Privacy Policy
EgoVista — egovista.app
Effective 1 June 2026 · Version 2.1
See also: Contributor Terms
This Privacy Policy explains how EgoVista processes personal data when you visit egovista.app, register as a contributor, contact us as a prospective buyer, or appear incidentally in a video uploaded by a contributor. It is written to be read by humans, not only lawyers; defined terms are kept to a minimum and references to the law are provided so that any data protection authority or counsel can verify the analysis underlying each section.
EgoVista is committed to the principles of the General Data Protection Regulation (Regulation (EU) 2016/679, the “GDPR”), the French Loi Informatique et Libertés as amended, and to the transparency and AI-literacy expectations of Regulation (EU) 2024/1689 (the “AI Act”). This Policy is consistent with the recommendations published by the French data protection authority (“CNIL”) on the development of AI systems and with the Guidelines of the European Data Protection Board (“EDPB”) on pseudonymisation (01/2025) and on facial recognition (05/2022).
1. Identity of the controller
EgoVista is a French simplified joint-stock company (société par actions simplifiée) currently in formation. The data controller within the meaning of Article 4(7) GDPR is:
EgoVista (SAS in formation), represented by Mr Léonard Docquier, founder, acting in the name and on behalf of the company in formation in accordance with Articles L.210-6 of the French Commercial Code and 1843 of the French Civil Code.
Registered office (provisional): 42 avenue de Villepreux, 92420 Vaucresson, France.
Email: privacy@egovista.app (data protection enquiries) / contact@egovista.app (general enquiries).
Once EgoVista SAS is registered with the Paris Trade and Companies Register, this Policy will be updated to reflect the SIREN number, the final registered address and the VAT identification number, within a maximum period of 30 days following effective registration. The substance of the obligations described below remains unchanged.
EgoVista has not appointed a Data Protection Officer because the criteria of Article 37(1) GDPR are not met at this stage. EgoVista will reassess this point as the volume and nature of processing evolve.
2. Who this Policy concerns
This Policy is addressed to four categories of data subjects:
- Contributors — natural persons aged 18 or above who voluntarily upload egocentric (first-person) video footage to the Platform.
- Prospective buyers — natural persons acting in a business capacity who contact EgoVista through the website to discuss the supply of annotated datasets.
- Visitors — natural persons who browse the Platform without registering.
- Third parties incidentally captured in videos uploaded by contributors (passers-by, household members, colleagues).
3. Categories of personal data processed
3.1 Data provided directly
Contributors provide their first name, last name, email address, the country in which the footage was recorded, a free-text description of the filming environment, and the video file itself.
Prospective buyers provide their name, professional email address, organisation, project type, estimated volume, target environments, indicative timeline, and any message they choose to include.
Payment-related information is not collected at this stage. Once a contributor remuneration mechanism is activated, payments will be processed through a third-party payment provider; bank details are submitted directly by the contributor to that provider and are not stored on EgoVista’s infrastructure. This Policy will be updated to reflect that processing when activated. EgoVista does not collect or store any banking data. All payments to Contributors are processed exclusively through Wise Business (and, in future scaling phases, Stripe Connect Express). The Contributor enters banking details directly into the payment provider’s interface; these details never transit through EgoVista’s infrastructure and are never stored by EgoVista.
3.2 Data collected automatically
When you interact with the Platform, EgoVista collects technical data necessary for operation and security: IP address, user-agent string, connection and upload timestamps, HTTP error codes, and rate-limiting counters. These data are processed on the basis of EgoVista’s legitimate interest in operating a secure service (Article 6(1)(f) GDPR).
EgoVista does not currently deploy any audience-measurement or advertising analytics tool. If one is deployed in the future, it will be selected to operate without cross-site tracking or advertising purpose, and this Policy will be updated to disclose the tool and its retention period.
