On-Premise Video Analytics: A Data Privacy and Security Guide
Why privacy is an architecture decision, not a policy
Most video-analytics privacy debates happen at the wrong layer. Teams argue about retention policies and access roles while the deeper question goes unasked: where does the video physically go to be analyzed. If the answer is a third-party cloud, then every privacy policy you write is a promise about a copy of your footage that has already left your control. The cleaner answer is to never let it leave. That is the whole premise of edge-native analytics, and it is why DHI processes video on premise by default.
This guide is written for the IT and Legal reviewers who have to sign off on a safety deployment. The argument is simple: the on-premise architecture makes most of the hard privacy questions disappear before you have to answer them.
Data residency: the footage never leaves the building
With DHI, inference happens on an edge node sitting on the same network as the cameras. Frames are classified locally and discarded from the analytics path; what leaves the node is a small structured event, a timestamp, a camera reference, an incident class, and a confidence value, not the video itself. The raw footage stays in your existing VMS and your existing storage, under your existing retention rules. There is no third-party copy of your video to govern, breach, or subpoena.
What this means for cross-border and sector rules
Because video does not transit to an external service, the deployment sidesteps the cross-border data-transfer questions that dominate cloud video procurement. For regulated sectors and public agencies, that turns a long data-processing-agreement negotiation into a much shorter one: there is no processor holding your footage because the processing happened on your own hardware.
Attack surface: fewer doors, fewer keys
Every system you can reach from the internet is a system someone else can try to reach. A cloud analytics pipeline necessarily exposes an ingestion endpoint, an authenticated API, and a stored corpus of your footage, each of which is a target. An edge deployment that emits only outbound structured events to your own VMS exposes far less. There is no inbound video endpoint to harden and no external store of footage to defend.
Network isolation as a default
DHI is designed to run on an isolated safety VLAN with no requirement for inbound internet access to function. The analytics node does its job whether or not the site has a working uplink, which is both a reliability property and a security property: a node that does not need to phone home is a node with nothing to intercept.
The audit story IT and Legal actually want
A defensible safety system has to be able to answer what was detected, when, on which camera, and how confident the system was. Because every DHI event carries that metadata and lands in your own VMS archive, the audit trail lives in a system your team already controls and already knows how to query. You are not reconstructing an incident from a vendor's logs. You are reading your own.
Minimizing what is retained
On-premise processing also lets you retain less. You can keep the structured event record long-term for compliance while applying your normal, shorter retention window to the raw footage, rather than a cloud vendor holding both for as long as their default policy says. Less data retained is less data at risk.
The bottom line for a reviewer
The fastest way to pass an IT and Legal review is to remove the questions instead of answering them. Keeping footage on premise removes the data-residency question, the third-party-processor question, and most of the breach-exposure question in one architectural decision. That is the case DHI makes for edge-native safety analytics, and it is why the privacy posture and the latency posture come from the same place: the video gets analyzed where it is captured.