Privacy Policy
1. Who this policy applies to
| Audience | Role |
|---|---|
| Pharmacy customers (subscribers) | You are the data controller for CCTV footage and personal information captured at your store. |
| Pharmacy patrons / customers | Your pharmacy (not NeuraIQ) is responsible for lawful surveillance and your privacy rights. |
| Pharmacy staff | Workplace surveillance notices are issued by your employer. |
| Website visitors | NeuraIQ is the data controller for information you submit via neuraiq.com.au (see Section 14). |
IntelliGuard is detection assistance — it generates alerts and local recordings. Your pharmacy decides whether and how to act.
2. Data sovereignty — our core commitment
IntelliGuard is designed on a data sovereignty model:
- →All AI video analysis runs on the NeuraIQ Edge Appliance at your pharmacy — not in NeuraIQ’s cloud.
- →Alert clips, face crops, face embeddings, and offender-gallery data stay on your appliance under your control.
- →In the ordinary course of the Service, NeuraIQ does not receive, store, copy, or retain your CCTV streams, alert video, or biometric data.
- →A minimal heartbeat is sent to NeuraIQ for subscription and health monitoring. Heartbeat contains only: Site ID, software version, appliance uptime, camera count (aggregate), alert count (aggregate — not per-event or per-person), and VPN connectivity status.
- →Heartbeat does not include video, images, audio, biometrics, face crops, alert clips, patron/customer/visitor names or identities, or any personal information or PII relating to pharmacy patrons, retail customers, visitors, or staff (Terms and Conditions 8.12).
Remote support access to your appliance or footage occurs when you email admin@neuraiq.com.au for support and NeuraIQ personnel connect via time-limited VPN under standing consent granted at onboarding (Terms and Conditions 8.6–8.7). NeuraIQ does not maintain always-on or unattended remote access.
3. What NeuraIQ does **not** collect or retain
NeuraIQ does not:
- →Retain, receive, store, copy, or have access to biometrics, face templates, face embeddings, or other sensitive information about your pharmacy patrons, customers, or patients in the ordinary course of the Service.
- →Operate a cloud video repository or receive your CCTV streams for routine processing.
- →Upload video, images, or alert media to NeuraIQ servers or third-party AI clouds for detection.
- →Use your footage to train or improve AI models unless you opt in under Schedule 4 of your Service Agreement — and then only for local on-appliance improvement at your site.
- →Sell or license your video or alert data to third parties.
Your pharmacy remains the sole custodian of footage and local IntelliGuard data.
4. What is processed **on your appliance** (pharmacy as controller)
The following is processed locally at your site by IntelliGuard software. NeuraIQ supplies the technology; your pharmacy determines the purposes of CCTV and AI monitoring.
| Data type | Where stored | Typical retention | Notes |
|---|---|---|---|
| Video frames (in-memory) | Appliance RAM | Seconds | Discarded after real-time processing |
| Motion / alert clips | Appliance local storage | ~15 days (configurable) | Short clips tied to detection events |
| Pose keypoints | Not persisted | — | Used for scoring only |
| Face detection crops | Appliance local storage | ~15 days | Thumbnails for staff alerts |
| Face embeddings (512-d vectors) | Appliance SQLite | Until offender record deleted | Mathematical vectors — not photographs |
| Alert metadata (score, camera, time) | Appliance SQLite | ~15 days | |
| Offender gallery records | Appliance SQLite | Until staff delete | Opt-in only — staff manually enroll from an alert |
Sensitive information: Face-related data used for optional repeat-offender matching may be sensitive information under the Privacy Act. Your pharmacy must ensure lawful collection, signage, staff notices, and opt-in consent where required (see your IntelliGuard notices pack).
