Our Privacy Commitment

When we say EchoDepth Events does not store personal data, we mean this is architecturally enforced — not simply a policy statement. The system is designed so that it is technically impossible for a face, a facial image, biometric data, or any data capable of identifying an individual to be stored, transmitted, or retained beyond the moment of processing.

What Data is Processed

EchoDepth Events processes video frames from camera feeds in order to extract Action Unit values. This processing occurs as follows:

  • Video frame is captured from camera feed
  • Frame is passed to the FACS processing engine on the edge device
  • 44 FACS Action Unit activation values are computed from the frame
  • Emotional state scores (Confidence, Instability, Net Confidence) are derived from AU values
  • The original frame is deleted — immediately and irrecoverably
  • Only the derived numerical scores are transmitted onwards
Key principle:

The numerical scores that leave the edge device contain no information from which a face can be reconstructed, and no information that can identify the individual who generated the scores. They are functionally equivalent to aggregate audience sentiment data.

GDPR Article 25 — Privacy by Design

Article 25 of GDPR requires that data controllers implement technical and organisational measures designed to implement data-protection principles (such as data minimisation) effectively and to integrate the necessary safeguards into the processing.

EchoDepth Events satisfies Article 25 through:

  • Data minimisation by architecture: Only the minimum data necessary (derived emotional scores) is ever retained. Facial data is never retained.
  • Purpose limitation by design: The system cannot be configured to store facial data — there is no storage pathway for it.
  • Storage limitation enforcement: Derived scores are retained for the contractually agreed analytics window only, with automatic deletion thereafter.
  • Accuracy and non-identification: Outputs are aggregate statistical values — there is no individual-level data store to be inaccurate.

Is This Biometric Processing Under GDPR?

GDPR Article 4(14) defines biometric data as "personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person, which allow or confirm the unique identification of that natural person."

EchoDepth Events' outputs do not meet this definition because:

  • The derived scores (Confidence, Instability, Net Confidence) do not allow identification of an individual
  • The scores cannot be used to confirm the unique identity of any natural person
  • No biometric template, facial geometry, or uniquely identifying data is created at any stage
  • Multiple different individuals producing identical emotional responses would generate identical scores
Legal basis conclusion:

In the opinion of our data protection advisors, EchoDepth Events' processing of video to produce anonymous aggregate emotional scores does not constitute biometric data processing under GDPR Article 9. This position should be confirmed by your own DPA/legal team for your specific deployment context.

Do Visitors Need to Consent?

In most deployment contexts, individual consent is not required because:

  • No personal data is collected from visitors
  • The processing is functionally analogous to other forms of anonymous audience analytics (e.g. people counters, heat mapping)
  • No individual-level data is created, stored or accessible

We recommend that exhibitors and venue operators:

  • Display standard CCTV/video analytics signage informing visitors that analytics cameras are in use
  • Include a brief note in event materials that emotion analytics is used for engagement optimisation
  • Conduct a DPIA (Data Protection Impact Assessment) for their specific deployment — we provide a DPIA template

EU AI Act Considerations

The EU AI Act classifies certain AI systems that work with biometric data as high-risk. EchoDepth Events does not fall within the high-risk classification because:

  • It does not perform biometric identification or verification
  • It does not classify individuals by protected characteristics
  • It produces only aggregate anonymous analytics outputs
  • It is not used in law enforcement, border control, or critical infrastructure contexts

We continue to monitor evolving guidance on AI Act classification and will update our compliance documentation accordingly.

Data Retention

Derived emotional signal scores are retained as follows:

  • Live dashboard data: Available in real time during the event
  • Post-event analytics: Retained for 90 days following event close, to support post-event reporting
  • Aggregated benchmarks: Anonymised, non-event-specific aggregate benchmarks may be retained indefinitely for platform improvement purposes
  • Video footage: Never retained at any point
Full Data Retention Policy →

Your Rights

Because EchoDepth Events does not process personal data about individual visitors, standard GDPR data subject rights (access, erasure, portability) do not apply to visitor data — there is simply no individual data to access, erase, or port.

If you are a customer (business user) of EchoDepth Events, you retain rights over any business data processed in the course of your contract. Contact us at events@cavefish.co.uk with any data rights requests.

Contact Our Data Protection Team

For privacy enquiries, DPIA templates, Data Processing Agreements, or any compliance questions, contact: events@cavefish.co.uk