3.3 Data derived from AI processing of videos
Videos uploaded by contributors are processed through an automated pipeline that is operated, in its inference steps, on European Union infrastructure. The pipeline produces, in this order:
- Frames extracted at 10 frames per second using FFmpeg (local processing on EgoVista-controlled infrastructure).
- Visual occultation of faces detected in each frame, performed by MediaPipe Face Detection. This step is intended to take place before any frame is transmitted to a third-party inference service.
- Two-dimensional and three-dimensional skeletal keypoints of the body and of each hand, produced by MediaPipe Pose and Hands. These keypoints are used to characterise the action being performed; they are not used to identify any individual contributor or third party.
- Depth estimation produced by a depth-estimation model on EgoVista-controlled infrastructure.
- Hand-object segmentation masks produced on a dedicated GPU node in the European Union. Only frames to which visual occultation has been applied are intended to be transmitted to this node.
- Contact-timing labels derived by post-processing the segmentation masks.
- Textual descriptions of the actions visible in the footage, produced by a large multimodal model hosted on Google Vertex AI in the europe-west4 region (Netherlands). Only frames to which visual occultation has been applied are intended to be transmitted to this service. Pursuant to the contractual terms of Vertex AI Enterprise, inputs transmitted to this service are not used by Google to train or improve its foundation models.
- Camera intrinsics derived from EXIF metadata, and dataset-level enrichment.
3.4 Status of the skeletal keypoints under Article 9 GDPR
Skeletal keypoints describe the geometry of a human body in a frame. Whether such data falls within the special categories of Article 9 GDPR depends on the purpose of the processing. Recital 51 GDPR and the EDPB Guidelines 05/2022 (paragraph 27) confirm that biometric data falls under Article 9 only when processed for the purpose of uniquely identifying a natural person. EgoVista processes keypoints solely to characterise the action being performed in the video; the data is not used, and is not technically configured, to identify the individual filmer.
EgoVista nonetheless applies, as a matter of internal policy, the safeguards that would be required under Article 9 GDPR if the data were within scope: explicit consent of the contributor for the production of keypoint annotations, restricted access, encryption at rest, and a documented retention period.
This qualification will be reviewed at the occasion of the DPIA and may be adjusted in light of forthcoming EDPB guidelines. EgoVista maintains a written internal position note on this analysis, available on request at privacy@egovista.app.
3.5 Status of facial occultation under the GDPR
EgoVista uses the term “visual occultation” rather than “anonymisation”. Under Opinion 05/2014 of the Article 29 Working Party (WP216) and the EDPB Guidelines 01/2025 on pseudonymisation, true anonymisation requires that no individual remain identifiable by any means reasonably likely to be used. Because a video may contain residual identifiers other than the face (voice, gait, clothing, surroundings, identifying objects), the application of a facial blur is a measure of pseudonymisation and data minimisation. The processed video therefore remains personal data within the meaning of Article 4(1) GDPR, and all GDPR obligations continue to apply.
As part of its data protection by design approach, EgoVista is implementing a “pseudonymisation domain” within the meaning of paragraph 134 of EDPB Guidelines 01/2025 on pseudonymisation: source videos (constituting the additional information referred to in Article 4(5) GDPR) are stored separately from the annotated datasets delivered to business customers, with restricted access. This separation, which is in the process of being further reinforced through cryptographic and organisational measures, is at the core of compliance with Article 4(5) GDPR.
