Security

Kote processes sensitive operational and security data from customer-controlled camera environments. Our security program is designed around confidentiality, controlled access, auditability, resilient infrastructure, and responsible handling of video-derived intelligence.

Customers remain responsible for their own physical premises, camera placement, user access decisions, notices, and legal compliance. Kotelab provides technical and organizational safeguards for the services we operate.

• Encryption in transit for supported application, API, and service communications.
• Encryption at rest for supported production data stores and storage systems.
• Segregation of customer environments and access scopes according to product architecture and deployment model.
• Retention controls for video clips, event history, and operational data according to customer configuration or contract terms.
• Deletion workflows for customer data at the end of the applicable retention period or customer agreement, subject to legal requirements.

• Role-based access controls for administrators, operators, and authorized users.
• Customer-controlled user management for access to dashboards, cameras, events, queries, and notifications where supported.
• Least-privilege access practices for internal systems and production operations.
• Authentication and session controls designed to reduce unauthorized access risk.
• Operational review of access where required for support, troubleshooting, and security operations.

Kote analyzes customer camera feeds to generate operational and security events, searchable clips, alerts, and related metadata. Because this data can involve people, vehicles, and monitored premises, it is handled as sensitive customer data.

• Customer video is processed to provide the contracted product features, such as event detection, alerts, clips, and search.
• Kotelab does not sell customer video or use it for advertising.
• Kotelab does not use customer video to train models for the benefit of other customers unless expressly agreed in writing.
• Where feasible, model improvement and troubleshooting use de-identified, aggregated, or limited data rather than raw customer video.
• Customers control which cameras and sites are connected, which analytics are enabled, and what notices or consents are required at their premises.

• Production infrastructure is designed with network, application, storage, and monitoring controls appropriate for cloud-hosted services.
• Application changes are reviewed and validated through engineering workflows before deployment.
• Logging and monitoring support service reliability, abuse prevention, troubleshooting, and security investigation.
• Operational safeguards are used to limit direct production access and reduce risk during support and maintenance activities.
• Backups, recovery procedures, and continuity practices are maintained according to service requirements and customer agreements.

• Event history, notification history, and system records support operational visibility and investigation workflows.
• Administrative and operational activities may be logged to support security, troubleshooting, and compliance obligations.
• Customers should configure user roles, retention settings, alert rules, and access permissions according to their own internal policies.

Kotelab maintains processes to investigate, contain, and remediate suspected security incidents affecting systems we operate. If we determine that a security incident affects customer data, we will notify affected customers in accordance with applicable law and contractual obligations.

• Security events are triaged based on severity, data impact, service impact, and customer risk.
• Remediation may include access restriction, credential rotation, patching, configuration changes, monitoring, and customer notification.
• Customers are responsible for incident response within their own physical sites, camera networks, user accounts, and connected systems.

Kote is part of a broader customer-controlled environment. Customers are responsible for securing their own premises, camera networks, devices, user accounts, policies, and lawful deployment of CCTV and AI-enabled analytics.

• Use strong access controls and limit dashboard access to authorized personnel.
• Remove access promptly for users who no longer need it.
• Secure camera credentials, DVR/NVR systems, RTSP streams, networks, and connected infrastructure.
• Provide required notices, signage, disclosures, or consents for CCTV and analytics where required by law.
• Review alerts, clips, and AI-generated outputs before making security, operational, employment, or legal decisions.

Kotelab is building toward enterprise security expectations, including ISO 27001 readiness and SOC 2 Type 2 in progress. Compliance status, security documentation, and sub-processor information may be made available to customers during procurement, security review, or contracting.

References to compliance work in progress are roadmap and posture statements, not guarantees of current certification unless expressly stated in a signed customer agreement or official compliance report.

Kotelab uses trusted service providers for hosting, storage, security, communications, analytics, support, and model-inference services. These providers are required to protect customer data according to appropriate confidentiality, security, and data protection obligations. A current sub-processor list is available to customers on request or through the applicable Data Processing Addendum.

Security questions, responsible disclosure notices, and privacy-related security inquiries can be sent to privacy@kotelab.com.