Effective date: September 4, 2025
Last updated: September 4, 2025
AlBaseer ("AlBaseer," "we," "us," "our") provides AI-powered security solutions for homes, offices, and other establishments, including our mobile apps, website at albaseer.app, on-premises server/appliance software, and connected services (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect personal information, and what choices you have.
If you do not agree with this Policy, please do not use the Service.
1) Who we are and roles
For the website, accounts, billing, and support, AlBaseer is the data controller.
For deployed security systems (e.g., cameras, facial recognition, license plate recognition) used by a household or organization:
Typically you (the owner/operator) are the data controller for video/audio and related metadata captured on your premises.
AlBaseer acts as a processor/service provider, processing data on your behalf under your instructions (e.g., configuration you set in the app).
2) What we collect
A. Account & Contact Data
Name, email, phone number, password hashes, profile photo (optional), language/locale
Emergency contact numbers you provide for alerts/calls
B. Subscription & Payment Data
Plan, status, invoices, partial payment info (tokenized via payment processor)
We do not store full card numbers; payments are handled by a PCI-DSS compliant processor
C. Device & App Data
Device identifiers, app version, OS, crash/diagnostic logs, and basic telemetry
System configuration (armed/disarmed schedules, zones, rules you set)
D. Network & Service Data
IP addresses, approximate location (derived from IP or device), timestamps, security events, and API request logs
E. Security Video/Audio/Images & Event Metadata
Default design: on-prem/edge processing. Video frames are analyzed locally to detect people/human motion and other events
Event data (timestamps, category, camera ID, zone, confidence) and clips/snapshots may be generated locally and stored locally per your retention settings
Optional: If you enable remote access, cloud backup, or off-site notifications, relevant data (e.g., event thumbnails, short clips, or metadata) will be transmitted to our cloud or trusted providers you select
F. Facial Recognition & Biometric-Adjacent Data (Optional Feature)
If you enable facial recognition, the system may generate face embeddings/templates to recognize authorized/unrecognized persons
By default, we design these to be stored and matched locally on your secured on-prem server. Upload to cloud occurs only if you enable it
You can add/remove enrolled faces and adjust retention
G. License Plate Recognition (Optional Feature)
If enabled, the system may capture plate numbers and event metadata (time, location/camera, zone, rule match), stored locally by default
H. Communications
Messages and content you send us (support requests, feedback), and marketing preferences
Sensitive information: Facial templates, video/audio of individuals, and license plates can be sensitive. Use clear signage where required, set appropriate retention, and manage authorized user access.
3) How we use information (purposes & legal bases)
Core Purposes
Provide, secure, and maintain the Service and your deployed system
Detect and verify events (e.g., human motion) and trigger configured responses (hooter, lights, notifications, calls, alerts to authorities/housing society if configured)
Manage accounts, subscriptions, and customer support
Improve accuracy and reliability (model updates, diagnostics in aggregated/de-identified form where feasible)
Prevent abuse, fraud, and unauthorized access; audit and safety
Optional Purposes (only if you opt in)
Cloud backup/remote viewing/event sync
Facial recognition and license plate recognition
Marketing communications (you can unsubscribe anytime)
Legal Bases (GDPR/UK GDPR where applicable)
Performance of contract (to deliver the Service you requested)
Legitimate interests (security, fraud prevention, service improvement, safety)
Consent (optional features like facial/plate recognition or marketing)
Legal obligations (tax, accounting, compliance)
4) On-prem by default, cloud optional
Local/Edge First. Event detection and analytics run on your on-prem server/appliance without requiring continuous internet.
When data leaves your premises: Only if you enable remote features (e.g., cloud notifications, telephony calls, cloud storage/backup, remote viewing), necessary data is securely transmitted to our cloud or third-party processors to complete those functions.
You control these settings in the app.