5. What NeuraIQ collects directly (processor / service provider)
Even with on-prem video, NeuraIQ processes limited personal information to deliver and bill the Service:
| Data type | Purpose | Storage | Retention |
|---|---|---|---|
| Heartbeat metadata | Subscription verification, health monitoring, update delivery. No patron PII (see section 2). | NeuraIQ Fleet Manager (AU-hosted VPS) | ~90 days |
| Billing & account data | Invoicing, subscription management. Pharmacy business data only. | Stripe + NeuraIQ records | 7 years (Australian tax and accounting requirements) |
| Customer contact details | Support, onboarding, contractual notices. Nominated contacts only. | NeuraIQ systems | Life of contract + legal retention |
| Support correspondence | Troubleshooting. No patron PII unless you attach it. | Email / ticket systems | Retained for audit purposes — no fixed retention period |
| VPN session logs | Audit of authorised remote support. No patron PII — session metadata only. | NeuraIQ systems | 1 month maximum |
NeuraIQ does not store your full payment card numbers — payments are processed by Stripe (see Appendix A).
6. Face detection transparency (OAIC retail AI guidance)
IntelliGuard uses on-device face detection to crop face regions and generate numerical embeddings for alert thumbnails and optional offender-gallery matching.
- →This is not mass public facial recognition.
- →Repeat-offender matching is opt-in: pharmacy staff must manually enroll a face from an alert.
- →Embeddings and crops remain on your appliance unless you export them locally.
- →NeuraIQ personnel do not access this data except in limited, request-only support circumstances — and do not retain copies afterward.
Pharmacies must display AI-assisted CCTV signage and comply with applicable workplace surveillance laws.
7. Controller and processor roles — data ownership
Terms and Conditions 8.17 allocates data as follows:
| Data category | Owner / controller | Examples | Patron or retail customer PII? |
|---|---|---|---|
| Customer data | Pharmacy (controller) | Raw CCTV, alert clips, thumbnails, face crops, embeddings, offender gallery, alert scores and logs on Appliance | Yes — you control it |
| NeuraIQ IP | NeuraIQ | Software, models, algorithms, firmware, documentation | No — technology only |
| Heartbeat metadata | NeuraIQ (processor) | Site ID, version, uptime, camera count, aggregate alert count, VPN status | No |
| VPN session logs | NeuraIQ (processor) | Session timestamps, authorising contact, ticket reference | No patron PII |
| Billing and account records | NeuraIQ (processor) | Business name, ABN, billing address, subscription status | Pharmacy business data only |
| Support correspondence | NeuraIQ (processor) | Tickets and emails from authorised contacts | No patron PII unless voluntarily attached |
| Fleet aggregates (if collected) | NeuraIQ | De-identified fleet-wide statistics | No |
NeuraIQ does not claim ownership of Customer data or of any "insights" about identifiable patrons. Detection outputs stored on your Appliance are Customer data. NeuraIQ owns NeuraIQ IP and Operational Telemetry only.
| Party | Role | Responsibility |
|---|---|---|
| Pharmacy (subscriber) | Data controller for Customer data | Lawful CCTV/AI monitoring, signage, staff notices, patron enquiries, footage disclosure decisions |
| NeuraIQ | Data processor for Operational Telemetry + controller for billing and website | Provide Service securely; process heartbeat/billing/support meta without patron PII |
Detailed processor obligations are in the IntelliGuard Terms and Conditions (Part II — Data Processing), incorporated into your Service Agreement.
8. How we use information
NeuraIQ uses the information described in Section 5 to:
- →Provide, activate, and maintain the IntelliGuard Service
- →Verify subscription status and deliver software/model updates
- →Process payments and issue tax invoices
- →Respond to support requests you initiate
- →Comply with law and enforce our agreements
We do not use patron video or biometrics for advertising, unrelated analytics, or model training without your Schedule 4 of your Service Agreement opt-in.
9. Disclosure to third parties
NeuraIQ does not disclose your video, alert clips, or patron biometrics to third parties in the ordinary course of the Service.
We use sub-processors for limited functions (billing, hosting, support infrastructure). See Appendix A — Sub-processors.
We may disclose information where required by law, or to protect rights and safety, in accordance with applicable legislation.
10. Data security
- →On-prem processing — core detection does not depend on cloud video upload.