4. Purposes and legal bases
The table below summarises, for each processing operation, the purpose, the categories of data, the legal basis under the GDPR, the retention period, and the principal recipients. Buyers receive only the annotated dataset (after visual occultation and quality control) and never receive contributor identity data, IP addresses, or any item linking the footage to a named individual.
| Operation | Data | Legal basis | Retention | Recipient |
|---|---|---|---|---|
| Contributor account | Name, email | Performance of the contributor agreement, Art. 6(1)(b) | Duration of the relationship + 3 years | Supabase (EU) |
| Buyer enquiry handling | Name, business email, organisation, message | Pre-contractual measures, Art. 6(1)(b); legitimate interest in commercial development, Art. 6(1)(f) | 3 years from last contact | Supabase (EU) |
| Video upload and storage | Video file, metadata, IP | Performance of the contributor agreement, Art. 6(1)(b) | See section 6 | Cloudflare R2 (EU region) |
| Visual occultation of faces | Detected face regions, occulted frames | Data minimisation, Art. 5(1)(c) GDPR; legitimate interest in protecting third parties, Art. 6(1)(f) | Performed in real time; intermediate data not retained | Local processing |
| Skeletal keypoint extraction | Body and hand keypoints | Explicit consent of contributor, Art. 6(1)(a) and, by analogy, Art. 9(2)(a) | Lifetime of the dataset version | Local processing |
| Hand-object segmentation | Segmentation masks computed on occulted frames | Legitimate interest in developing annotation services, Art. 6(1)(f); CNIL recommendations on AI development | Lifetime of the dataset version | GPU node, EU region |
| Action labelling | Textual labels computed on occulted frames | Legitimate interest, Art. 6(1)(f); CNIL recommendations on AI development | Lifetime of the dataset version | Google Cloud Vertex AI (europe-west4) |
| Site security and abuse prevention | IP, user-agent, rate-limit counters | Legitimate interest, Art. 6(1)(f) | 13 months (CNIL recommendation) | Upstash (EU), Sentry |
The legitimate interest pursued by EgoVista is the development and operation of a commercial annotation service for egocentric data, which the CNIL has recognised, in its fiches pratiques of 19 June 2025, as a legitimate interest capable of supporting Article 6(1)(f) when accompanied by appropriate safeguards. EgoVista maintains a Legitimate Interest Assessment (LIA) addressing the three-step test (legitimacy, necessity, balancing) in accordance with the CNIL recommendations of June 2025 and the EDPB Opinion 28/2024 of 17 December 2024. The LIA is available on request at privacy@egovista.app. The safeguards applied by EgoVista include: prior visual occultation of faces; exclusion of footage filmed in inherently private contexts (toilets, intimate situations, identifiable medical settings); restricted internal access; data minimisation in datasets published openly; an effective right to object as described in section 7.
5. Transfers outside the European Union
EgoVista is designed around an EU-based inference pipeline. The AI processing of personal data is intended to take place on infrastructure located within the European Economic Area. The following table lists every sub-processor receiving personal data and the safeguard in place. EgoVista may, with a thirty-day prior notice published on this page, modify the list of sub-processors; substantial changes (in particular changes affecting the country of processing) are notified by email to registered users.
| Sub-processor | Country | Data transferred | Safeguard |
|---|---|---|---|
| Cloudflare R2 | European Union (EU jurisdictional region) | Video files, dataset artefacts | EU region selected; Standard Contractual Clauses as fallback |
| Supabase | European Union (Frankfurt region) | Accounts, metadata, contact form messages | EU region selected |
| RunPod, Inc. | Netherlands (Amsterdam region) | Occulted frames for segmentation | EU region selected; Standard Contractual Clauses with operator |
| Google Cloud (Vertex AI) | Netherlands (europe-west4) | Occulted frames for action labelling | EU region selected; Google LLC certified under the EU-U.S. Data Privacy Framework |
| Upstash | Ireland (eu-west-1) | Rate-limit counters, IP fragments | EU region selected |
| Resend | United States | Email addresses for transactional emails | Resend certified under the EU-U.S. Data Privacy Framework (since March 2025); Standard Contractual Clauses in the Data Processing Addendum as fallback |
| Sentry | United States / European Union | Aggregated error reports | EU data residency option used where available; Standard Contractual Clauses |
A copy of the Standard Contractual Clauses applicable to any specific sub-processor can be requested at privacy@egovista.app. Where a transfer takes place to a recipient outside the European Economic Area that is not covered by an adequacy decision, EgoVista takes reasonable supplementary measures consistent with the EDPB Recommendations 01/2020.
