Data Philosophy

Privacy is architecture, not policy.

The constraints that protect individuals are built into the system design. No configuration change, no operator override, and no future commercial pressure can bypass them.

01 No raw footage stored

Frames are analysed on-device and discarded within two seconds. No video clip is ever written to disk or transmitted over the network.

02 No PII in the data estate

The pipeline carries counts, events, and trajectories. No face image, biometric hash, or individual identifier is ever part of the data structure.

03 Edge-only inference

Computer vision models run on-premises. Raw video never crosses a network boundary. Only structured intelligence leaves the site.

04 Regulatory alignment by design

PDPL, the UAE AI Charter, and SIRA requirements are satisfied by the architecture — not by a compliance checkbox on top of a fundamentally different system.

What we capture

Aggregate signals. No individual records.

Every output from the Canopy platform is a statistical aggregate or a structured event. Nothing in the data estate can be reverse-engineered to identify a specific person.

We do capture
  • Headcount per zone per time bucket
  • Entry and exit counts at zone boundaries
  • Aggregate dwell time distribution
  • Direction-of-flow vectors
  • Queue length and wait time estimates
  • Vehicle count and type classification
  • PPE compliance rate per zone (construction)
  • Attention duration per panel (OOH)
  • Occupancy percentage per space
  • Anonymised trajectory segments (per session, not per person)
We never capture
  • Face images or facial geometry
  • Biometric signatures of any kind
  • Persistent individual identifiers
  • Cross-session trajectory linking
  • Names, phone numbers, or device identifiers
  • Demographic inferences (age, gender, ethnicity)
  • Any video frame or image still
  • Audio from any source
  • Data that can re-identify an individual when combined with other sources
How we process

Five constraints baked into the inference loop.

01

Frames are never buffered to disk

The inference pipeline processes frames from a two-second ring buffer held in volatile memory. The buffer is overwritten continuously. There is no mechanism to write frames to persistent storage — the software path does not exist.

02

Trajectory tokens expire with the session

When a person moves across camera views within a single visit, Canopy uses a session-scoped token to stitch the trajectory for dwell and flow analysis. The token is generated fresh each session and cannot be linked to any prior visit. After the session ends, the token is discarded.

03

Inference outputs are immediately aggregated

Individual detection events (a single person entering zone A at time T) exist in the pipeline for less than 60 seconds before they are folded into an aggregated bucket. The raw event log is deleted after 24 hours. Downstream consumers never see individual events.

04

Demographic inference is disabled by architecture

Canopy's models do not include classifiers for age, gender, ethnicity, or any other demographic attribute. Disabling demographic inference is not a configuration setting — the capability is absent from the model architecture shipped to customer sites.

05

The intelligence cloud receives no pixels

The payload forwarded from the edge appliance to Canopy's managed cloud is a JSON structure of counts and events. There is no image attachment, no video thumbnail, and no encoded frame. The transport protocol enforces a maximum payload size that would make image exfiltration detectable and effectively impossible.

Where data lives

Jurisdiction-first. No silent data residency.

Operators select a data residency region at onboarding. That selection is honoured at the infrastructure level — not just by policy declaration.

🇦🇪
UAE (default)

Data stored in Abu Dhabi and Dubai cloud regions. Meets PDPL, DIFC Data Protection Law, and ADGM requirements. Preferred for government and sovereign developer clients.

🇪🇺
European Union

Frankfurt or Amsterdam regions for EU-based operators. GDPR-compliant data processing agreements provided as standard.

Air-gapped / on-premises

For sovereign clients with strict data sovereignty requirements, Canopy can operate in a fully air-gapped configuration. The intelligence cloud runs inside the operator's own infrastructure envelope.

Default retention schedule
Raw event log 24 hours, then deleted
1-minute aggregates 90 days
5-minute aggregates 36 months
Hourly aggregates 5 years
Daily aggregates Indefinite (operator-controlled)

Retention windows are configurable per operator contract. Deletion is physically enforced, not just flagged.

Regulatory alignment

Compliant with the frameworks our clients operate under.

PDPL
UAE Personal Data Protection Law

No personal data is processed, stored, or transmitted. Aggregate statistics are outside the PDPL's scope. Processing agreements are provided as standard for clients who require documentation of their compliance posture.

UAE AI Charter
UAE Artificial Intelligence & Advanced Technology Charter

Canopy's models are explainable, auditable, and free of demographic classifiers. No decision affecting an individual's rights or interests is made using Canopy outputs without human review.

SIRA
Security Industry Regulatory Agency (Dubai)

Canopy's edge appliances are installed in CCTV infrastructure subject to SIRA licensing. The platform does not interfere with the operator's primary security CCTV function and does not redirect footage outside the licensed control room.

GDPR
General Data Protection Regulation (EU)

Aggregate intelligence metrics are outside GDPR's personal data definition. For EU clients, standard data processing agreements are provided. EU data residency is available as described above.

"The surveillance economy trades privacy for scale. We made a different bet: that intelligence built on aggregate signals — not individual surveillance — is not only more ethical, but more commercially durable. Regulators will not reverse course. The operators who build on privacy-preserving infrastructure today will not face a compliance retrofit tomorrow."

— Remi, Founder & CEO, Canopy Tech

Questions about how your data is handled?

We walk every prospective client through our data architecture before any commercial agreement. No NDAs required for the technical walkthrough.

Book a technical briefing