Data Philosophy
The constraints that protect individuals are built into the system design. No configuration change, no operator override, and no future commercial pressure can bypass them.
Frames are analysed on-device and discarded within two seconds. No video clip is ever written to disk or transmitted over the network.
The pipeline carries counts, events, and trajectories. No face image, biometric hash, or individual identifier is ever part of the data structure.
Computer vision models run on-premises. Raw video never crosses a network boundary. Only structured intelligence leaves the site.
PDPL, the UAE AI Charter, and SIRA requirements are satisfied by the architecture — not by a compliance checkbox on top of a fundamentally different system.
Every output from the Canopy platform is a statistical aggregate or a structured event. Nothing in the data estate can be reverse-engineered to identify a specific person.
The inference pipeline processes frames from a two-second ring buffer held in volatile memory. The buffer is overwritten continuously. There is no mechanism to write frames to persistent storage — the software path does not exist.
When a person moves across camera views within a single visit, Canopy uses a session-scoped token to stitch the trajectory for dwell and flow analysis. The token is generated fresh each session and cannot be linked to any prior visit. After the session ends, the token is discarded.
Individual detection events (a single person entering zone A at time T) exist in the pipeline for less than 60 seconds before they are folded into an aggregated bucket. The raw event log is deleted after 24 hours. Downstream consumers never see individual events.
Canopy's models do not include classifiers for age, gender, ethnicity, or any other demographic attribute. Disabling demographic inference is not a configuration setting — the capability is absent from the model architecture shipped to customer sites.
The payload forwarded from the edge appliance to Canopy's managed cloud is a JSON structure of counts and events. There is no image attachment, no video thumbnail, and no encoded frame. The transport protocol enforces a maximum payload size that would make image exfiltration detectable and effectively impossible.
Operators select a data residency region at onboarding. That selection is honoured at the infrastructure level — not just by policy declaration.
Data stored in Abu Dhabi and Dubai cloud regions. Meets PDPL, DIFC Data Protection Law, and ADGM requirements. Preferred for government and sovereign developer clients.
Frankfurt or Amsterdam regions for EU-based operators. GDPR-compliant data processing agreements provided as standard.
For sovereign clients with strict data sovereignty requirements, Canopy can operate in a fully air-gapped configuration. The intelligence cloud runs inside the operator's own infrastructure envelope.
Retention windows are configurable per operator contract. Deletion is physically enforced, not just flagged.
No personal data is processed, stored, or transmitted. Aggregate statistics are outside the PDPL's scope. Processing agreements are provided as standard for clients who require documentation of their compliance posture.
Canopy's models are explainable, auditable, and free of demographic classifiers. No decision affecting an individual's rights or interests is made using Canopy outputs without human review.
Canopy's edge appliances are installed in CCTV infrastructure subject to SIRA licensing. The platform does not interfere with the operator's primary security CCTV function and does not redirect footage outside the licensed control room.
Aggregate intelligence metrics are outside GDPR's personal data definition. For EU clients, standard data processing agreements are provided. EU data residency is available as described above.
"The surveillance economy trades privacy for scale. We made a different bet: that intelligence built on aggregate signals — not individual surveillance — is not only more ethical, but more commercially durable. Regulators will not reverse course. The operators who build on privacy-preserving infrastructure today will not face a compliance retrofit tomorrow."
— Remi, Founder & CEO, Canopy Tech
We walk every prospective client through our data architecture before any commercial agreement. No NDAs required for the technical walkthrough.
Book a technical briefing