6. Retention periods
EgoVista applies the following retention periods, which reflect the CNIL’s general recommendations on the duration of personal data storage.
- Identification data of contributors and buyers: duration of the relationship, plus three years from the last meaningful interaction.
- Connection logs and rate-limit data: up to 13 months.
- Aggregated audience-measurement data, if such a tool is deployed: up to 26 months.
- Video files that are rejected during quality control: deleted within 90 days of the rejection decision.
- Video files that are accepted but not yet integrated into a delivered dataset: deleted within 30 days of a withdrawal request by the contributor.
- Video files that are integrated into a dataset already delivered to a buyer: the underlying raw file is retained on EgoVista’s infrastructure for the period necessary to honour quality and audit obligations toward the buyer, and is then deleted. EgoVista cannot unilaterally retrieve copies of the dataset that have already been integrated into a buyer’s training pipeline; EgoVista’s contracts with buyers require the buyer to give effect to erasure requests notified by EgoVista, but EgoVista cannot guarantee an outcome that depends on the action of a third party.
7. Your rights
Within the scope of the GDPR, contributors, buyers, visitors and third parties captured in footage have the following rights. EgoVista uses reasonable efforts to respond to requests within one month, extendable by two months for complex requests, in accordance with Article 12(3) GDPR.
7.1 Right of access (Article 15)
You may obtain confirmation that EgoVista processes your personal data and receive a copy of that data, together with the information listed in Article 15(1) GDPR.
7.2 Right to rectification (Article 16)
You may request the correction of inaccurate data or the completion of incomplete data.
7.3 Right to erasure (Article 17)
Personal data that EgoVista no longer needs for the purpose for which it was collected is erased. For video files, the following rules apply:
- A video that has not yet been integrated into a delivered dataset can be fully erased within thirty days of a request.
- For a video already integrated into a delivered dataset, EgoVista erases the file from its own systems (production storage, backups, annotation pipeline) within thirty days, and notifies each business customer having received the dataset of the erasure request, so that the customer may give effect to it under its own GDPR compliance procedure (Article 17.3 GDPR exceptions may apply on the customer side, in particular for scientific research). EgoVista cannot guarantee an outcome that depends on the action of a third party, but remains responsible for the effective notification.
- Datasets sold to business customers are commercialised under an irrevocable license for their intellectual property dimension (cf. Contributor Terms of Service section 12). The right to erasure applies to the personal data layer (Articles 17 and 7.3 GDPR) and is independent of the IP license.
- Data retained to comply with a legal obligation (in particular accounting and tax obligations) is kept for the period prescribed by that obligation.
7.4 Right to restriction (Article 18) and right to object (Article 21)
You may ask EgoVista to restrict the processing of your data in the cases listed in Article 18 GDPR, or object to any processing based on legitimate interest. EgoVista will stop the processing unless it demonstrates compelling legitimate grounds that override your interests.
7.5 Right to portability (Article 20)
Data provided directly by you and processed on the basis of consent or of a contract is provided, on request, in a structured, machine-readable format (JSON or CSV).
7.6 Withdrawal of consent
Where processing is based on consent (typically for the production of skeletal keypoint annotations), you may withdraw your consent at any time by writing to privacy@egovista.app. The withdrawal does not affect the lawfulness of processing carried out before the withdrawal.
7.7 Right to lodge a complaint
You have the right to lodge a complaint with the CNIL (3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, www.cnil.fr) or with the data protection authority of the Member State of your habitual residence.
7.8 How to exercise these rights
Write to privacy@egovista.app and indicate which right you wish to exercise. EgoVista may ask for additional information if necessary to verify your identity, and will limit such verification to what is strictly necessary.
