Surveillance footage is some of the most sensitive data a business holds. Here is exactly where yours lives, who can see it, and the controls you have over it โ written plainly, for the people who have to sign off on it.
Vigil is aligned with the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs). We are not currently independently certified against ISO 27001, SOC 2 or IRAP. Where we say "aligned", we mean our architecture and defaults are designed to help you meet your obligations โ not that a third party has audited us. We'll tell you the same thing on a call.
Every live stream, recording, thumbnail and exported clip is stored and served from AWS Sydney (ap-southeast-2). Your video does not leave the region for storage or playback. For an Australian business or agency asked "where does this footage physically sit?", the answer is a single, in-country region.
This matters because data residency is one of the first questions procurement, legal and risk teams raise about cloud CCTV โ and many overseas-headquartered platforms route or store footage outside Australia. Vigil's default is in-region, full stop.
The agent on your network streams to Vigil over encrypted connections, and everything you see in the console โ the live wall, recordings and playback โ is served over HTTPS/TLS. Camera credentials you enter are used by the agent on your own network to connect to your cameras; they are not exposed publicly.
Vigil never serves your footage from a public URL. Live streams and recordings are delivered through expiring signed links scoped to your account. A link that leaks is useless once it expires, and there is no "guessable" public path to a camera. Access to the console is authenticated per user.
Recording audio raises real legal questions under Australian state and territory surveillance-device and listening-device laws. So every camera in Vigil starts with audio disabled. Turning it on is a deliberate, per-camera opt-in โ a choice you make knowingly, not a default you have to discover and switch off.
You can export the footage you need and delete recordings, cameras, sites or your whole account whenever you want. There is no proprietary NVR or vendor box holding your recordings hostage, and nothing about the hardware model locks you in. When you leave, your data leaves with you or is erased โ your choice.
Person and vehicle detection runs on the agent (a MobileNet-SSD model) on your own network. Detection is used to decide when an event is worth recording or alerting on โ it gates the noise. Vigil is a security-operations tool, not a people-tracking or facial-identity product, and it isn't built to profile individuals.
Our defaults are chosen to help you meet obligations that commonly apply to CCTV operators, including:
This is provided as plain guidance to help your own assessment; it is not legal advice. If Tranche 2 reforms or your sector's rules impose stricter requirements, tell us โ we'd rather scope that with you up front.
AWS Sydney only. Footage does not leave ap-southeast-2 for storage or playback.
HTTPS/TLS everywhere; recordings via expiring signed links, never a public URL.
Off on every camera until you deliberately opt in, per camera.
Export the clips you need; erase recordings, cameras or your whole account anytime.