Privacy Policy

1. Overview

Real Time Entertainment and Management, LLC (“RTEAM,” “we,” “our,” or “us”) operates the RTEAM.ai platform — a real-time crowd analytics service that uses AI-powered computer vision to help event organizers understand audience engagement, demographics, and behavior.

This Privacy Policy explains what personal data and biometric data we collect, how we process and protect it, and your rights regarding that data. By accessing or using RTEAM.ai you agree to this policy.

2. Who This Policy Applies To

This policy covers two categories of individuals:

• Platform Users — event organizers, operators, and team members who access the RTEAM.ai dashboard directly.
• Event Attendees — individuals present at venues where RTEAM.ai cameras are deployed. Attendees do not interact with our platform directly; their data is captured through camera feeds operated by our customers (event organizers).

Event organizers who deploy RTEAM.ai are responsible for providing appropriate notice to their attendees and obtaining any required consents under applicable law. RTEAM acts as a data processor on behalf of event organizers for attendee data.

3. Data We Collect

3.1 Account & Platform User Data

• Name, email address, and password (hashed)
• Team and organization information
• Authentication tokens and session data
• Usage logs, API call records, and platform activity

3.2 Event Attendee Data (Processed on Behalf of Customers)

When cameras are active at an event, our AI pipeline processes video frames and may generate the following data about individuals in frame:

• Biometric identifiers — facial embeddings (mathematical vector representations of facial geometry) used for anonymous crowd counting and re-identification across frames
• Inferred demographics — estimated age range and gender presentation derived from facial analysis
• Inferred emotional state — estimated emotional indicators (e.g., positive, neutral, negative) from facial expressions
• Behavioral data — estimated activity type (e.g., watching, moving, idle) from body pose and motion analysis
• Aggregate analytics — crowd counts, density estimates, dwell time, and engagement scores

Facial embeddings are mathematical representations and are not stored as photographs. Raw video frames are processed in memory and are not retained after analysis.

3.3 Device & Technical Data

• Camera device identifiers and configuration
• Stream metadata (timestamps, frame rates, device health)
• IP addresses and browser/device information for dashboard users

4. How We Use the Data

• Delivering real-time crowd analytics dashboards to event organizers
• Generating aggregate engagement, demographic, and behavioral reports
• Maintaining platform security, stability, and performance
• Authenticating platform users and managing team access
• Improving the accuracy and performance of our AI models using anonymized, aggregate data
• Complying with legal obligations

We do not use attendee data for targeted advertising, sell individual-level attendee data to third parties, or use facial recognition to identify named individuals without explicit customer instruction and attendee consent.

5. Biometric Data

RTEAM.ai processes biometric data as defined under applicable laws including the Florida Digital Bill of Rights (Fla. Stat. § 501.701 et seq., effective July 1, 2024), the California Consumer Privacy Act (CCPA), and the EU General Data Protection Regulation (GDPR). RTEAM is organized and operates under the laws of the State of Florida.

We handle biometric data as follows:

• Purpose limitation — biometric data is used solely for anonymous crowd analytics; it is not used to identify, profile, or track specific named individuals.
• Retention — facial embeddings are retained only as long as needed to generate session-level analytics (typically no longer than the event duration plus 30 days) unless a longer period is contractually required or legally mandated.
• Security — biometric data is encrypted in transit and at rest using industry-standard encryption protocols.
• No sale — we do not sell, lease, trade, or otherwise profit from biometric data.

Event organizers are responsible for providing required biometric data notices and obtaining consents from attendees under applicable state, national, or regional laws before deploying RTEAM.ai cameras at their events.

6. Data Sharing & Third Parties

We may share data with the following categories of third parties:

• Appwrite — our backend-as-a-service provider used for database storage, authentication, and cloud functions.
• LiveKit — our real-time video infrastructure provider used for WebRTC stream transport.
• Google — optional Google Calendar integration for event scheduling (only when a platform user explicitly connects their Google account).
• Legal and regulatory authorities — when required by law, court order, or government request.

All third-party providers are bound by data processing agreements requiring them to maintain appropriate security and confidentiality.

7. Data Retention

• Account data — retained for the duration of the account and up to 90 days after deletion.
• Analytics snapshots — retained for up to 12 months by default; customers may configure shorter retention periods.
• Raw video frames — processed in memory only; not stored.
• Facial embeddings — retained for the event session plus up to 30 days, unless contractually agreed otherwise.

8. Security

We implement administrative, technical, and physical safeguards designed to protect the data we process, including:

• TLS encryption for all data in transit
• Encryption at rest for stored analytics data and biometric embeddings
• Role-based access control within the platform
• Multi-factor authentication support for platform users
• Regular security reviews and dependency updates

No system is perfectly secure. In the event of a data breach affecting your personal data, we will notify affected parties as required by applicable law, including the Florida Information Protection Act (Fla. Stat. § 501.171).

9. Your Rights

Florida residents have the following rights under the Florida Digital Bill of Rights (Fla. Stat. § 501.701 et seq.). Residents of other jurisdictions may have similar rights under applicable law.

• Access — confirm whether we are processing your personal data and request a copy of it.
• Correction — request correction of inaccurate personal data we hold about you.
• Deletion — request deletion of personal data you have provided or that we have collected about you, subject to legal retention obligations.
• Portability — obtain a copy of your data in a portable, machine-readable format where technically feasible.
• Opt-out of sale — opt out of the sale of your personal data to third parties (we do not currently sell personal data).
• Opt-out of targeted advertising — opt out of the processing of your personal data for targeted advertising purposes.
• Opt-out of profiling — opt out of profiling that produces legal or similarly significant effects.
• Withdraw consent — withdraw consent where processing is based on your consent, without affecting the lawfulness of prior processing.

Event attendees seeking to exercise rights regarding data collected at a specific event should contact the event organizer directly, as RTEAM acts as a data processor on their behalf. For requests related to platform user data, contact us at the address below.

10. International Transfers

RTEAM.ai may process data in the United States and other jurisdictions. If you are located in the European Economic Area (EEA), United Kingdom, or other regions with data transfer restrictions, we rely on appropriate safeguards (such as standard contractual clauses) for any cross-border transfers.

11. Children

RTEAM.ai is a business-to-business platform not intended for use by individuals under 18 years of age. We do not knowingly collect personal account data from minors. If you believe a minor has accessed the platform inappropriately, contact us immediately.

Note: event attendees of any age may appear in camera frames at events. Event organizers are responsible for ensuring appropriate consents and notices for minors at their events as required by law.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice on the platform at least 30 days before taking effect. Continued use of the platform after the effective date constitutes acceptance of the updated policy.

13. Contact Us

For privacy-related questions, requests, or concerns: