Privacy Policy for Weapons Detection Tool

Effective Date: July 2023


This Privacy Policy outlines how we collect, use, disclose, and protect your personal information when you use the AiLert Weapons Detection Tool (WDT), known as SAMSON.

By using the System, you consent to the practices described in this Privacy Policy. Please read this policy carefully to understand how your personal information will be handled.

1.0 Information We Collect

1.1. User Information:

The data collected by the clients (compressed raw CCTV footage) regularly contains various categories of personal and non-personal data. WDT cameras usually contains a plethora of data on potentially identifiable individuals, given the nature of data collection, primarily based on physical, behavioral, and social elements. For example, the CCTV camera provides footage on all persons entering or leaving a store (general clients, customers, consumers, and others), persons passing the store (general pedestrians on the sidewalk (passers-by), license plates from passing-by vehicles, and/or persons inside the vehicles, and others), persons regularly attending the premises (employees, certain categories of regular clients, customers, consumers, armed and non-armed security guards contracted by the clients, and others), persons regularly passing the store (persons living in the area, working in the area, commuting in the area, and others), persons regularly present at the entrance area (employees on a break, guests of a next-door café, and others), and similar.

The type of personal data that CCTV footage can capture includes biometrical data (i.e., facial images), identification numbers (i.e., employees' ID cards), location data (i.e., geo-location (GPS) of employees, clients, customers, consumers, pedestrians; highlight on repetitive tracking of persons frequenting the premises), and others.

The noted information relates not only to the personal physical data (i.e., ability to identify employees, next-door neighbors, and people working at nearby locations, ability to identify passers-by, etc.) but additionally to personal behavioral data (i.e., daily routine, daily routes, regular habits, etc.) and personal social data (i.e., shopping habits, smoking habits, communication, and relationships habits, etc.). Individual or combined data, as noted above, when supported by additional tracking mechanisms and supply of additional data, may lead to identification of individuals and individual or group profiling. As stated earlier, all of the above noted data is captured (collected) by the clients acting as data controllers.

1.2. Non-Personal Information:

We may also collect non-personal and anonymous information, which cannot be used to identify you. This includes statistical data, system configurations, and aggregated data used for analytical

purposes. The WDT does not perform any mode of surveillance nor contain any form of biometric identification capacities.

2.0 How We Use Your Information

2.1. Security and Safety Purposes:

The SAMSON Weapons Detection Tool is trained to recognize objects that can be categorized as firearms (small magazine-fed handguns, rifles, assault rifles, revolvers, other small firearms that can be used as weapons, and similar) and coded to send out alerts only when it assumes that such objects have been recognized in the compressed raw camera footage.

SAMSON, after being integrated with the Closed-Circuit Television (CCTV) cameras installed and operated by the clients (private or public entities, end users) enables an autonomous algorithmic analysis of CCTV camera footage in search of possible weapon detections. The Company (AiLert) acts as a data processor and relies completely on the data provided by its clients (clients act as data controllers).

2.2 Operation and Improvement of the System:

During the live/operational phase, data collected (in the form of compressed raw footage) is used only in cases of false positive detections ("false alert" scenario) to improve SAMSON’s performance quality by retraining the algorithm (data retraining, data learning).

2.3. Legal Compliance and Ethics:

We may use your Personal Information to comply with applicable laws, regulations, or legal processes, respond to lawful requests, or protect our rights, privacy, safety, or property, or those of our users or the public.

AiLert Company is established in the United States (Delaware), but effectively provides the full service through its subsidiary (legal, organizational, and operational center, where all relevant personnel and equipment are located) in Israel, a third country considered a safe country pursuant to Directive 95/46/EC of the European Parliament and of the Council on the Adequate Protection of Personal Data by the State of Israel with regard to automated processing of personal data (notified under document C(2011) 332), OJ L 27, 1.2.2011, p. 39–42. WDT Privacy Policy regarding data transfers from the European Union (EU) to third countries (adequacy criteria).

The Company not only continuously endeavors to be fully compliant with the relevant international privacy laws (primarily General Data Protection Regulation (GDPR) and Law Enforcement Directive (LED Directive)) but additionally makes its best efforts to ensure that its clients satisfy the same track record. The Company promotes using Standard Contractual clauses,

provided the clients are interested in such a contractual arrangement. The Company is fully devoted to democratic values and the protection of democratic processes and deliberations, and endeavors to align its operation with relevant technical standards (such as ISO and IEEE) and relevant ethical and legal recommendations (such as Ethics Guidelines for Trustworthy AI (EGTAI), and The Assessment List for Trustworthy AI (ALTAI)). Equally so, and whenever possible, the Company strives to extend the reach of fundamental data protection values to a wide range of its clients.

