Robotic and egocentric datasets touch real humans, real facilities, and real customer IP. Below is how SignIQ handles consent, redaction, customer-owned data, retention, transfer, provenance, audit logs, and the NDA workflow.
Every operator who appears in our captures (egocentric or third-person) signs an explicit recording-and-training-use consent before any session.
Consent forms specify the categories of downstream use (model training, evaluation, redistribution under SignIQ commercial terms) so there is no ambiguity later.
Customer-supplied operators or environments require their own consent paperwork before we will capture or annotate.
Faces of any incidental humans visible in capture (passersby, third parties) are blurred before delivery. Operator faces in egocentric capture are blurred unless the operator's consent explicitly allows unblurred release.
Screen content (monitors, phones, badges) visible in third-person frames is reviewed and redacted when it contains identifiers or proprietary IP.
Audio is excluded by default. When it is recorded, transcripts are scrubbed for names, addresses, and account numbers before delivery.
When a customer brings episodes (uploads, replay captures, sim runs), data lives in a customer-scoped namespace inside the SignIQ Platform with explicit ACLs.
Annotators and reviewers see only the assignments they need; queues are scoped per project.
Customer data is never used to train SignIQ models, evaluate other customers' projects, or surface in shared examples.
Customers can publish private datasets that are only visible to their workspace.
Optional cross-team sharing requires explicit per-team grants with audit logs.
Public listings on signiq-lab.ai never include private datasets.
Default retention follows the contracted project window plus a 30-day grace period for re-delivery.
On request, raw captures and annotations can be deleted within seven business days; we issue a signed deletion certificate.
Anonymized QA aggregates (counts, drift metrics, format-validator pass rates) may be retained as part of platform telemetry; this is documented in the per-project DPA.
All asset endpoints sit behind authenticated routes (Cloudflare Access for enterprise tiers, Basic Auth + signed URLs for project shares).
Bulk delivery uses signed-URL R2 transfers or sFTP, never plaintext links shared in email.
TLS 1.2+ end-to-end; static checksums (SHA-256) shipped with every bundle.
Every episode carries a provenance record: capture facility, operator pseudonym, robot/embodiment, sensor calibration version, software stack version, annotation pipeline revision, and reviewer ID.
Provenance is part of the bundle metadata; it is downloadable alongside the data and version-controlled.
Every annotation edit, review action, QA gate, and re-collection is logged with operator ID and timestamp.
Customers can request a per-project audit export covering the lifecycle of every episode in their dataset.
Standard mutual NDAs sign in 1–3 business days; we accept counterparty NDAs.
Enterprise procurement (DPA, security questionnaire, vendor risk assessment) is supported — allow ~2 weeks for full intake.
For sensitive evaluations, samples can be shared via the Cloudflare-Access-gated `/share/` route with time-bound credentials.