GDPR &
Data Processing
Documentation for data protection officers, procurement leads and legal teams evaluating EchoDefence.
GDPR & Data Processing
Documentation for data protection officers, procurement leads and legal teams.
Processing Overview
EchoDefence processes video and audio signals to extract behavioural indicators. No biometric data is retained beyond the session window. All processing occurs on UK-sovereign infrastructure via Logic Software Ltd, hosted on Microsoft Azure UK Cloud.
Legal Basis
- Article 6(1)(e) — Public task / exercise of official authority (MoD, law enforcement, border force)
- Article 6(1)(f) — Legitimate interests (private sector security and compliance)
- Article 9(2)(g) — Substantial public interest (national security, counter-terrorism)
Sub-Processors
| Sub-Processor | Role | Location | Certifications |
|---|---|---|---|
| Logic Software Ltd | Technical build partner | Cardiff, UK | ISO 9001, Cyber Essentials Plus |
| Microsoft Azure | Cloud infrastructure | UK South / UK West | ISO 27001, SOC 2 |
| Cavefish Ltd | Data controller | Cardiff, Wales | Company no. 15127122 |
Data Retention
- Raw video/audio: not retained beyond the processing session (default)
- Behavioural signal outputs: retained for contract period, deleted on termination
- Aggregated analytical reports: retained per client data schedule
- Right to erasure honoured within 30 days of request
DPIA Support
We provide a completed Data Protection Impact Assessment template and technical annex for deployments requiring DPIA under Article 35 UK GDPR. Available to qualified procurement leads on request.
Security Clearance Compatibility
EchoDefence has been assessed for deployment in SCIF-adjacent environments. Air-gapped deployment options are available for classified environments.
Request Documentation
For DPIA templates, Data Processing Agreements, and security architecture documentation:
Contact Procurement Team