Privacy Policy

Privacy-First Design

Your videos never leave your device. EZCap is built on a privacy-first architecture where all video processing happens locally in your web browser. We cannot see, access, or store your videos because they are never uploaded to our servers.

1. Introduction

The University of Essex ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we handle data when you use the EZCap motion capture platform ("Platform").

This policy applies to all users of the Platform, including healthcare professionals, researchers, students, and general users.

2. Information We Do NOT Collect

To be absolutely clear, the following data is NOT collected, transmitted, or stored by our Platform:

Videos: No video files are uploaded to our servers
Images: No still images or frames from videos are transmitted to us
Facial Data: We do not capture, process, or store facial recognition data
Biometric Data: No personally identifiable biometric information is collected
Personal Health Information: We do not collect medical records or health data
Names or Contact Information: Unless you voluntarily provide it (e.g., in a contact form)

3. How the Platform Works (Technical Overview)

Understanding how the Platform works helps explain our privacy guarantees:

3.1 Client-Side Processing

All video analysis is performed using JavaScript in your web browser:

When you upload or record a video, it remains on your device
TensorFlow.js (a machine learning library) runs in your browser to analyze motion
Pose estimation models process video frames locally
Joint angles and movement metrics are calculated on your device
Results are displayed directly in your browser

3.2 No Server Communication

The Platform's architecture ensures privacy:

Video data stays in your browser's memory
No video frames are sent to our servers for processing
Analysis results are computed locally and displayed to you
When you close the browser or navigate away, all data is permanently discarded

Technical Verification

You can verify our privacy claims:

Open your browser's Developer Tools (F12) and check the Network tab
You'll see that video files are not transmitted over the network
All processing happens locally using WebAssembly and JavaScript
The Platform's code is client-side and can be inspected

4. Information We May Collect

While we don't collect your videos, we may collect limited, anonymous data to improve the Platform:

Data Type	What We Collect	Purpose	Retention
Usage Analytics	Page views, feature usage, session duration	Improve user experience and features	90 days
Technical Data	Browser type, device type, screen resolution	Optimize compatibility	90 days
Performance Metrics	Analysis speed, error rates	Monitor and improve performance	180 days
Location Data	Country/region (via IP address)	Understand user distribution	30 days

Important: All analytics data is anonymized and aggregated. We cannot link this data back to individual users or reconstruct any video content from it.

5. Cookies and Local Storage

5.1 Essential Cookies

We use minimal cookies for essential functionality:

Preference Storage: Remember your selected assessment type (full body vs. hand/wrist)
Session Management: Maintain your session state during use

5.2 Browser Local Storage

Some features use browser local storage to:

Cache analysis preferences
Store review submissions (if you leave a review)

This data remains on your device and is not transmitted to us.

5.3 No Third-Party Tracking

We do NOT use:

Google Analytics or similar tracking services
Advertising cookies
Social media tracking pixels
Cross-site tracking mechanisms

6. Data Downloads (CSV Exports)

When you download analysis results as CSV files:

The CSV file is generated locally in your browser
The file is saved directly to your device
We do not receive a copy of your exported data
You are responsible for securing any files you download

7. GDPR Compliance (EU Users)

For users in the European Union, we comply with the General Data Protection Regulation (GDPR):

7.1 Legal Basis for Processing

Legitimate Interest: Minimal anonymous analytics for Platform improvement
Consent: Voluntary information you provide (e.g., contact forms, reviews)

7.2 Your Rights Under GDPR

You have the right to:

Access: Request what personal data we hold (if any)
Rectification: Correct inaccurate data
Erasure: Request deletion of your data
Restrict Processing: Limit how we use your data
Data Portability: Receive your data in a portable format
Object: Object to processing of your data
Withdraw Consent: Withdraw previously given consent

Note: Since we don't store your videos, there's no video data to access, correct, or delete. For other data (e.g., contact form submissions), please contact us using the details below.