In effect, the Company plays a role in the global outreach of the GDPR as a mechanism aimed at protecting personal data on a global scale. The Company has made great efforts to incorporate data protection and data privacy principles and concepts into the design of the WDT tool itself (Privacy by Design and Default concepts) and strives to continuously educate its employees (and clients) on the meaning, relevance, and necessity of personal data and privacy protection.

The compressed raw data collected by SAMSON embraces the Ethics Guidelines for Trustworthy AI by relying on: The data minimization principle – whereby access to personal data is enabled (on request or by default) only when the WDT issues an emergency alert and when the human security operator evaluates and validates or negates such finding (positive and negative detections).

The human-in-the loop principle – whereby the SAMSON is not coded to make decisions but recommendations that need to be evaluated and validated by human security operators.

The human agency principle – whereby the SAMSON does not allow any autonomous AI decision-making but is based on an AI recommendation output that is scrutinized by a human security operator.

The human-in command principle – whereby no SAMSON’s generated alerts produce any effect without specific approval or denial issued by a human security operator.

The human oversight principle – whereby the SAMSON has integrated access to all system records and enables real time and post hoc oversight of AI systems and their performance, including data analysis and alert recommendations.

The necessity principle – whereby the Company will utilize false positive detection footage only to the extent that it is necessary to use incorrect object categorizations to improve the algorithm’s detection and learning capacity.

The proportionality principle – whereby the Company will utilize false positive detection footage for algorithm retraining that incidentally contains personal data, where the access to the noted personal data is proportional to the overall use of the footage for data retraining.

3.0 Sharing of Information

3.1. Law Enforcement and Legal Authorities:

SAMSON aims to feature a default pseudonymization technique in its design, representing the system's major privacy by-design characteristic introduced as a privacy by-default mechanism. However, in cases where it is required by law or necessary to protect our rights, safety, or property, and subsequent to a positive detection, any other person nominated by the client (security company, law enforcement, etc.) will get access to de-pseudonymized footage that is available on the cloud.

4.0 Data Security

We implement reasonable security measures to protect your Personal Information from unauthorized access, disclosure, alteration, or destruction.

4.1 Retention of Information

In cases of emergency alerts (when the WDT thinks it has spotted a weapon in the footage), the WDT will provide the clients with the raw footage video (and imagery) that needs to be inspected by the client (security officer in the alarm center; service set-up by the client or third party) in order to evaluate and validate the algorithm recommendation. The relevant section of raw footage will be automatically transferred from the edge device to the cloud, to which the client, persons nominated by the client, and the selected Company's employees have an exclusive access. All noted persons will also get more information on the CCTV camera that has recorded the footage (its GPS location, IP address, and MAC). The noted information is available for 30 minutes on the cloud, during which time the security officer can access the alert and validate it. After the expiration of 30 minutes, the link to the noted information will no longer be available, but the compressed raw footage will remain on the edge device and cloud storage.

If the security officer flags the alert as false positive, the raw footage is retained by the Company for algorithm data retraining. The Company deletes such footage up to 90 days following the alert event. If the security officer flags the alert as a positive detection, the relevant information is shared automatically (automatic sharing with a closed Telegram group or other secure means of communication) with the client and persons nominated by the client (i.e., the law enforcement bodies and/or other interested stakeholders). After the information on positive detection has been forwarded to the relevant persons, all noted information and data is permanently deleted from the cloud storage after 90 days when supplied by the Company.

The noted time period reflects the clients’ need to access and review such footage, often in cooperation with the interested stakeholders (i.e., law enforcement bodies).

5.0 Changes to the Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. When we make changes, we will revise the "Effective Date" at the beginning of this Privacy Policy. We encourage you to review this policy periodically.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at

By using the Weapons Detection System, you agree to the terms and conditions outlined in this Privacy Policy.

CMMC, RPO certified. 3PAO certification pending GSA IT 70 Schedule HACS Provider
HubZone Certified

© 2022 SecureSoft Technologies. All rights reserved. Privacy Policy

Website by 
Ocean 5 Strategies