❕oculai is used either as a webcam for documentation or additionally for AI-supported process monitoring (monitoring of processes and progress).
Data Privacy
Purpose of using oculai
AI-supported process monitoring serves, among other things, process analysis/optimization, automated planned/actual comparison, relieving site management (e.g. daily construction reports/remote access), as well as better productivity rates and schedule planning.
Camera functions (webcam use) serve documentation (quality assurance/verification), remote monitoring, and time-lapse creation.
What personal data is collected?
Account data (web app users): First name, last name, email address
Image data:
With active person blurring/pixelation: No personal data is collected.
Without person blurring/pixelation: At distances > 18 m, with 5MP resolution, according to research findings, no biometric features and thus no direct personal data can be collected. Indirect identification is possible if there is a personal connection between the observing person and the person being filmed.
Where does the blurring/pixelation take place? Can it be reversed?
The blurring/pixelation is set "programmatically" on the cloud servers and cannot be reversed by the user.
Sample recordings with and without person blurring/pixelation
Left: Detected persons Right: Image after blurring/pixelation
Does the AI collect personal data?
No. From the information captured by the AI (e.g. process type, section, floor/level, date, duration, number of persons), according to your description, no individual identification "by an algorithm" is possible.
Important: The camera images themselves can still result in personal data if person blurring/pixelation is not activated.
Are public areas hidden?
Yes. Public or external areas can be hidden. The masking is applied on the camera and is irreversible. The areas are defined by the customer.
Recording frequency and retention period
Resolution: 5 MP (1920 x 2560 pixels)
Live stream frequency (not permanently stored): 1 image/1 second
Daily time-lapse frequency (camera feature with highest frame rate & permanently stored): 1 image/5 seconds
Continuous activity: 24h/7d (during the contract period)
❕Retention period
The original video stream is stored for 4 days unless otherwise agreed. Image gallery, time-lapse, and process data remain permanently stored. At least for the duration of the contract.
Can camera recording areas be changed? Is there zoom?
The recording area is "not controllable". Zoom is possible but is only set statically by oculai. An unwanted change leads to an immediate error message at oculai.
Who has access to the recordings?
Only the authorized project participants have access. The access policy is defined via admin rights in user management.
Where are images stored and how are they deleted?
The recordings are stored at the server provider AWS for the period required by the responsible operator and are permanently deleted upon request of the responsible operator.
Data Security
Where is the data located? Who operates the servers?
The servers are located in Frankfurt (DE), operated by Amazon Web Services EMEA SARL, German branch
How is encryption implemented?
"At rest": Storage with AES-256 at AWS (KMS).
"In transit": Transmission via TLS 1.2+ (platform transmission).
How is access protected?
We work with strict access controls and organizational measures, including:
Individual user accounts, restricted admin rights, and separate administrative accounts.
Remote access only via VPN; 2FA mandatory (optionally passkeys).
Additionally: access to recordings is exclusively for authorized project participants.
What technical and organizational measures (TOMs) are implemented?
Examples (excerpt):
Physical access controls (e.g. ID/chip card, key issuance) and door security.
Password procedures (special characters, minimum length, regular changes), encryption of data carriers, firewall deployment, documentation of retrieval/transmission programs.
Backup procedures including RAID/mirroring, separate storage, virus protection/firewall, and measures for rapid recovery.
Uninterruptible power supply (UPS) for cloud servers.
Regular review/assessment (data privacy management, order control).
What certifications/standards are in place?
oculai itself is not certified, as no own server infrastructure is operated. Our server service provider AWS is certified according to, among others, ISO/IEC 27001, 27017, 27018, 22301, 9001 as well as SOC1; additionally there is a BSI C5 report/attestation (retrievable via AWS Artifact).
Further Information
Who owns the data?
The customer owns the data. oculai receives usage rights to process the data and train the AI.
More at: https://www.oculai.de/agb
Is there a sample signage template for video surveillance on the construction site?
A signage template can be downloaded here: