← ARA Technical Ltd

Privacy Policy — Raven 309

Last updated: 3 July 2026

ARA Technical Ltd (“we”, “us”, “ARA”) operates the Raven 309 mobile application and the CAVE cloud platform that delivers retail theft alerts to authorised store staff. This policy explains what personal data we process, why, how long we keep it, and your rights.

1. Who this applies to

This policy covers store operators and staff who sign in to the Raven 309 app, and individuals whose image may appear in CCTV evidence clips reviewed through the service. The app is intended for professional loss-prevention use on store premises, not for general consumer download by the public.

2. Data we collect and process

  • Operator account data: name, email address, store assignment, role, and authentication tokens.
  • Device data: push notification token (FCM), device platform, and app version for alert delivery.
  • Alert and evidence data: short video clips, timestamps, camera channel, AI verdict metadata, and operator review decisions (theft confirmed, false alarm, etc.).
  • Activity logs: server-side audit records of sign-in, clip views, downloads, reviews, and deletions; the app also keeps a local activity log on the device (not synced to our servers).
  • Technical data: edge device heartbeat, store protection status, and API request logs for security and rate limiting.

We do not sell personal data. We do not use Raven 309 data for advertising profiles.

3. Lawful basis (UK GDPR)

We process data on the basis of legitimate interests in retail loss prevention and security, contract performance with our store customers, and (where applicable) legal obligations. Store customers are responsible for lawful CCTV signage and staff policies on their premises.

4. How evidence clips are used

Clips are generated on the store’s edge system from existing CCTV/NVR feeds when the CAVE engine detects a suspected theft event. Clips are uploaded to ARA’s secure cloud and shown only to authorised staff of that store for review. Screen capture is blocked in the app while evidence is displayed.

5. Retention periods

Default retention (configurable per store contract):

  • Unreviewed alert clips: up to 7 days.
  • Cleared (false alarm) clips: removed within 3 days after review.
  • Confirmed theft clips: kept permanently as your evidence archive on secure cloud storage (not auto-deleted by age).

When an operator deletes a clip in the app, it is removed from their app view. A separate copy may be retained on ARA’s training panel, as described in the in-app Account screen.

6. Permissions used by the app

  • Notifications: to deliver theft alerts to the counter tablet.
  • Biometric unlock (optional): to restrict access to signed-in sessions on shared devices.
  • Media storage (downloads): when an operator exports a clip using secure download.

The Play Store release of Raven 309 does not request camera or microphone access. Optional admin-only vision features may be enabled in separate internal builds only.

7. Data location and security

Data is hosted on secure UK/EU infrastructure operated by our hosting provider. Access tokens are short-lived; refresh tokens are stored in the device secure keystore. Clip URLs are time-limited and cryptographically signed. Transport is encrypted (HTTPS/TLS).

8. Your rights

UK data subjects may request access, correction, or deletion of personal data we control. Store staff should contact their store owner or manager in the first instance; requests may also be sent to us at info@aratechnical.co.uk.

9. Changes

We may update this policy when the app or legal requirements change. The “Last updated” date at the top will reflect the current version.

10. Contact

ARA Technical Ltd
Email: info@aratechnical.co.uk
Website: aratechnical.co.uk