Security & compliance

Your footage stayson your site. Full stop.

NAO runs entirely on an appliance behind your firewall. Video is processed, redacted, and discarded locally. Only the metadata you choose ever leaves the box. GDPR by architecture, not by policy line.

Book a demoSee data flow below
No inbound ports requiredAir-gap supportedDPA on request
Data flow

Where every frame goes — and where it doesn't.

One diagram. Cameras in, alerts and metadata out, video stays put. If you can trace a frame leaving the appliance on this diagram, we owe you dinner.

YOUR SITE · BEHIND YOUR FIREWALLCAMERAScam-01RTSP · H.264cam-02RTSP · H.264cam-03RTSP · H.264cam-04RTSP · H.264NAO APPLIANCE · 1U · ON-PREMIngestdecode · batch01Face redactin-stream02DetectPPE · zones03Rulesdedupe · alert04Local encrypted storageAES-256 · LUKS · TPM-sealedClips 30d · Metadata 13moConfigurable retentionLocal dashboard & audit logRole-based access · SAML SSOSCIM provisioningImmutable event trailNO VIDEO EVER LEAVESOUTBOUND · METADATA ONLYAlertsTeams · Slack · webhooksJSON · HTTPSEventsSIEM · MES · warehouseJSON · HTTPSLicense heartbeatoptional · HTTPS outJSON · HTTPS
Runs on the appliance
No video ever leaves the site
Outbound-only metadata & alerts
GDPR mechanics

Compliance isn't a checkbox. It's the architecture.

Every GDPR obligation has a concrete mechanism in the product — not a promise in a policy PDF.

Face redaction in-stream

Faces are blurred on the GPU before any frame touches disk or the network. The unredacted pixel never exists outside RAM.

DSAR & right to erasure

Event-level tombstoning lets you respond to a Data Subject Access Request in under 72 hours — by worker ID, by site, or by time window.

Retention policies

Configurable per stream. Defaults: 30 days for clips, 13 months for event metadata. Auto-purge runs nightly with a signed deletion log.

Lawful basis & DPIA

Template DPIA, Article 35 assessment, and worker-notice copy included. Legitimate-interest balancing test shipped with every deployment.

Network architecture

Outbound-only. Air-gap if you prefer.

The appliance doesn't need a public IP, doesn't open inbound ports, and doesn't phone home with anything more than a license token.

LAN · 10.0.0.0/16CamerasOperatorsSIEM / MESIdentity · SAMLFIREWALLNAO APPLIANCENo inbound portsTCP/443 LAN onlyTPM · Secure bootSigned OS imagelicense.www.feneclabs.comoptional
  • Inbound ports
    None required. Operator access is scoped to your LAN on TCP/443.
  • Outbound traffic
    Optional HTTPS heartbeat to license.feneclabs.com. That’s it. Block it and run offline.
  • Air-gap mode
    Offline license file, no external calls. Updates shipped as signed bundles.
  • Access control
    Role-based access, SAML SSO, SCIM provisioning, scoped API tokens.
  • Audit trail
    Every action (view, export, rule change) written to an append-only log with an operator signature.
Encryption

Encrypted in motion. Encrypted at rest. Bound to the box.

Defense in depth — not a single tunnel doing all the work.

AES-256 at rest

LUKS full-disk encryption on every appliance volume. Keys never leave the TPM.

TLS 1.3 in transit

All LAN traffic — operator, camera control, webhooks — negotiated with modern cipher suites only.

TPM-sealed keys

Disk keys are sealed to measured boot state. Pull a drive, get ciphertext. Tamper the firmware, lose the key.

Signed OS & secure boot

Every image is signed by our release key. Secure boot enforces the chain from UEFI to kernel to userland.

Certifications & roadmap

Where we are. Where we're going. Dated.

We publish the status of every framework — not just the ones we've finished.

Framework
Status
Detail
GDPR DPA
Available now
Signed DPA on request. Article 28 compliant.
ISO 45001-friendly reporting
Available now
Incident exports mapped to ISO 45001 audit sections.
CSA STAR self-assessment
Available now
CAIQ questionnaire published for prospects and customers.
SOC 2 Type II
In progress
Observation window open. Target report: Q3 2026.
ISO 27001
Roadmap
Kickoff Q2 2026. Gap analysis and ISMS scoping underway.
Pentesting & disclosure

Third parties try to break it. Every year.

Annual external penetration test by an accredited firm. Signed attestation available under NDA. Responsible disclosure welcomed — and rewarded.

  • Report a vulnerability
    Email security@feneclabs.com. PGP key on request. We respond within one business day.
  • Public policy
    Full scope, safe-harbor language, and bounty guidelines at /security/disclosure.
  • Attestation
    Latest pentest summary letter shared under MNDA. Ask your AE.
Trust center

Documents your security team will actually ask for.

Everything your InfoSec review wants, without a sales call.

Security overview (PDF)

Architecture, controls, and data flow in one document.

SOC 2 progress letter

Status of the Type II observation window.

Sample DPA

Article 28 processor agreement ready for review.

Subprocessors list

All third parties that touch customer metadata.

Architecture whitepaper

Deep dive on pipeline, inference, and storage.

Security team

Talk to our security team.

Architecture review, DPIA walkthrough, pentest letter, or just a blunt Q&A with our CISO. Bring your InfoSec questionnaire.

Book a security reviewEmail security@feneclabs.com