Privacy Policy
Effective May 21, 2026 · Advizia LLC
The short version (the only part you have to read)
We process video. We don't store it permanently. Pulse analyzes existing CCTV feeds in real time to count drinks, table turns, server visits, and people. Original continuous footage is never permanently kept on Advizia's servers.
We do not perform facial recognition. Pulse does not analyze face geometry, fingerprints, voiceprints, or any other biometric identifier as defined under Illinois BIPA, Texas CUBI, the Washington Biometric Privacy Act, or similar state laws. Attribution of events to specific employees is derived entirely from operator-provided POS login data — never from facial analysis.
We do not identify your guests. Guests captured on camera are counted as anonymous people. No profiles, no cross-venue tracking, no loyalty matching, no biometric processing.
We are honest about human review. A small team of trained, NDA-bound Advizia auditors reviews short clips to validate accuracy. They may see employees and guests on camera incidentally. They do not export, share, or repurpose anything.
Metadata is auto-purged at 12 months. Operational data (counts, timestamps, alerts) is deleted from production after 12 months. Backups are purged within 90 days after that.
We will never sell your data. Not to advertisers, not to data brokers, not to your competitors, not in a merger. Never.
We will never train AI models on your data for the benefit of other customers. Your venue's data improves your venue. It does not improve someone else's.
1. Who we are
Advizia LLC is an Illinois limited liability company that operates Pulse — software that connects to existing CCTV cameras at bars, restaurants, nightclubs, and other hospitality venues to detect operational events (drinks poured, table turns, server visits, headcount) and forecast operations.
This privacy notice describes how Advizia collects, uses, retains, and shares information when you visit advizia.ai, use Pulse as a customer or staff member of a Pulse-enabled venue, communicate with us, or are present at a Pulse-enabled venue and captured in CCTV feeds Pulse analyzes.
2. What we collect
From operators (our customers). When you sign up as a Pulse customer, we collect: business name and venue locations; first name, last name, email, phone, job title; login credentials (passwords are hashed — we can't read them); billing address and tax identifiers; communications you send us. Payment cards are handled by Stripe — Advizia does not see or store your card number, CVV, or expiration date.
From operators about their employees. To enable per-employee attribution, the operator enrolls each employee in Pulse and provides: name; role/position; schedule (typically synced from POS); and the employee's POS login identifier — the username, employee number, or magstripe ID that the operator's POS uses to credit transactions. This is the single signal Pulse uses to attribute events to specific staff.
Advizia does not collect, derive, or store face templates, face geometry, fingerprints, voiceprints, or any other biometric identifier from any employee.
The operator is the controller of this data; Advizia is the processor. The operator is responsible for obtaining required employee notice and consent before enrolling them. We provide a deployment workbook and signage templates to support this.
From venue cameras (what Pulse processes during operation). As video passes through Pulse's analysis pipeline, we extract: event metadata (pours, drink types, table turns, server-to-table visits, dwell time, headcount, alerts, timestamps); employee attribution derived exclusively from the operator's POS login data — no facial analysis is performed; POS context (transaction times, items, totals); and short clip references pointing to brief video segments used for human auditor review.
Guests are not identified. Pulse does not generate face templates, profiles, biometric records, or loyalty matches for guests — or for anyone. No cross-venue tracking.
From website visitors. Standard server logs (IP, browser, pages viewed, timestamps) and a small number of analytics cookies.
3. How we use the information
To deliver Pulse to the venue that subscribes — counting events, surfacing alerts, attributing events to enrolled employees, forecasting staff and demand, generating reports
To audit and improve accuracy — trained Advizia auditors review short clips against AI-generated events
To bill you and manage your account — Stripe payments, invoices, support
To communicate with you — support responses, account notices, opted-in product updates
To meet legal obligations — respond to lawful requests, prevent fraud, enforce our terms
We do not use Pulse data for advertising, data resale, profile-building of guests, or to train AI models that serve any customer other than the venue that owns the data.