7.3 Data Protection Officer

For GDPR-related inquiries, contact:

University of Essex Data Protection Officer
Email: dataprotect@essex.ac.uk

8. HIPAA Compliance (US Healthcare Users)

For US healthcare professionals:

The Platform does not store Protected Health Information (PHI)
Since videos are processed locally and not transmitted, HIPAA's transmission security requirements are naturally satisfied
You are responsible for de-identifying any PHI before using the Platform
We are not a Business Associate and do not require a BAA

Healthcare Professional Responsibilities

If you use the Platform in a clinical setting:

Obtain appropriate patient consent before recording
Ensure videos are de-identified (no faces, names, or other identifiers visible)
Follow your institution's policies for video recording and analysis
Secure any downloaded analysis results according to your local regulations

9. Research Use and Ethics

9.1 Researcher Responsibilities

If you use the Platform for research:

Obtain ethical approval from your institution's ethics committee or IRB
Obtain informed consent from all participants
Inform participants that videos are processed locally and not stored by the Platform
You (the researcher) are the data controller for any videos you analyze
Comply with all applicable research ethics regulations

9.2 Informed Consent Requirements

When obtaining consent from participants, inform them that:

Their video will be analyzed using a web-based tool
The video is processed locally and not uploaded to any server
The Platform provider (University of Essex) does not have access to their video
Analysis results may be exported by the researcher
The researcher (not the Platform) is responsible for data storage and security

10. Children's Privacy

The Platform is not directed at children under 16. We do not knowingly collect personal information from children.

If analyzing videos of minors, obtain appropriate parental/guardian consent
Follow your institution's policies for research involving minors
Ensure compliance with applicable child protection laws

11. Security Measures

We implement security measures to protect the Platform:

HTTPS Encryption: All Platform pages are served over encrypted HTTPS
Client-Side Processing: Videos never leave your device, eliminating transmission risks
No Cloud Storage: No video data is stored, reducing breach risk to zero for video content
Regular Updates: We keep all software libraries up to date with security patches
Access Controls: Limited personnel have access to Platform infrastructure

12. Third-Party Services

The Platform uses the following third-party libraries loaded from CDNs:

TensorFlow.js: Machine learning library (loaded from TensorFlow CDN)
Pose Detection Models: Pre-trained models (loaded from TensorFlow model repository)
Plotly.js: Data visualization library (loaded from Plotly CDN)
Font Awesome: Icon library (loaded from Cloudflare CDN)

These libraries are loaded for functionality only. They do not transmit your video data to third parties.

13. International Data Transfers

Since your videos are processed locally on your device:

No video data crosses international borders via our Platform
The Platform's web pages are hosted in the UK
If you download analysis results, you control where those files are stored

14. Data Retention

Our data retention policy:

Videos: Not retained (never stored)
Analysis Results: Not retained (only displayed to you and optionally downloaded)
Anonymous Analytics: Retained for 90-180 days, then deleted
Contact Form Submissions: Retained for 2 years or until resolved
Review Submissions: Retained indefinitely (displayed on the Platform)

15. Your Choices and Controls

You have control over your privacy:

Don't Upload Sensitive Videos: Only analyze videos you're comfortable processing
Disable Cookies: You can disable cookies in your browser settings
Use Private Browsing: Use incognito/private mode for additional privacy
Clear Browser Cache: Clear your browser cache to remove any temporary data
Request Data Deletion: Contact us to delete any non-video data we may have

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. Continued use of the Platform after changes constitutes acceptance of the new policy.

17. Contact Us

Privacy Questions?

If you have questions or concerns about this Privacy Policy or our data practices:

Email: dh25587@essex.ac.uk

Data Protection Officer: dataprotect@essex.ac.uk

Postal Address:
University of Essex
Wivenhoe Park
Colchester, CO4 3SQ
United Kingdom

18. Supervisory Authority

If you are in the EU/UK and believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local supervisory authority:

UK: Information Commissioner's Office (ICO)
Website: https://ico.org.uk

Privacy Commitment

We are committed to protecting your privacy. The Platform is designed from the ground up with privacy as a core principle. Your videos never leave your device, giving you complete control over your data.

If you have any questions or concerns, please don't hesitate to contact us.