Privacy & Security

Anonymous in-store analytics with enterprise-grade security.


Aura Vision was founded on the notion of protecting customer and employee privacy. That's why we build our products using a privacy-by-design approach — our unique insights are not only incredibly powerful, they're also 100% anonymous.


100% Anonymous

Aura Vision never stores or transmits personal data from video cameras. This allows Aura Vision to be deployed in public spaces and retail stores in any country, as it complies with the world's most stringent personal data regulations.

Video is turned into anonymous count analytics by APUs on-premise and discarded immediately during normal operational. Only anonymous count analytics are then transferred to Aura Vision's cloud Insight Platform.


No customer sign-up

Because Aura Vision doesn't store or transmit personally identifiable information (PII) there is no need for customers or employees to sign-up to additional T&Cs or sign-in to a WiFi landing page.

Instead, a small sign notifying customers about the purpose of collecting analytics at the entrance of the location is usually sufficient to comply with privacy regulations.



In 2018 the European Union adopted the General Data Protection Regulation (GDPR) which has since become the leading benchmark for privacy compliance worldwide.

That's why we closely follow GDPR principles and a privacy-by-design approach to processing video and personal data. Aura Vision acts as a Processor with relation to GDPR standards. To learn more read our Data Protection Impact Assessment (DPIA).



Aura Vision is also compliant with the California Consumer Privacy Act (CCPA), which went into effect in 2020 to give consumers more control over the personal information that businesses collect about them.


Face blurring

Aura Vision incorporates face-blurring technology at source, to remove any identifiable information and meta data as soon as the video is processed. This ensures any images shared with our team of Computer Vision experts for training and auditing has already been anonymised and cleaned of any personal data.


edge processing

Our APUs process all video on-device and only transfer anonymous count analytics to our cloud Insight Platform. This not only minimises upload bandwidth, but also prevents the transfer of any personal data during normal operation.


No sensitive data

Aura Vision never collects sensitive types of personal data, classed as Special Categories of Personal Data under GDPR.


clean heatmaps

Heatmaps and camera thumbnails viewable on the Insight Platform dashboard are 'pre-cleaned' to remove any visible person before being uploaded.

APU Security

The Aura Processing Unit (APU) is built with the latest industry-standard best practices for data protection and security, covering every element of the hardware, software and networking infrastructure.


Trusted Manufacturers

Our device hardware is manufactured by trusted partners who adhere to the same stringent security policies that we do.


Firmware Signing

All software shipped to our APUs is 'signed' with Aura Vision's secret key. That means nobody can run code on our devices but us.


Over-the-air Updates

Aura Vision's APUs automatically apply firmware updates during off hours (to keep bandwidth usage low). All our devices run the latest version of Ubuntu Core 18, one of the most secure operating systems available, and we use Canonical Snapcraft to securely deploy all of our own software updates.


encrypted filesystem

The root filesystem on the Aura Vision APU is encrypted, and a dedicated 'confined memory space' is allocated to temporarily store video and analytics data. Only software signed by Aura Vision be executed on the device and only authorised applications are able to read the filesystem and confined memory space.

Network Security

Network security is one of the most critical components for any cloud-connected infrastructure. At Aura Vision, we've covered all the bases to ensure that your data is protected as it’s transferred over the network.


End-to-end data encryption

All data communicated between our cloud platform and APUs is encrypted with AES 128 standards and transferred using HTTPS over TLS v1.2 exclusively.

Once in our cloud platform, all data is encrypted at rest using AES 256, one of the most cryptographically secure industry-standard encryption algorithms.


Amazon Web Services

We use Amazon Web Services (AWS) to host all our web services and business logic, including our Insight Platform. AWS features the best data security and reliability in the world. Read more about AWS Cloud Security.


No inbound connections

Aura Vision follows industry best practice when it comes to designing our network communication processes. Our APUs don't accept inbound connection requests so bad actors can't alter our device software remotely.


No port-forwarding

Solely communicating over HTTPS means that all of our data enters and exits through the secure Port 443. We never require port-forwarding, so bad actors can't access your store network in unexpected ways.

Account Security

Aura Vision's security measures extends to each user who logs into our software. We give you the tools you need to control who has access to your system, and what they do with that access.



We partner with Auth0, the most trusted authentication provider in the industry to enable a range of sign-in options including SSO, LDAP and Multi-Factor authentication.


Role Based Access Control

Easily customizable permission levels can be set to give specific users access to the dashboard, API environment as well as team management.


Data access

All data is secured and can only be accessed with encrypted tokens, either through our dashboard or API.