We know how important your data is, and we take its security and privacy very seriously. This document provides a deep dive into our security practices.
Nirovision was designed and built with privacy in mind.
An Identity can have as much useful information as you like, which can be visible to an operator using the Nirovision applications. Conversely, an Identity can remain completely anonymous, including only a gallery of faces to perform facial recognition.
Each time you select a face to create or update an Identity, Nirovision extracts its facial features and generates an embedding - a random numeric sequence that is non-identifiable on its own, and cannot be reversed-engineered back into a photo.
Our ML algorithms are developed in-house and constantly improved. We release updates to our recognition models regularly - this is unique in the industry, as typically you buy a frozen model with no easy way to upgrade.
Facial recognition works by looking for a ‘match’ against a database of embeddings. If there is no match then that face is classified as unknown, ignored and eventually discarded. So if you haven’t opted in or been added to a particular facial recognition database, then you cannot be identified by any Nirovision system.
Find more information, including our Privacy FAQs in our Help Centre.
Biometric data is sensitive information, and we take every measure to protect it.
Nirovision leverages world-class technology partners that meet the strictest compliance standards.
Our cloud infrastructure provider is AWS. All client data, including thumbnails, results and metadata is stored and encrypted in disparate cloud systems, built on the Asia Pacific (Sydney) region of the AWS (Amazon Web Services) platform. Nirovision stores data solely in Australia.
Our authentication partner is Auth0, an industry-leading identity management platform. Nirovision offers RS256 signed JWTs for authentication via Auth0, in line with OIDC compliance.
Nirovision applications are accessed via HTTPS using Transport Layer Security (TLS). TLS is a cryptographic protocol designed to protect information transmitted over the internet against eavesdropping, tampering, and message forgery - the same protocol used to encrypt internet banking transactions in Australia.
Keep operating systems, browsers, applications and plugins up-to-date with patches and fixes by updating them regularly.
We recommend each user has a unique account with a strong password. Password protection strategies and raising staff awareness about the importance of protecting credentials can greatly reduce the risk of data breaches.
Find more prevention techniques recommended by Australia’s leading agency on national cybersecurity, the Australian Cyber Security Centre (ACSC), on the OAIC's website.
How does Doorkeeper work?
What data is needed to operate?
How secure is my data?
Where does my data live?
Is my data available to 3rd parties?
Can I correct data about me?
What happens if my appearance changes?
The idea of being identified by facial recognition software can make some people feel uneasy because a face is very personal to an individual. Yet facial recognition technology can be deployed securely and privately.
The Data Futures Partnership found that being transparent about how data is proposed to be used is a crucial step towards community acceptance. This has been our experience too. If you clearly explain the reasons for using facial recognition (think security and safety), where data will be stored and what safeguards will be taken to protect that information, then people are more inclined to accept the technology.
This article contains answers to the most pressing questions, but you should also check out the following content:
We commissioned an expert lawyer to develop a comprehensive guide about Australian Privacy Laws in relation to facial recognition software.