![TuMeke-logo-rgb-original-updated.png]](https://info.tumeke.io/hs-fs/hubfs/TuMeke-logo-rgb-original-updated.png?height=30&name=TuMeke-logo-rgb-original-updated.png){kind=logo}
TuMeke's Data Privacy and Security Protocols
At TuMeke, we take the security and confidentiality of your data seriously. Uploaded videos and analysis results in the TuMeke system are treated as confidential and restricted information. Below is an overview of how your data is handled and protected.
Data Ownership and Privacy
- All information flowing through the TuMeke system is owned by the customer. TuMeke owns the tool that collects your data.
- Data ownership and privacy rights are governed by contractual agreements between TuMeke and the customer.
- The customer determines retention periods and has full authority over access, retention, and deletion.
- Data is processed solely for providing ergonomic risk ratings and recommendations and is never used for other purposes.
Data Storage and Access
- Videos are securely stored on a cloud server through AWS (Amazon Web Services).
- Our servers are in Ashburn, Virginia, and in Frankfurt, Germany (for our customers in the EU). You have the freedom to choose where your data lives.
- Access is strictly limited to authorized personnel within a specific client environment and/or group (if applicable).
- These personnel may only access data for the sole purpose of fulfilling a direct customer request.
Security Measures
TuMeke employs multiple layers of security to protect your data:
- Encryption
- All video data and assessment results are encrypted at rest using AES 256-bit encryption.
- Data is also encrypted in transit.
- Each deployment is provisioned with a unique encryption key for added protection.
- All video data and assessment results are encrypted at rest using AES 256-bit encryption.
- Additional Safeguards
- Face blurring in videos and background blurring capabilities
- Multi-factor authentication (MFA) and Two-factor authentication (2FA) for all privileged access.
- Regular access reviews to ensure compliance and limit exposure.
- All access is logged and continuously monitored.
- Personally identifiable information (PII): Our software does not inherently store Personally Identifiable Information (PII) unless users voluntarily enter such information into designated fields. You have the option to create an internal coding system for streamlined employee and task identification.
- Face blurring in videos and background blurring capabilities
GDPR Compliance
- We are GDPR compliant. We comply with EU-specific data handling requirements by maintaining a dedicated server for the EU region.
- Additionally, through the US-EU Privacy Shield framework, we offer the option to activate facial blur as a default requirement. This allows EU companies to use our US server while satisfying their privacy requirements.
FAQs
- Is TuMeke SOC 2 compliant?
- Yes, we are SOC 2 Type II certified
- Do you support Single Sign-On (SSO)?
- Yes, we support SAML 2.0 based single sign on.
- How do you handle the data we collect?
- We delete video data from our servers after it is processed. Additionally, if you delete a video, it is fully deleted from our system.
- How does blurring work?
- TuMeke converts videos into a 3D skeleton model, applies face or background blurring, saves the blurred version to the cloud, and permanently deletes the original from the device.