Privacy & GDPR
TrainAR captures POV video and voice from real engineers doing real customer-facing work.
TrainAR captures POV video and voice from real engineers doing real customer-facing work. This page covers what's stored, how long it's kept, who can see it, and how deletion + customer-data requests work.
What gets stored
For every session:
| Data | Where | Notes |
|---|---|---|
| POV video recording | TrainAR object storage (encrypted at rest) | Used for review, audit, optionally bundle writeback. |
| Engineer voice audio | TrainAR object storage (encrypted at rest) | Stored alongside video. |
| AI voice replies (trainee mode) | TrainAR object storage | Saved as part of recording. |
| Transcript | TrainAR database | Text-only, derived from voice. |
| AI session summary | TrainAR database | Derived from transcript + sampled video. |
| Skill call log | TrainAR database | Which skills were called with what inputs. |
| Camera-capture frames (trainee mode) | Inline in session metadata | Not separately stored. |
| Task context (if linked) | TrainAR database | Title, description, customer/site info if applicable. |
All data is tenant-scoped. No other TrainAR customer can see any of it. TrainAR platform staff have access only for support purposes and only with auditable activity logs.
Encryption
- In transit — TLS 1.2+ everywhere (HTTPS, WebRTC over DTLS/SRTP).
- At rest — AES-256 on object storage; encrypted databases.
- Voice channel — WebRTC media streams between glasses and TrainAR cloud are DTLS/SRTP-encrypted.
What the AI sees and doesn't
The on-glasses AI's data scope:
| Source | When | Stored? |
|---|---|---|
| Glasses camera (single frame, on request) | When engineer says "look at this" | Inline in session metadata only — not separately stored. |
| Knowledge base text + images | When search_knowledge is called |
Knowledge stays in your tenant. |
| Loaded procedure | If a procedure is loaded for the task | Procedure is in your tenant. |
| Manufacturer manual pages (Parts & Spares bundle) | On-demand via pa_show_manual_page |
Catalogue is platform-managed, content stays at Parts Arena. |
| Engineer voice | Real-time | Stored in session recording. |
The AI does not see:
- Continuous live video. The recording is saved, but not continuously streamed to the real-time AI. Frames are only fed on explicit "look at this" requests.
- Anything from your CRM, FSM, or accounting tools — those are handled by integrations (which produce tasks, with explicit field mapping), not by the on-glasses AI directly.
- Other tenants' data.
Retention
Default retention periods (configurable per tenant):
| Data | Default retention |
|---|---|
| Session recordings (video + audio) | 365 days |
| Session transcripts | 365 days |
| Session summaries | 7 years (audit trail) |
| Skill call logs | 90 days |
| Tasks | 7 years |
| Procedures | Indefinite (until you archive/delete) |
| Knowledge documents | Indefinite (until you delete) |
Adjust retention from Settings → Account → Data retention. Shorter retention = lower storage costs; longer retention = more audit trail.
Shortening retention is irreversible for the data already past the new threshold — affected sessions are queued for deletion within 7 days of the setting change. Confirm before shortening.
Deletion
Deleting a single session
- Dashboard → Sessions → [the session] → Actions → Delete.
- Confirm.
- The recording, transcript, summary, and skill log are deleted within 24 hours.
- The session row is preserved with a
Deletedmarker (for audit trail — to show that a session existed at this time, without exposing its content).
Deletion is not reversible. Make sure you've extracted any procedures + writeback you wanted before deleting.
Bulk deletion
From the Sessions list view:
- Select multiple sessions.
- Click Bulk delete.
- Confirm.
Bulk deletion still respects the same 24-hour propagation.
Account-wide deletion
If you cancel your TrainAR subscription:
- Read-only access continues for 90 days for export purposes.
- After 90 days, all session data is deleted unless you've requested preservation.
- Procedures, skills, knowledge, integration configs are deleted at the same time.
Contact support if you need an extended preservation window (e.g. for an ongoing regulatory matter).
Customer-data requests (GDPR / subject access)
If a customer of yours (e.g. a homeowner whose property was the subject of a session) makes a subject access request:
- Dashboard → Sessions — filter sessions by the customer's address, name, or task reference.
- For each session, click Actions → Export for SAR. The export bundles:
- The recording (or a trimmed version with non-customer content removed).
- The transcript.
- The summary.
- Task context.
- Provide the export to the customer.
If the customer requests deletion of their data ("right to erasure"):
- Dashboard → Sessions → [the session] → Actions → Delete for GDPR.
- The session is deleted; an audit record notes that deletion was for a GDPR request.
If you need to delete just a portion of a session (e.g. just the customer's name spoken aloud in audio), use Redact instead of Delete — it beeps over the targeted segment without losing the rest of the session.
Customer awareness
Engineers wearing the glasses should make customers aware they're being recorded. TrainAR doesn't enforce this automatically — it's your responsibility as the data controller. Many of our customers display a notice on the engineer's clipboard ("Your engineer is wearing AR glasses for training purposes...") or include it in their booking confirmation.
We strongly recommend:
- Telling the customer at the door.
- Pausing the session if the customer asks you to.
- Honouring customer requests to delete recordings after the fact (the Delete for GDPR flow).
Data processing
TrainAR uses the following sub-processors:
- OpenAI (Realtime API) — for on-session voice + AI tool-calling. Voice + frame data is in-flight; not retained by OpenAI per the API agreement.
- Google (Gemini 2.5 Pro) — for post-session procedure extraction. Recording + transcript is sent to Gemini for processing; not retained by Google per the API agreement.
- Cloud infrastructure (Supabase / AWS) — for storage and compute. Data resides in EU (eu-west-1).
We sign DPAs with all sub-processors. Your data is never used for model training.
A full, updated sub-processor list is maintained in your tenant's Settings → Account → Sub-processors.
Audit trail
Every meaningful action in your tenant produces an audit log entry:
- Session created / deleted.
- Procedure published / archived.
- User invited / role changed.
- API key created / revoked.
- Bundle subscribed / cancelled.
- Integration connected / disconnected.
Audit logs are available from Settings → Account → Audit log, retained for 7 years.
Compliance posture
TrainAR is built to support compliance with:
- UK GDPR + EU GDPR (data protection regulations).
- ISO 27001 (information security — certification in progress).
- SOC 2 Type II (operational security — audit in progress).
Contact us if you need a formal compliance statement, completed security questionnaire, or signed DPA: legal@trainar.ai.
Where to next
- Reviewing a session — the review surface, including redact + delete.
- Settings & Configuration — retention configuration, sub-processor list, audit log.
- Your tenant — how the tenant boundary works.