Sightcorp algorithms can detect the presence of a person in an image, (potentially collected by any optical sensor) and estimates anonymous metadata by analyzing image patterns.
Starting from the image patterns, our technology can estimate the demographics (gender, age, ethnicity* ), 6 facial expressions, and direction of interest (eye and head tracking) of the detected people in front of the optical sensor. (*the ethnicity feature is not available in the EU)
As we are aware of the potential privacy issues arising from the use of our technologies, we designed our technology from the ground-up with the user privacy in mind: All metadata is extracted in real time from a single frame, and no visual information is stored in the long-term memory after processing. Sightcorp internally stores and tracks a signature of the processed face, in order to avoid double-counting the same individual. This signature cannot be accessed by anyone, and it is internally overwritten as new people enter the scene (short-term memory).
No visual information can be extracted from the metadata, and the images are discarded directly after processing. Therefore, it is impossible to recreate the visual representation of the person by using our solutions, or starting from its output. This means that our face analysis technology does not allow for identity recognition, multi-camera tracking, and repeated visits detection.
EU Privacy Regulation
Sightcorp solutions comply with EU current regulations with regards to Data privacy.
This is because the data generated by our software is not considered “personal data” as defined by the European Directive 95/46/EC as “information relating to an identified or identifiable natural person (“data subject”); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity;” (art. 2 a).
Currently, regulations and legislation might vary country by country. Starting from the 25th of May 2018, a new data protection law (GDPR) will be applied, unifying data protection regulations across the 28 EU member states, allowing for easier certification and operation throughout Europe.
Server Communication and Data Storage
- CrowdSight/InSight SDK: As the analysis is preformed locally, the processed metadata is only made available on the device that processed the image. Besides licensing information, no information is transferred to our server.
- CrowdSight Toolkit: By enabling the socket output, the anonymized metadata is made available to the machine and to any device and people with network access to the machine. Note that enabling “send processed image data via socket” might expose the video stream to anyone with network access to the machine.
- CrowdStats: In case the local statistics are submitted to our web service (by enabling the option in the toolkit), the customer can collect, access and download the anonymized metadata from our web service. Any communication with the reporting service is encrypted using SSL, and the data is only made accessible to the client using secure login information.
- Web API: The web API requires an image submitted via internet to our web service in order to be processed. In order to protect from possible interceptions, all communication is encrypted using SSL. By using our web API, the user grants Sightcorp permission to use the submitted picture to improve the accuracy of its algorithm. Sightcorp commits to never share or sell the submitted image with third parties.