Skip to content
Legal

Privacy Policy

Last updated: July 2026

This policy covers both this website (iosentra.com) and the IOSentra service - a health-monitoring platform for CCTV and physical-security systems. It explains what we collect, what we deliberately do not collect, and the rights you have. For data processed inside your organization's IOSentra tenant, your organization is the data controller and IOSentra acts as a processor on its behalf.

What we never collect: your footage

IOSentra monitors the health of CCTV systems - it does not record or store video. Frames fetched for image-quality checks are analyzed in memory and discarded; only a 64-bit perceptual hash (a numeric fingerprint that cannot be reversed into an image) is kept. Live snapshots are served with no-store caching. The only exception is evidence an operator deliberately attaches to an incident - a human action governed by your organization's own policy.

Information collected on this website

When you submit the contact or demo form we receive the details you provide: name, work email, company and your message (including optional fields such as role, site count and vendors). The site itself sets no tracking cookies; it uses only essential local storage for your preferences (language, cookie choice, accessibility settings) and privacy-friendly, cookieless analytics.

Information processed in the IOSentra service

To operate a tenant, the service stores account data (name, email, password hash, optional two-factor secret), session records (IP address, user agent), notification contacts (email, phone, messaging handles), free-text content in incidents and tickets, and an audit log of administrative actions (actor, IP, user agent). Device credentials for recorders and cameras are stored encrypted with AES-256-GCM using per-tenant key derivation.

How we use information

Website enquiries are used solely to respond and schedule demos. Service data is used solely to provide the service - running checks, opening incidents, sending the alerts your organization configured. We do not sell personal data, we do not use it for advertising, and we do not use it for automated decision-making with legal effect.

Retention

The service enforces retention limits automatically, per tenant: device events 90 days, alarms 365 days, incidents 730 days and audit logs 365 days by default - each configurable by your organization. Expired sessions are pruned together with their IP and user-agent records. Website enquiries are kept only as long as needed to follow up, then deleted.

Your rights (GDPR & Israeli PPL)

Subject to applicable law - including the GDPR and the Israeli Privacy Protection Law (Amendment 13) - you may request access to, a copy of, correction of, or deletion of your personal data, and object to its processing. These rights are implemented in the product itself: an administrator can export all data held about a person and perform a hard erasure that also removes the underlying identity record. Service users should contact their organization's administrator first; you can always reach us directly as well.

Tenant isolation & data residency

Every tenant's data lives in a physically separate database. Deleting a tenant drops that database entirely - true erasure. Where a data-residency region is configured, the tenant's database and file storage are pinned to that region's infrastructure, fail-closed: data cannot silently land in the wrong region, and the region cannot be changed after provisioning.

Sub-processors

We use a small number of service providers to operate: an identity provider (authentication), cloud hosting and database infrastructure, object storage (for operator-attached evidence only), and an email delivery provider. Each processes data only under contract and only as needed to provide the service.

Security

Data in transit is encrypted with TLS; device credentials at rest with AES-256-GCM. Access is governed by role-based access control with optional TOTP two-factor authentication, per-account login lockout and per-IP rate limits. Authorization headers are redacted from logs, and administrative actions are recorded in a tamper-evident audit trail.

Breach notification

The audit trail (actor, IP, user agent) is designed to support forensic reconstruction within the notification windows that apply to us and to our customers - 72 hours under GDPR and 24 hours to the authority under the Israeli PPL. If a breach affects your data, we will notify your organization without undue delay.

Cookies & local storage

This website uses no advertising or cross-site tracking cookies. Essential local storage remembers your language, cookie choice and accessibility preferences. Analytics are cookieless and aggregate.

Contact

For any privacy question or request - including data-subject requests - email support@iosentra.com and we will respond promptly.

Changes to this policy

We may update this policy from time to time. Material changes will be reflected here with a revised 'last updated' date.

Ready to take control?

Every camera records. Every device communicates. Every issue is tracked. Every ticket is resolved.

Book a demo