5) Sharing and disclosures
We do not sell personal information. We may share:
Service Providers/Processors (bound by contract):
Cloud infrastructure & storage (e.g., AWS/GCP/Azure — configure/confirm provider & region)
Push notifications (e.g., Apple/Google push)
SMS/voice calls (e.g., telephony provider)
Payment processing (e.g., Stripe)
Error/crash analytics (e.g., Sentry/Firebase Crashlytics)
Other Disclosures:
Authorities/Housing Society (if you enable it): We can notify designated contacts or authorities you configure during a confirmed event
Legal compliance & safety: To comply with law, respond to lawful requests, enforce our terms, or protect rights, property, or safety
Business transfers: In a merger, acquisition, or sale of assets, subject to continued privacy commitments
Note: The specific vendors and regions can be configured and may vary. We maintain contracts and require appropriate security safeguards.
6) International data transfers
Depending on your settings and location, data may be processed in or transferred to countries other than where it originated. We use safeguards such as contractual clauses and security measures. For KSA deployments, we support local processing and can restrict transfers unless you explicitly enable remote/cloud features or local law permits.
7) Data retention
Account & billing data: kept while your account is active and as required for legal/accounting obligations
System video/clips/logs: configurable by you (e.g., rolling retention). If unset, we keep the minimum necessary to operate the Service and your configured features
Facial templates/plate data: retained only while the feature is enabled and as per your settings; deleting an enrolled face removes its template
Support communications: retained as needed to assist you and improve service
When no longer needed, we delete or de-identify data unless law requires otherwise.
8) Your choices & controls
Enable/disable features: facial recognition, license plate recognition, cloud backup, remote viewing, authority notifications
Retention settings: choose how long to keep local video/clips/logs
Access control: add/remove users, set roles, and require strong passwords/2FA (if enabled)
Notifications: choose push/SMS/voice/email contacts
Marketing: opt out via email footer or in-app
9) Your privacy rights
Depending on your location, you may have rights to:
Access: know what data we hold about you
Rectify: correct inaccurate data
Delete/Erase: request deletion where applicable
Restrict/Withdraw consent: for optional features/marketing
Object to processing (where based on legitimate interests)
Data portability: obtain a copy in a portable format
To exercise rights, email [email protected]. We may verify your identity. Some requests must be directed to the system owner/controller (e.g., your employer or building association).
Region-specific notes (summary, not legal advice)
EU/UK GDPR: You may contact your data protection authority. If we rely on consent, you can withdraw it at any time
KSA PDPL: We minimize processing, honor local-hosting preferences, and (where applicable) seek approvals/consents for transfers outside KSA
Pakistan: We apply high standards broadly and will align with applicable data protection laws as they are enacted/updated
California (CCPA/CPRA): We don't "sell" personal information. We may "share" limited identifiers with processors for service delivery; you can opt out of cross-context behavioral advertising (we currently do not engage in targeted ads). You have rights to know, delete, correct, and limit use of sensitive personal information
10) Security
We employ administrative, technical, and physical safeguards, including:
Encryption in transit (TLS) and at rest (where applicable)
On-prem processing by default; minimal data leaves your premises unless you choose otherwise
Access controls, least-privilege, audit logs, and optional 2FA
Secure development practices and vulnerability management
No system is 100% secure; please use strong passwords, keep software updated, and manage user access responsibly.
11) Children's privacy
Our Service is not directed to children under 13 (or the age defined by local law). Cameras may incidentally capture minors present on premises; as controller, you should use signage/notices as required and configure retention appropriately.
12) Third-party links and sites
Our website/app may link to third-party services. Their privacy practices are governed by their own policies.
13) Changes to this Policy
We may update this Policy from time to time. We will post the updated version with a new "Last updated" date and, where required, notify you via email/app notice.
14) Contact us
If you're an organization using AlBaseer, please name a privacy contact for your premises and let occupants/visitors know about surveillance in accordance with local law.
Optional Appendix
A. Camera/Signage Notice Template
This property uses AI-enabled cameras for security. Video and event data may be recorded to prevent theft and protect occupants. Data is processed locally; optional cloud features may apply. For questions or to exercise rights, contact: [Your controller contact].
B. Data Processing Addendum (DPA)
If you serve business customers, provide a DPA covering processor obligations, sub-processors, security, breach notices, and international transfer mechanisms.
