptions |
| OneSignal | Email, SMS, and push notifications |
| Google / Microsoft | Single sign-on |
| Google Analytics 4 | Aggregated product analytics |
| Crisp | Customer support chat |
We do not use advertising networks or sell personal data to third parties.
7. Communications
Email — We send transactional emails for account verification, password reset, team invitations, security alerts, billing events, and account deletion confirmation.
SMS — SMS alerts are sent only to numbers where explicit opt-in consent has been recorded. To opt out, reply STOP to any message or update your notification preferences in the platform.
Push notifications — Security alerts are delivered as push notifications on both the web and mobile app. You can withdraw consent through your device or browser notification settings.
8. Cookies & browser storage
We use cookies to maintain your authenticated session. Authentication cookies are set with security flags that prevent them from being accessed by client-side scripts.
Your browser's local storage holds session tokens and in-progress setup data for the duration of your session. These are cleared when you log out or delete your account.
Google Analytics 4 sets its own cookies to track aggregated usage patterns. Crisp chat may also set cookies during support sessions.
9. Data retention
| Data | Retention |
|---|---|
| Account and profile data | Until you delete your account |
| Login sessions | 30 days rolling; all purged immediately on account deletion |
| Team invitations | Expire after 90 days |
| Incident video and metadata | No automatic deletion — contact solutions@huvio.aito request removal |
| Financial records (invoices) | ~7 years, anonymised, for tax compliance |
| Analytics data (GA4) | Up to 14 months |
10. Account deletion
You can delete your account at any time via Settings → User Profile → Delete Account. We will immediately deactivate your account and terminate all active sessions.
Within a few hours, we will delete your profile, remove your payment details from Stripe, and erase your push notification subscriptions. Invoice records are anonymised but retained for approximately seven years for tax compliance.
Note: Incident video recordings are not automatically deleted when an account is closed. If your organisation has other active members, incident video recordings may remain accessible to authorised users within that organisation. To request the removal of incident video data, contact solutions@huvio.ai.
11. Your rights
Depending on where you are located, you may have legal rights over your personal data. These include the right to know what data we hold about you, to have inaccurate data corrected, to request deletion of your data, to receive a copy of your data in a portable format, and to withdraw consent for processing based on consent (such as SMS and push notifications) at any time.
We honour these rights regardless of your jurisdiction. To exercise any of them, use the in-app options below or contact us at solutions@huvio.ai.
| Right | How to exercise it |
|---|---|
| Access or correct your data | Profile settings in-app, or email solutions@huvio.ai |
| Delete your account | Settings → User Profile → Delete Account |
| Export your data | Email solutions@huvio.ai — automated export is not yet available |
| Opt out of SMS | Reply STOP to any message, or update preferences in-app |
| Opt out of push notifications | Device or browser settings, or in-app notification preferences |
| Manage active sessions | Settings → Security → Active Sessions |
| Lodge a complaint | Contact your local data protection authority |
12. Security
All data is transmitted over encrypted connections. Passwords are hashed and never stored in plaintext. Payment tokens are encrypted at rest. Access to data is controlled by role-based permissions at the organisation and site level. Multi-factor authentication is available for all accounts.
Camera access credentials are encrypted at rest and are decrypted only when required to access customer video streams and provide Huvio services. Access is restricted through technical and organisational safeguards designed to limit access to authorised systems and personnel.
13. CCTV & video data
For video footage captured by cameras configured in the platform, the customer organisation is the data controller and is responsible for the lawful basis of processing, notices to individuals, and retention periods. Huvio AI acts as a data processor, handling video only on the customer's instructions. Customers must ensure their use of CCTV complies with applicable law, including displaying required notices.
Huvio AI does not perform facial recognition or retain biometric data of any kind.
14. International transfers
Our infrastructure is hosted globally, and your data may be processed in countries including the United States. We ensure that all third-party providers handling personal data are bound by appropriate data protection agreements.
15. Third-party contacts
Account holders may add contact details for individuals who are not Huvio users — such as site supervisors or SMS alert recipients. This information is used only to deliver security alerts relevant to that site.
If you have been added to a notification list and wish to be removed, reply STOP to any SMS alert, or emailsolutions@huvio.ai with your name and the organisation that added you.
16. Changes to this policy
We may update this policy periodically. For material changes, we will notify you by email and/or by an in-app notice on your next login. The effective date at the top of this page reflects the latest revision.
17. Contact
For privacy questions or data requests: