Data Processing Agreement (DPA)

These processor terms apply automatically — as part of our Terms of Service — whenever footage you submit contains personal data. You are the controller; StreetProof is your processor under Art. 28 GDPR.

Last updated: July 5, 2026

In plain terms: Video of a street usually shows recognisable people, which makes it personal data. Legally, you decide why it was filmed (controller) and we only count what crosses your line (processor). This document is the contract the GDPR requires for that relationship — you do not need to sign anything separately; it is already part of the Terms. A countersigned copy for your records is available on request.

1. Parties and scope

This DPA is entered into between the customer identified by the StreetProof account (“Controller”) and StreetProof (“Processor”). It forms part of the Terms of Service and applies to all processing of personal data contained in footage and derived artifacts that the Processor performs on behalf of the Controller. In case of conflict between this DPA and the Terms, this DPA prevails for data-protection matters.

2. Description of processing (Art. 28(3) GDPR)

ItemDescription
Subject matterAutomated pedestrian counting on video footage submitted by the Controller.
DurationFor each study: from submission until deletion (at most 30 days for raw video, or immediately on request). Overall: the term of the account.
Nature and purposeNormalising footage to reduced resolution; detecting and tracking moving silhouettes; recording anonymous line-crossing events; rendering a short proof-overlay clip; producing aggregate reports.
Types of personal dataVideo imagery in which natural persons may be recognisable. No audio (stripped on ingest). No special categories are sought or derived; no biometric identifiers are extracted.
Categories of data subjectsPassers-by captured in street footage.

3. Controller instructions

The Processor processes footage only on the Controller’s documented instructions: the act of submitting footage and configuring a study constitutes the instruction to count and report. The Processor will not process footage for any other purpose, and will inform the Controller if, in its opinion, an instruction infringes the GDPR. Derived counting results (timestamps, directions, categories) are anonymous and fall outside the scope of personal data once produced.

4. Processor commitments

  • Confidentiality: persons authorised to process the footage are bound by confidentiality obligations.
  • Purpose limitation by design: no facial recognition, no biometric categorisation, no emotion recognition — ever (fixed policy, Section 3 of the Privacy Policy).
  • Assistance:the Processor assists the Controller with data-subject requests (Arts. 12–23) and with the Controller’s obligations under Arts. 32–36, taking into account the nature of the processing.
  • Breach notification:the Processor notifies the Controller without undue delay after becoming aware of a personal data breach affecting the Controller’s footage, with the information required by Art. 33(3).
  • Deletion and return: raw footage is deleted automatically within 30 days, immediately on request, and on deletion of a study or closure of the account. On request the Processor returns footage before deletion.
  • Audits:the Processor makes available the information necessary to demonstrate compliance and allows audits, including inspections, conducted by the Controller or an auditor mandated by the Controller, on reasonable notice and at the Controller’s expense.

5. Technical and organisational measures (Art. 32)

  • Encryption of footage at rest and in transit.
  • Resolution reduction on ingest — the pipeline operates on downscaled video sufficient for silhouette counting only.
  • Audio stripped on ingest and never stored.
  • Automatic retention enforcement: 30-day TTL on raw video, with a “delete immediately after processing” option.
  • Access controls: footage and media artifacts are reachable only via the owning account’s session or short-lived, job-bound media tokens.
  • Isolation of derived data: reports and benchmarks are built from anonymous events (timestamp, direction, category), never from imagery.
  • Logging and monitoring of administrative access.

6. Sub-processors

The Controller grants general authorisation for the following categories of sub-processors: cloud infrastructure (hosting, storage and compute) and transactional email delivery. Footage itself is processed only on cloud infrastructure hosted in the European Economic Area by default. The Processor will inform the Controller of intended changes (additions or replacements) in advance, giving the Controller the opportunity to object, and remains fully liable for its sub-processors’ performance.

7. International transfers

Personal data is processed in the EEA by default. Any transfer to a third country takes place only under an adequacy decision or appropriate safeguards (Standard Contractual Clauses), and the Processor will document such safeguards on request.

8. Controller responsibilities

The Controller warrants that it has a lawful basis for the capture and submission of the footage, that required notices to data subjects are in place (a notice template is available from the Processor), and that its instructions comply with applicable law — as set out in Section 7 of the Terms.

9. Liability and precedence

Liability under this DPA is subject to the limitations in the Terms, except where the GDPR mandates otherwise (Art. 82). This DPA is governed by the same law and jurisdiction as the Terms.

10. Copies and contact

For a countersigned copy of this DPA, the current sub-processor list, or the video-surveillance notice template, contact privacy@streetproof.app.

Not legal advice. These documents describe how StreetProof is built and operated — they are engineering and policy commitments templated from our compliance requirements (GDPR, EU AI Act, US state law), not a legal opinion. They do not replace advice from your own counsel about your specific situation, and nothing here creates an attorney–client relationship.