4. How we handle video and footage
Pulse is software-only. It connects to CCTV cameras the venue already owns and operates. Original footage is owned by the venue, not by Advizia. Advizia is granted limited, time-bound access solely for the purpose of running Pulse.
Where analysis happens: Video frames stream from the venue's existing camera system through Advizia's proprietary analysis system, hosted on Amazon Web Services in the United States. As frames are analyzed, the system extracts operational metadata and discards the source frames.
What we permanently keep: Operational metadata (counts, timestamps, event labels, dashboards — no raw frames). Employee roster data (enrolled employee name, role, schedule, and POS login identifier provided by the operator — no biometric data of any kind is retained).
What we briefly retain: Short video clips (typically 5 to 30 seconds) tied to flagged events, retained temporarily so trained Advizia auditors can verify the AI's accuracy and the venue's authorized operators can review specific incidents. Clips are auto-purged on a rolling 30-day window unless the operator pins them.
What we never do with footage: Never permanently store full continuous video. Never share with anyone outside Advizia and the venue (except as required by law). Never use footage for advertising, marketing, public showcases, or external research. Never sell footage.
5. What we will never do
Contractual commitments embedded in this policy and in our customer agreements:
We will never sell your data. Not to advertisers, brokers, insurers, or competitors. No hidden marketing clause.
We will never train AI for other customers using your data without explicit, separate written consent.
We will never store CCTV footage permanently. Audit clips are retained up to 30 days then auto-purged.
We will never perform facial recognition or process biometric identifiers. Pulse does not extract, derive, store, match, or use face geometry, fingerprints, voiceprints, or any other biometric identifier — for guests, employees, or anyone else. This commitment applies regardless of state of operation and is enforceable as a contractual term of this policy.
We will never give law enforcement access to footage or metadata without a valid legal process (subpoena, warrant, court order). We notify the affected operator unless legally prohibited.
We will never use Pulse footage or metadata for product marketing without your written permission. If we want to use a clip in a case study, we ask first.
6. Subprocessors
We use a small number of third-party services to deliver Pulse, each contractually bound to handle data consistent with this policy:
Amazon Web Services (AWS) — Cloud hosting, storage, compute. All Pulse data, encrypted at rest and in transit. United States.
Stripe — Payment processing. Billing name, billing address, card details. We don't see card numbers. United States.
Google Workspace (Gmail) — Operator email correspondence. Email addresses and message contents. United States.
Advizia proprietary auditing system — Internal-only AI accuracy verification by trained NDA-bound human auditors. Short clips, metadata, and employee attribution data. United States.
No additional analytics, advertising, or data-enrichment subprocessors against Pulse customer data. If that changes, we update this list and notify customers in advance.
7. Human auditors — disclosed
Most AI-vision products quietly use humans to validate model output. We disclose ours openly because operators should be able to disclose it to their teams.
Who they are: A small team of US-based trained auditors employed or contracted directly by Advizia LLC. Each signs a confidentiality agreement before any access is granted. All access is logged and scoped to specific events.
What they see: Short clips (5 to 30 seconds) tied to flagged events, including the faces and behavior of employees and guests captured within those clips. They do not browse continuous footage. They see only what's necessary to confirm "was this a pour? was this a table visit? was the right employee credited?"
What they don't do: Build guest dossiers or profiles. Access POS data tied to individual guests. Share, download, screenshot, or remove clips. Communicate findings about specific guests outside the auditing workflow.
You can request a summary of how many audit reviews have occurred against your venue's data in the past 90 days by emailing privacy@advizia.ai.
8. Data retention
Operational metadata: 12 months from event date, then auto-purged
Audit clips: up to 30 days, then auto-purged unless pinned
Employee names, roles, schedules, and POS login identifiers: retained while the operator is an active Pulse customer; deleted within 12 months after cancellation
Operator account information: retained while active and up to 12 months after cancellation, then deleted
Billing records: 7 years (tax and accounting requirement)
Backups: purged data may exist in encrypted backups for up to 90 days before permanent removal
You can request earlier deletion at any time by emailing privacy@advizia.ai. We confirm completion within 30 days, subject to legal retention requirements.
