Security & Compliance

NightShield turns your existing CCTV into real-time incident detection while minimising data exposure. We collect short clips only, keep them for a short time, encrypt in transit and at rest, and restrict access with role-based controls andaudit logs hosted in UK/EU regions.

Last updated: 16 October 2025

Data flow (high level)

What happens when you paste a camera stream:

  1. Camera / NVR (on your network)
    → RTSP/ONVIF sub-stream (recommended ≤1080p, ≤15fps).
  2. Secure ingest
    → Stream is received over a secure channel into our private VPC.
  3. Detection service
    → Frames are analysed in real time; no face recognition; only event signals and a short 10–15s clip (5–7s pre/post) are produced when thresholds are met.
  4. Alert & review
    → We deliver instant alerts (SMS/push) and show the clip + metadata (time, camera label, confidence) in your dashboard.
  5. Retention & deletion
    → Clips auto-expire by default after 24–72 hours (configurable per plan). You can place a legal hold when required.

Technical Flow Diagram

flowchart LR A[Camera/NVR<br>RTSP/ONVIF] -->|Secure ingest| B((Ingest Gateway)) B --> C[Detection Engine<br>private VPC] C -->|Event| D[(Metadata Store)] C -->|Short clip 10-15s| E[(Encrypted Clip Store)] D --> F>Alert Service] E --> F F --> G[[SMS / Push / Dashboard]] E -.->|Auto-delete 24-72h| H{{Retention Policy}}

What we collect (and what we don't)

We collect (on event):

  • Short incident clips (10–15s)
  • Timestamp
  • Camera label/location (as you named it)
  • Confidence score
  • Alert recipients
  • Acknowledgement state

We don't collect:

  • Continuous video archives
  • Audio (unless explicitly enabled)
  • Payment data
  • End-customer PII

Controller/Processor: You are the Data Controller; NightShield is your Processor under the DPA.

Controls

Transport security

  • TLS 1.2+ on all public endpoints
  • Private VPC peering between internal services
  • Support for RTSP over TLS and VPN/IP-allowlisting

Encryption at rest

  • Customer data and clips encrypted with AES-256
  • Encryption keys managed by cloud KMS with strict key rotation

Access & identity

  • Role-based access control (RBAC)
  • Per-user access with strong passwords
  • 2FA recommended
  • IP allowlisting (optional)
  • Audit logs for all actions

Privacy by design

  • Short retention by default (24–72h)
  • Ability to mask camera names
  • No face recognition
  • Regional hosting: UK/EU options

Availability & resilience

  • Uptime target: 99.5% (MVP)
  • Monitoring: Comprehensive health checks
  • Backups: Daily configuration/metadata snapshots
  • Disaster recovery: Multi-AZ deployment

Recovery Objectives:

  • RTO ≤ 8 hours
  • RPO ≤ 24 hours for control plane/metadata

Vulnerability Disclosure

We welcome responsible disclosure.

  • Email security@nightshield.ai
  • Don't test against live customer venues without permission
  • Don't access, modify, or exfiltrate data you don't own
  • We aim to acknowledge within 2 business days

Compliance links

Master Service Agreement (MSA)

Data Processing Addendum (DPA)

Sub-processors

Privacy Notice

Cookie Policy

Questions?

Email security@nightshield.ai or your account team. We're happy to walk your IT/Compliance team through the architecture and controls.