Built for the
Strictest Standards.

Compliance is not a checkbox for NuvisoAI — it is a foundational architecture decision. Every product, every deployment model, and every data pipeline is designed around the requirements of the markets we serve.

Two Markets.
Full Compliance.

🇦🇪
UAE Personal Data Protection Law
UAE PDPL
Federal Decree-Law No. 45 of 2021

The UAE PDPL governs the collection, processing, and storage of personal data within the UAE. NuvisoAI's UAE deployments are designed to comply with all provisions of the PDPL, including lawful processing requirements, data subject rights, and cross-border transfer restrictions.

Lawful basis for all data processing
Data subject rights — access, correction, erasure
Data minimisation — only what is necessary
Cross-border transfer controls
Data breach notification procedures
🇮🇳
Digital Personal Data Protection Act
India DPDP Act 2023
Act No. 22 of 2023

India's DPDP Act 2023 establishes comprehensive requirements for the processing of digital personal data within India. NuvisoAI's India deployments — including VisionRetail AI and VisionGuard AI — are architected to meet all DPDP Act obligations, with edge deployment recommended for sensitive environments such as schools.

Consent-based processing framework
Data principal rights — access, correction, erasure, nomination
Purpose limitation and data minimisation
Children's data — no processing without guardian consent
Data fiduciary obligations

Compliance Built Into
the Architecture.

We did not retrofit compliance onto an existing product. Our architecture was designed from day one around the data minimisation and privacy principles of the markets we serve.

01
No Raw Video Storage
NuvisoAI products extract behavioural metadata — not raw video. On cloud deployments, video is processed in a streaming inference pipeline and not stored. Behavioural signals are what we retain, not footage.
02
Edge-First for Sensitive Environments
For schools, healthcare facilities, and government sites, we recommend edge deployment. All AI processing happens on a compact device installed on-site. Video never leaves the premises. Data never touches external servers.
03
Data Minimisation
We collect and process only what is necessary to deliver the agreed service. Our models detect behavioural patterns — not identities. No biometric databases are maintained without explicit lawful basis and client consent.
04
Encryption End-to-End
All data in transit is encrypted using TLS 1.3. Data at rest is encrypted using AES-256. Access to client data is role-controlled and logged. Our cloud infrastructure is hosted in UAE and India data centres as appropriate.
05
Access Controls & Audit Logs
Every access to client data is logged with timestamp, user identity, and action taken. Role-based access controls ensure that only authorised personnel can view client dashboards. Audit logs are available to clients on request.
06
Data Processing Agreements
Every client engagement includes a Data Processing Agreement (DPA) that governs how NuvisoAI processes data on the client's behalf. DPAs are tailored to the applicable regulatory framework — UAE PDPL or India DPDP Act — and the specific deployment configuration.

Choose the Model That
Fits Your Compliance Needs.

☁️
Cloud Deployment
Fast · No new hardware · Scalable

Connect existing cameras directly to the NuvisoAI cloud platform. Fastest path to go-live — typically under two weeks.

No new hardware — connects to existing CCTV
Live in under 2 weeks from contract signing
Scale across unlimited locations from one dashboard
Automatic updates and new AI model releases
Best for: Multi-location retail, automotive groups
🔒
Edge Deployment
Private · On-premise · Regulated industries

A compact edge device processes all AI inference on your premises. Video footage never leaves your site — zero cloud transmission.

Compact on-premise edge device — installed by our team
All AI processing happens locally — zero cloud egress
Fully compliant with UAE PDPL and India DPDP Act
Ideal for schools, healthcare, government, financial services
Best for: Schools, healthcare, regulated environments

Common Questions.

Does NuvisoAI store video footage?
No. On cloud deployments, video is processed in a streaming inference pipeline and not stored beyond the processing window. On edge deployments, all processing is local and video never leaves the client premises.
Is NuvisoAI GDPR compliant?
While our primary markets are UAE and India, our data practices align with GDPR principles — lawful basis, data minimisation, data subject rights, and breach notification. Clients in GDPR-regulated markets should discuss specific requirements with our team.
Can NuvisoAI identify individuals by face?
NuvisoAI detects behavioural patterns — dwell time, movement, zone entry — not identities. Facial recognition is not enabled by default on any product. Where biometric capabilities are required by a client, they are subject to explicit legal basis and consent frameworks.
Where is client data stored?
For UAE clients, data is processed and stored in UAE-based infrastructure. For India clients, data is processed within India. Edge deployments store no data externally — all data stays on the client's premises.
What happens to data when a contract ends?
Upon contract termination, all client data is deleted from our systems within 30 days, and a deletion certificate is provided on request. Edge deployment devices are returned to the client or wiped.
Does NuvisoAI sign Data Processing Agreements?
Yes. A DPA is included as standard in every client engagement. DPAs are tailored to the applicable regulatory framework and cover sub-processor obligations, data subject rights, and breach procedures.
Compliance First

Questions About
Compliance?

Our team can walk you through our compliance architecture and provide a Data Processing Agreement before you commit to anything.