8. Protection of third parties incidentally captured
Egocentric footage may capture the image of third parties who are not contributors (passers-by, household members, colleagues). EgoVista takes reasonable measures to protect these third parties, including:
- Visual occultation is applied to detected faces before any frame leaves the EgoVista pipeline for segmentation or labelling, and before any dataset is delivered to a buyer. The visual occultation step uses a face-detection model with high recall settings; no detection model is perfect and EgoVista does not warrant exhaustive detection.
- The contributor agreement (Conditions Générales d’Utilisation des Contributeurs) requires the contributor to obtain consent from any person who is filmed knowingly and at close range, to avoid intentionally filming minors, and to avoid filming inherently private settings.
- Where the technical and practical impossibility of contacting incidentally captured third parties individually triggers the exception of Article 14(5)(b) GDPR (“disproportionate effort”), EgoVista compensates by providing public information at egovista.app/privacy and by offering an effective right to object.
Any person who recognises themselves in footage that has been delivered to a buyer may request the removal of their image by writing to privacy@egovista.app. EgoVista will use reasonable efforts to action the request within thirty days and, if the footage is part of a delivered dataset, notify the buyer of the request as described in section 7.3.
Any third party who recognises themselves in footage being processed by EgoVista may exercise their rights under the GDPR (in particular Article 17 erasure and Article 21 objection) by writing to privacy@egovista.app. EgoVista will action such requests with the same diligence as requests from Contributors, and will notify business customers having received the relevant dataset where applicable, in accordance with section 7.3 of this Policy.
9. Security measures
EgoVista implements the technical and organisational measures listed below, in accordance with Article 32 GDPR. These measures are reviewed and improved continuously. No security measure can guarantee absolute protection against all possible threats; EgoVista applies a state-of-the-art approach proportionate to the risk and to the means available to a company at its current stage.
- Encryption in transit: all traffic uses HTTPS with TLS 1.3 (or higher when supported by the client).
- Encryption at rest (AES-256) of personal data stored in Supabase (Frankfurt region) and Cloudflare R2 (EU region).
- Multi-factor authentication (MFA) is mandatory for all administrative access to production systems.
- Principle of least privilege: production access is restricted to authorised personnel based on strict necessity.
- Row Level Security (RLS) policies are enabled on all Supabase tables.
- Access to video files in Cloudflare R2 is granted exclusively through short-lived signed URLs (default one-hour expiration).
- Server-side validation of uploaded file MIME types.
- Rate limiting on public endpoints, backed by Upstash Redis in the EU region (Ireland).
- Error monitoring via Sentry, configured on the EU instance (sentry.io/eu), with stack traces configured to exclude personal data.
- Daily encrypted backups.
- Annual review of access rights.
- Incident response procedure compatible with the 72-hour notification obligation under Article 33 GDPR.
- Internal security reviews performed at every significant infrastructure change.
In the event of a personal data breach within the meaning of Article 4(12) GDPR, EgoVista will notify the CNIL within seventy-two hours where the breach is likely to result in a risk to the rights and freedoms of natural persons, and will notify affected data subjects where the risk is high, in accordance with Articles 33 and 34 GDPR.
10. Automated decision-making and profiling
EgoVista does not carry out any solely automated decision-making producing legal effects, or similarly significantly affecting the data subjects, within the meaning of Article 22 GDPR. The annotations generated by AI models are computational labels used as training material; they are not used to make any decision concerning a contributor and they are not represented as reference human annotations.
11. EU AI Act
11. EU AI Act. EgoVista’s processing is also relevant under Regulation (EU) 2024/1689 (the “AI Act”). This section describes EgoVista’s position under the AI Act for transparency, even though most AI Act obligations are not addressed to EgoVista directly.
EgoVista qualifies its activity as follows under the AI Act:
- Deployer (Article 3(4) AI Act) of third-party AI models (MediaPipe, Depth Anything, Gemini) used internally in its annotation pipeline.
