Body-camera footage is among the most sensitive material a prosecutor's office handles. Security is not a feature bolted onto BodyCam Analytics at the end — it shaped how the product was built. This page explains, plainly, how your data is protected.
Encrypted, always
TLS in transit, AES-256 at rest — every file, every transcript, every record.
Access restricted
We don't view your footage. Admin access is minimal, MFA-protected, and logged.
Deletable on command
Remove any recording — or all of your data — whenever you decide.
1.Encryption — everything, always
In transit. All traffic between your browser, the app, and our infrastructure is encrypted with TLS 1.2 or higher. The website and application are HTTPS-only.
At rest. Every uploaded file, every transcript, and every database record is encrypted at rest with AES-256. Encryption is applied automatically by our cloud infrastructure — unencrypted copies of your footage are never written to disk.
2.We do not access your footage
BodyCam Analytics personnel do not view or listen to your footage or transcripts in the ordinary course of operating the Service. Administrative access to the systems that store customer content is:
- limited to a minimal number of administrators;
- protected by multi-factor authentication; and
- recorded in audit logs.
We access customer content only when you explicitly ask us to — for example, to help troubleshoot a specific problem you have reported — and only for as long as needed to resolve it.
3.Isolated, private infrastructure
BodyCam Analytics runs on Google Cloud in a dedicated project, kept separate from any other product. Your footage is held in private cloud storage that is not publicly accessible: every request to retrieve a file is authenticated and authorized against your account. The application, database, and storage communicate over private channels.
4.AI processing
Transcription runs on Google's Vertex AI (Gemini), on HIPAA-eligible infrastructure covered by Google Cloud's Business Associate Agreement. Your footage is sent to Vertex AI only to produce your transcripts. It is not used to train or improve any AI model, and it is not retained by the AI provider for its own purposes. See HIPAA & Compliance for more.
5.Authentication and account isolation
Sign-in is handled by Firebase Authentication, supporting email-and-password and Google sign-in. Your case data is scoped to your account — every API request is verified against your identity, and the Service is designed so that one customer can never access another customer's content.
6.Data deletion — on your command
You can delete any recording and its transcripts from within the app at any time. Deleted content is removed from active storage promptly and purged from encrypted backups within 30 days. You can request deletion of your entire account and all associated data at any time, and when you cancel your subscription you can have all of your data deleted. Exact retention periods are in the Privacy Policy.
7.Monitoring and resilience
Our infrastructure is continuously monitored. Encrypted backups guard against data loss, and access and administrative actions are logged. We apply security updates to our software and dependencies promptly.
8.Reporting a vulnerability
If you believe you have found a security issue in BodyCam Analytics, please email hello@bodycamanalytics.com. We welcome responsible disclosure and will work with you to investigate and resolve the issue.