Compliance

Facial recognition is one of the most heavily scrutinised technologies under UK data protection law. This page summarises your responsibilities; it is not legal advice. Read the full documents under /legal and take your own advice.

Who is responsible for what

• You are the data controller for the recognition you operate. The lawful basis, DPIA, signage, and data-subject rights are your responsibility.
• Pariah is your processor, governed by the Data Processing Agreement.

Before you process anyone

1. Lawful basis + condition. Establish a UK GDPR Article 6 basis and an Article 9 condition for special-category biometric data. See the Legal Basis Guidance.
2. DPIA. Complete a Data Protection Impact Assessment — mandatory for facial recognition. Use the DPIA template.
3. Notice. Put up clear signage and a privacy notice wherever you monitor.
4. Proportionality. Only enrol individuals you can lawfully process, justify each entry, and set sensible retention.

How the platform helps

• Continuous detection runs locally on the NVR, minimising cloud exposure of biometric data.
• Configurable retention for detections, search logs, incidents, and audit logs.
• Role-based access and audit logging.
• Legal acceptance of the Terms, DPA, and AUP is required during onboarding and tracked per organisation under Settings → Legal & Compliance.

Data-subject rights

You must handle access and erasure requests — including for individuals on a watchlist. Retention settings and profile management in the dashboard support this, but the obligation is yours.

The documents

Terms of Service · Privacy Policy · DPA · Acceptable Use Policy · Legal Basis Guidance · DPIA template · Cookie Policy