Security & data
Plain-language overview for IT and procurement. Legal agreements govern specifics.
Data categories
Images, weights, timestamps, device metadata, classification results, and user accounts for the dashboard. We do not process guest payment card data in Culinairia.
Processing locations & retention
Primary processing in the cloud region chosen in your contract (EU and US deployments available). Edge devices retain a bounded buffer for offline sync; detailed retention and deletion schedules are in the DPA.
Encryption
TLS for data in transit between devices, applications, and providers. Object storage and databases use provider-managed encryption at rest aligned to industry practice.
Access control
Role-based access and least privilege for staff accounts. Customer-visible audit trails and enterprise logging are delivered per package—roadmap items are labeled as such in proposals.
Incident response
Report suspected issues via the security contact in your agreement or through sales. We coordinate comms and timelines per contract—notifying regulators or individuals is handled per applicable law and your instructions where relevant.
Customer responsibilities
Physical security of installed devices, site network policies, staff training on lawful capture, and ensuring notices or consents meet your jurisdiction—especially where staff or guests may appear incidentally in frames.
Subprocessors
We use vetted providers for hosting, email delivery, CRM/automation, and optional analytics. Representative vendors are listed in the table below; the authoritative list ships with your DPA and is reviewed when vendors change.
| Vendor / service | Purpose | Typical region / notes |
|---|---|---|
| Cloud IaaS / PaaS (e.g. AWS, GCP) | Application hosting, databases, queues | Region per contract |
| Object storage (S3-compatible) | Frame and artifact storage | Same region as workload |
| Email provider (e.g. Resend) | Transactional email, lead notifications | EU/US send regions configurable |
| CRM / automation (your stack) | Lead routing via webhook | Customer-controlled |
| Analytics (e.g. Plausible) | Privacy-oriented web analytics | Optional; EU-hosted options |
Downloads & DPA
Use the one-pager for internal IT packets. Executed DPA and subprocessors schedule are provided during procurement.