BodyCam Analytics is built for legal professionals, and the footage they handle can be highly sensitive — sometimes capturing health information. This page explains how BodyCam Analytics approaches HIPAA and broader data-protection compliance.
1.When HIPAA may apply
HIPAA governs “protected health information” (PHI) held by healthcare providers, health plans, and their business associates. Most body-camera footage in a criminal matter is not PHI. But footage can incidentally capture health information — a medical episode, an injury, treatment by paramedics. Where a customer's use of BodyCam Analytics involves PHI such that HIPAA applies, the protections described below are designed to support that compliance.
2.HIPAA-eligible infrastructure
BodyCam Analytics is built on Google Cloud. The Google Cloud services we use to store and process footage — including Cloud Storage and Vertex AI — are HIPAA-eligible and covered by Google Cloud's Business Associate Agreement. The infrastructure that holds and processes your data is therefore operated under HIPAA-grade contractual safeguards.
Encrypted, never accessed for other purposes, and deletable by you. Your footage is encrypted in transit and at rest, is not viewed by our personnel in the ordinary course of operating the Service, is never used to train AI, and can be deleted by you at any time — including in full when you cancel your subscription.
3.Business Associate Agreements
Where a law firm or organization requires a Business Associate Agreement (BAA) to use BodyCam Analytics in compliance with HIPAA, we will enter into one. Contact us at hello@bodycamanalytics.com to request a BAA.
4.Safeguards
Our safeguards map to the three categories of the HIPAA Security Rule:
Technical safeguards
- Encryption of all data in transit (TLS 1.2+) and at rest (AES-256).
- Authenticated and authorized access to every file — each request is checked against your account.
- Account-scoped isolation, so one customer cannot reach another's content.
- Audit logging of access and administrative actions.
Administrative safeguards
- Least-privilege access, limited to a minimal number of administrators.
- Multi-factor authentication on administrative access.
- A standing policy that personnel do not access customer content except at the customer's request.
Physical safeguards
- Footage is stored in Google Cloud data centers, which maintain physical-security and environmental controls and hold independent compliance certifications.
The Security page covers these in more technical detail.
5.Subprocessors
We use a limited set of vendors to operate the Service — Google Cloud, Firebase Authentication, Stripe, and Resend. The vendors that handle case content do so under their own data-protection and, where applicable, HIPAA commitments. The current list is maintained in our Privacy Policy.
6.Broader data-protection principles
Beyond HIPAA, we apply core data-protection principles to all customer data: we collect only what we need, use it only to provide the Service, never sell it, never use it to train AI, and let you delete it at any time. These principles align with the expectations of modern privacy laws, including U.S. state privacy statutes.
7.Your professional responsibilities
BodyCam Analytics is a tool that supports your work; it does not replace your own professional and ethical obligations. Attorneys remain responsible for their duty of confidentiality, their duty of technological competence, and any client-specific or court-imposed handling requirements for the evidence they process. Our aim is to give you infrastructure you can rely on while meeting those duties.
8.Contact us
Compliance questions, or to request a Business Associate Agreement, email hello@bodycamanalytics.com.