Audit & compliance
Vietnam PDPD + Decree 13/2023 accountability
Access logging
Every API request is recorded server-side (method, path, status) by the audit middleware. Biometric data — footage, embeddings, watchlists and camera coordinates — stays on internal infrastructure and is never sent to third-party services.
Human-in-the-loop
Matches and re-association leads are advisory only. An operator reviews every candidate in the Watchlist view before any action; the system never asserts a real-world identity autonomously.