- →MQTT and admin interfaces secured with authentication.
- →Appliance databases stored locally at your site.
- →Remote support VPN-only, on-demand, under standing consent when you email admin@neuraiq.com.au for support.
- →NeuraIQ implements reasonable technical and organisational measures appropriate to the data we hold.
11. Data breach notification
If NeuraIQ becomes aware of a data breach affecting personal information we hold as a processor or controller, we will notify affected pharmacy customers and cooperate with your breach-response obligations under the Notifiable Data Breaches scheme, in accordance with the Terms and Conditions and applicable law.
Breaches of data held only on your appliance are primarily your responsibility as controller; NeuraIQ will assist on request.
12. Your rights (Australian Privacy Principles)
Individuals may have rights to access, correct, or complain about personal information held about them.
| If the information is… | Contact |
|---|---|
| Footage, alerts, embeddings on your appliance | Your pharmacy (data controller) |
| Billing or support records held by NeuraIQ | NeuraIQ — admin@neuraiq.com.au |
You may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) — oaic.gov.au.
13. Retention and deletion
| Data | Default retention |
|---|---|
| On-appliance alert clips & metadata | ~15 days (pharmacy-configurable) |
| Offender gallery embeddings | Until deleted by pharmacy staff |
| Heartbeat metadata | ~90 days |
| Billing records | 7 years (Australian tax and accounting requirements) |
| VPN session logs | 1 month maximum |
| Support tickets and correspondence | Retained for audit purposes — no fixed retention period |
On termination, pharmacies control export/deletion of local appliance data. NeuraIQ deletes or anonymises account metadata per our retention schedule.
14. Website visitors (neuraiq.com.au)
When you visit neuraiq.com.au or submit a Book a Demo / newsletter form, NeuraIQ may collect:
- →Name, email, phone, business name, message content
- →Technical logs (IP address, browser type, pages visited) for security and analytics
Purpose: respond to enquiries, send marketing you opt into, improve the website.
Lawful basis: consent and legitimate interests (APP 3 / APP 6).
Newsletter: unsubscribe link in every email.
This website policy is separate from pharmacy CCTV processing under IntelliGuard.
15. International transfers
IntelliGuard video processing does not involve routine offshore video transfer.
Some sub-processors (e.g. Stripe) may process billing data outside Australia. We take reasonable steps to ensure overseas recipients handle information consistently with APP 8.
16. Changes to this policy
We may update this policy with 30 days’ notice to subscribers for material changes. The current version is published at https://neuraiq.com.au/privacy.
Material changes to data sovereignty or processing architecture will be communicated in accordance with your Service Agreement.
17. Contact
NeuraIQ Pty Ltd
Email: admin@neuraiq.com.au
Privacy enquiries: admin@neuraiq.com.au (consider privacy@neuraiq.com.au)
Phone: 0434 673 004 (business hours AEST)
Registered address: [to be inserted]
Web: https://www.neuraiq.com.au
Appendix A — Sub-processors
| Sub-processor | Purpose | Data processed | Location | Notes |
|---|---|---|---|---|
| Stripe Payments Australia Pty Ltd | Subscription billing, tax invoices | Customer name, email, billing address, payment method tokens | AU / global Stripe infrastructure | PCI-DSS; Stripe Privacy Policy applies to payment data |
| Linode / Akamai Connected Cloud (or successor) | Fleet Manager hosting — heartbeat metadata | Site ID, version, uptime, camera count, alert count | Sydney, AU (target) | No video or biometrics |
| NetBird (or successor WireGuard mesh) | Encrypted remote support VPN | Session metadata, connection logs | Per vendor | Only when customer authorises session |
| Email / ticketing | Support correspondence | Contact details, support content | AU where practicable | Confirm provider before publish |
NeuraIQ will update this appendix when sub-processors change. Subscribers will be notified of material changes per the Service Agreement.
Incorporated by reference into the IntelliGuard Service Agreement. For contractual terms, see Terms and Conditions v2.5.