Loading…
Loading…
End-to-end encryption, granular access control, tamper-proof evidence, and full audit trail -- built for the most demanding compliance environments.
All data in transit is protected with industry-standard encryption protocols, with no legacy or weak ciphers permitted.
All external connections use TLS 1.2+ with TLS 1.0 and 1.1 completely disabled. Strong cipher suites enforced across all endpoints.
All WebRTC media streams encrypted with DTLS-SRTP using ECDSA P-256 certificates for secure real-time video delivery.
Dashboard, API, and all management interfaces enforce HTTPS. No plaintext HTTP connections accepted for any management operation.
Only ports 80/443 exposed externally. All internal services communicate on a private network with no direct external access.
X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and Permissions-Policy headers enforced on all responses to prevent common web attacks.
Defense in depth with JWT tokens, digest authentication, account lockout, and rate limiting to protect every access point.
Stateless JWT authentication with configurable token expiration for all API and dashboard sessions.
Camera RTSP connections use RFC 2617 Digest authentication to prevent credential exposure over the network.
Automatic account lockout after 10 failed login attempts within a 15-minute window to prevent brute-force attacks.
Per-IP and per-endpoint rate limiting protects against denial-of-service and credential stuffing attacks.
Passwords are automatically stripped from all RTSP URLs in logs, error messages, and API responses to prevent credential leakage.
Webhook payloads validated with constant-time comparison to prevent timing attacks on secret verification.
Four predefined roles with 30+ permissions ensure every user has exactly the access they need -- no more, no less.
| Role | Live View | Recordings | Camera Config | AI Config | System Settings |
|---|---|---|---|---|---|
| Super Admin | Full | Full | Full | Full | Full |
| Admin | Full | Full | Full | Full | Full |
| Operator | Full | Full | Full | View only | No |
| Viewer | View only | Playback only | No | No | No |
Dynamic masking, data sovereignty, and configurable retention built in from the ground up for GDPR, HIPAA, and regulatory compliance.
Configurable regions blacked out in both live view and recordings. Masks are enforced server-side before video reaches any viewer.
Each camera can have its own unique privacy mask regions, allowing fine-grained control over what is obscured in different areas.
Privacy masks are applied at the server level before video is transmitted, ensuring no viewer can bypass privacy protections.
All video data and metadata stays within your network. No cloud dependency required for any core functionality.
Fully operational without internet connectivity. All AI inference, video processing, and management run locally after installation.
Set retention policies per camera or globally with automatic cleanup to comply with data minimization requirements.
Timestamped bookmarks, SHA-256 integrity verification, and complete chain of custody for legally admissible video evidence.
Create bookmarks with headline, description, 6 color-coded priorities, and tags. Select precise time ranges for bookmark coverage.
Search across all recordings using tags to quickly locate relevant evidence from any camera or time period.
Lock recordings to make them tamper-proof. Locked evidence cannot be auto-deleted or modified, preserving integrity for legal proceedings.
Every locked evidence segment includes SHA-256 hash verification to detect and prove any tampering attempt.
Full audit trail of who locked evidence, when it was locked, and the reason. Complete chain of custody for legal admissibility.
Set evidence locks for a specific duration or indefinitely. Only administrators can release locked evidence.
Multiple layers of protection from encrypted credential storage to CORS enforcement and comprehensive audit logging.
All stored credentials including camera passwords and API keys encrypted with AES-256 using the Fernet specification.
Configurable request body size limits prevent oversized payload attacks and resource exhaustion.
All file paths validated and sanitized to prevent directory traversal attacks against the server filesystem.
Strict Cross-Origin Resource Sharing policies with production warnings for overly permissive configurations.
CSP headers restrict script sources, frame ancestors, and other content to prevent XSS and injection attacks.
Every action logged with timestamp, IP address, user agent, and action details for complete operational visibility.
Enterprise-grade security, privacy compliance, and tamper-proof evidence management built for the most demanding environments.