- Non-provider (Article 3(3) AI Act): EgoVista does not develop or place on the market any AI system. The datasets sold to business customers are training data, not AI systems within the meaning of Article 3(1) AI Act.
- Outside the scope of Annex III: EgoVista does not deploy any high-risk AI system listed in Annex III. In particular, EgoVista does not engage in remote biometric identification, emotion recognition or biometric categorisation in the meaning of Article 50(3).
- Outside the scope of GPAI (Article 51 AI Act): EgoVista does not develop a general-purpose AI model.
Business customers using EgoVista datasets to train, fine-tune, evaluate, test or deploy their own AI systems are responsible for the AI Act qualification of those systems (including high-risk classification under Annex III, where applicable). EgoVista uses reasonable efforts to cooperate with such customers in the implementation of the data-governance obligations of Article 10 AI Act, including the documentation of data origin, representativeness and quality.
The action labels produced by the pipeline are textual metadata used as training material; they are not synthetic content that could falsely appear to be authentic for the purpose of Article 50(2) or Article 50(4). The provider of the underlying generative model is responsible for the machine-readable marking obligations of Article 50(2).
EgoVista applies, at organisational level, the AI-literacy expectation of Article 4 of the AI Act, which has been applicable since 2 February 2025.
12. Cookies
EgoVista uses only strictly necessary cookies, exempt from prior consent under Article 82 of the French Loi Informatique et Libertés and the corresponding CNIL guidelines: a session cookie for authenticated areas and security cookies. The website does not use advertising cookies or third-party trackers for commercial targeting purposes. If an audience-measurement tool is deployed in the future, the cookie banner and this Policy will be updated to disclose the tool and its retention period.
13. Minors
The Platform is reserved for users aged 18 or above. EgoVista does not knowingly process personal data of minors and instructs contributors, through the contributor agreement, not to film minors deliberately and not to upload footage in which minors are clearly identifiable. If EgoVista becomes aware that personal data of a minor has been collected, the account and the footage are deleted without undue delay. Any person who believes that a minor appears in delivered footage can contact privacy@egovista.app and the procedure described in section 8 will apply.
14. Data protection impact assessment
Given that the processing relies on innovative technology (large-scale pipelines combining computer-vision and large multimodal models) and involves data which, although not used for identification, displays characteristics close to biometric data, EgoVista is carrying out a Data Protection Impact Assessment (“DPIA”) under Article 35 GDPR, as part of its data protection by design approach. The DPIA is updated at every significant change in the pipeline. A summary of the DPIA can be requested at privacy@egovista.app, subject to the redaction of confidential technical details.
15. Changes to this Policy
EgoVista may modify this Policy from time to time. Substantial modifications (changes in legal basis, in sub-processors located outside the EEA, or in retention periods) are notified by email to registered users at least thirty days before they take effect. Editorial corrections or updates not affecting the rights of data subjects may be made without prior notice but are reflected in the version number and effective date displayed at the top of this Policy. The version in force is always available at egovista.app/privacy. Previous versions are retained internally and can be supplied on request.
16. Limitation of liability
EgoVista undertakes the obligations set out in this Policy as a controller within the meaning of the GDPR. To the maximum extent permitted by applicable law, and without prejudice to mandatory provisions of the GDPR and of consumer law, EgoVista’s liability is limited to direct damages resulting from a proven breach of its obligations under this Policy. EgoVista cannot be held liable for incidents resulting from the actions of a third party (in particular a buyer or sub-processor) that EgoVista could not reasonably have prevented, nor for incidents resulting from a contributor’s failure to comply with the contributor agreement (in particular the obligation not to film minors deliberately or not to film inherently private settings).
17. Applicable law and jurisdiction
This Policy is governed by French law and by the European Union data protection framework. The competent courts are the courts of Paris, without prejudice to the right of a consumer contributor to bring proceedings before the courts of his or her place of domicile under Article 18 of Regulation (EU) No 1215/2012.