Privacy Policy
Effective Date: Dec. 20, 2025
Company: Ojo AI, Inc. (“Ojo AI”, “we”, “us”, “our”)
Address: 7454 Goldenrod Court, Brighton, MI 48116, USA
Contact: liam@ojoai.us
This Privacy Policy explains how Ojo AI collects, uses, discloses, and protects personal information in connection with ojoai.us (the “Website”) and app.ojoai.us (the “Service”).
1. Scope and Important Roles
1.1 Website Visitors
For the Website (marketing site and contact/demo requests), Ojo AI is generally the data controller (GDPR) / “business” (CCPA/CPRA).
1.2 Service Customers (Processor)
For the Service, Ojo AI typically acts as a data processor (GDPR) / “service provider” (CCPA/CPRA) on behalf of business customers who control what video/audio and related data is collected and how it is used.
If you are an individual whose image/voice appears in Customer Content (for example, you were recorded by a customer’s cameras), your privacy rights requests generally should be directed to the customer who operates the cameras, because they decide the purpose and means of processing.
2. Information We Collect
2.1 Information You Provide (Website)
If you submit a contact or demo request form, we collect:
name
email address
phone number
company
2.2 Information Processed Through the Service (Customer Content)
Depending on customer configuration and usage, the Service may process:
live video streams
recorded video clips
still images/snapshots
audio
metadata (timestamps, camera identifiers, event tags)
user account data (names, emails, roles/permissions)
device identifiers
IP addresses
precise geolocation (e.g., camera/site location data, if provided/configured by customer)
Ojo AI does not perform facial recognition, face detection, identification of individuals, or cross-camera re-identification/tracking.
2.3 Automatically Collected Data (Website)
We do not use third-party analytics tracking at this time. We may collect limited technical information needed to operate the Website securely (e.g., IP address, device/browser info, logs), including via essential cookies (see Cookies below).
3. How We Use Information
We use information to:
respond to inquiries and demo requests
provide, operate, maintain, and secure the Service
detect and alert on customer-configured events (e.g., weapons, gunshots, fire, smoke, intrusions)
authenticate users and manage accounts
prevent fraud, abuse, and security incidents
comply with legal obligations and enforce agreements
4. Legal Bases (GDPR)
When GDPR applies, our lawful bases may include:
Contract: to provide the Service to customers and respond to requests.
Legitimate interests: to secure, maintain, and improve the Website/Service, prevent abuse, and respond to business communications.
Consent: where required (for example, if we later deploy non-essential cookies or marketing communications in jurisdictions requiring opt-in).
Legal obligation: compliance with applicable laws.
For Service-related processing of Customer Content, customers typically determine the lawful basis as controller.
5. Cookies
We currently use only strictly necessary cookies (if any) required for basic functionality and security. We do not use a cookie consent banner at this time because we do not use non-essential tracking cookies. If we add analytics or advertising cookies in the future, we will update this Policy and, where required, implement consent mechanisms.
6. Sharing and Disclosure
We may share information with:
Service providers who help us operate the Website/Service (e.g., cloud hosting, payment processing, communications tools). Based on your setup: AWS, Google Cloud, Microsoft Azure, and Stripe.
Professional advisors (lawyers, accountants) as needed.
Legal authorities if required by law or to protect rights, safety, and security.
We do not sell personal information and do not share personal information for cross-context behavioral advertising, as those terms are defined under CCPA/CPRA.
7. Data Retention
7.1 Website Leads
We retain contact/demo request information as long as reasonably necessary to respond and for business relationship purposes, unless you request deletion or applicable law requires otherwise.
7.2 Service Data (Customer Content)
By default, video/clips may be stored for 30 days, and customers may configure retention. Retention may also be affected by customer settings, contractual terms, and legal requirements.
8. Security
We use administrative, technical, and organizational measures designed to protect information, including:
encryption in transit
RBAC (role-based access control)
audit logs
No method of transmission or storage is 100% secure. Customers are responsible for securing their own systems, cameras, and account access.
Important operational note for you: your input said “anybody can access customer video inside our org.” That’s a big compliance risk. For GDPR/CCPA expectations, your public policy should reflect access limited to authorized personnel with a business need. If you publish “anyone can access,” it can create liability and kill enterprise deals. The policy below assumes authorized access only, which is the standard you should implement.
9. International Data Transfers (GDPR)
We are based in the United States and our servers are in the U.S. If personal data from the EEA/UK/Switzerland is processed in the U.S., transfers may be governed by appropriate safeguards such as Standard Contractual Clauses (SCCs) and/or other lawful mechanisms, depending on the relationship and circumstances. If you are a customer and need a DPA/SCCs, contact liam@ojoai.us.
10. Your Privacy Rights
10.1 GDPR / EEA-UK Rights (where applicable)
You may have the right to:
access your personal data
correct inaccuracies
delete your data
restrict or object to processing
data portability (in certain cases)
withdraw consent where processing is based on consent
lodge a complaint with a supervisory authority
To exercise rights related to Website data, email liam@ojoai.us.
For rights requests about video/audio captured by a customer’s cameras, contact the customer operating the cameras.
10.2 CCPA/CPRA (California) Rights
If CCPA/CPRA applies, you may have the right to:
know what personal information we collect, use, and disclose
request deletion (subject to exceptions)
correct inaccurate personal information
opt out of “sale” or “sharing” (we do not sell/share for cross-context behavioral advertising)
limit use of sensitive personal information (we do not use SPI for those purposes; see below)
not be discriminated against for exercising your rights
To submit a request, email liam@ojoai.us with “Privacy Request” in the subject line. We may need to verify your identity and authority (especially for business account data).
11. Categories of Personal Information (CCPA/CPRA Notice)
In the last 12 months, we may have collected:
Identifiers: name, email, phone, company, account identifiers
Internet/Network activity: IP address, device identifiers, logs
Geolocation data: precise location if provided/configured in the Service
Audio/Visual information: video, images, audio processed in the Service (as Customer Content)
Professional/Employment info: business contact info (B2B)
We collect this for the purposes described in Section 3 and disclose it to service providers as described in Section 6.
12. Sensitive Personal Information
We do not intentionally collect government IDs or biometric identifiers. The Service may process audio/visual information and precise geolocation as part of Customer Content depending on customer configuration. We do not use this information to infer sensitive traits (e.g., health, ethnicity, religion) and we do not perform facial recognition or identification.
13. Children’s Privacy
The Website and Service are not directed to children, and we do not knowingly collect personal information from children under 13 (or under 16 where applicable). If you believe a child provided information, contact liam@ojoai.us.
14. Changes to This Policy
We may update this Privacy Policy from time to time. We will post the updated version on our Website with a new Effective Date.
15. Contact
For privacy questions or requests: liam@ojoai.us