9. Security
We treat hospitality video and operational metadata as sensitive. Our security posture reflects that:
Encryption in transit: TLS 1.2+ for all data moving between your venue, our systems, and your dashboard
Encryption at rest: AES-256 for all stored metadata, clips, and employee roster data
Hosted on AWS: the same infrastructure used by Snapchat, Netflix, and Starbucks. AWS is SOC 2, ISO 27001, and PCI-DSS Level 1 certified.
Principle of least privilege: Advizia personnel access customer data only as needed for their role, with access logged
Auditor isolation: auditors operate inside a proprietary auditing system with no ability to download or export clips
Tenant isolation: each operator's data is logically separated and access-scoped. Never used cross-tenant.
Hashed passwords: operator passwords are stored using industry-standard hashing; we cannot retrieve your plaintext password
Incident response: if we discover a breach affecting your data, we notify you without undue delay (and within 72 hours of confirmation), with information required to assess impact
No system is impenetrable. We make our best effort and we are honest with our customers when something goes wrong.
10. Employee attribution — how it works, and why it isn't biometric
This is the most important section if you operate or work at a Pulse-enabled venue. We are disclosing how this works in detail because state biometric privacy laws have made this question a real one for the hospitality category, and because operators and employees deserve a clear answer.
How Pulse credits events to specific employees: Pulse uses a POS-only attribution model. When an employee is clocked in or logged into a POS station — for example, the well bar at 9:47 PM — the POS itself associates that station and that minute with that employee's identifier. Pulse reads the operator's POS data, observes the operational event in the video (a pour, a void, a comp), and credits the event to whichever employee the POS says was logged into the relevant station at the relevant time. The video frame is used to detect the event (was a drink poured?), not to identify the person performing it.
What Pulse does NOT do. Pulse does not extract, derive, store, or analyze any of the following from any individual:
Face geometry — no face templates, face embeddings, or numerical representation of facial features
Fingerprints, retina scans, iris scans, hand geometry
Voiceprints — Pulse processes video only; audio is not retained or analyzed
Any other "biometric identifier" as defined under Illinois BIPA (740 ILCS 14/10), Texas CUBI (Tex. Bus. & Com. Code § 503.001), the Washington Biometric Privacy Act (RCW 19.375), or any analogous state law
The legal effect: Because Pulse does not collect, capture, purchase, or otherwise obtain biometric identifiers or biometric information, Advizia is not a "covered entity" or "private entity" handling biometric data under Illinois BIPA, Texas CUBI, the Washington Biometric Privacy Act, or comparable state laws. These statutes do not impose collection-notice, written-consent, retention-policy, or destruction-schedule obligations on Pulse with respect to our customers' employees, because no biometric data is being collected in the first place.
What the operator is still responsible for. The above limits Pulse's legal obligations — it does not eliminate the operator's. Operators remain responsible for:
Posting visible CCTV signage at the venue as required by state and local law
Notifying employees that the venue uses CCTV monitoring (per their state's rules — most states allow a handbook acknowledgment; New York and Connecticut require dedicated written notice)
Not placing cameras in areas where employees have a reasonable expectation of privacy (bathrooms, locker rooms)
Disclosing to employees that operational analytics (Pulse) are applied to the venue's CCTV feed
Advizia provides a deployment workbook with model notification language operators can use in employee handbooks and at-venue signage. The legal obligation to actually post those notifications sits with the venue.
Audit-clip review by Advizia auditors. Trained auditors occasionally view short clips of flagged events to verify the AI's accuracy. Auditors may incidentally see faces and behavior of employees and guests within those clips. No template, embedding, or other persistent representation of any face is generated, stored, or matched during audit review. The auditor's role is to confirm what happened, not to identify who appears in the frame.
If our architecture changes. If Advizia ever modifies Pulse to use facial recognition, face matching, or any other biometric processing, we will: (i) update this policy with the new architecture and the legal effect, (ii) notify each affected operator in writing at least 30 days in advance, and (iii) put the appropriate biometric-privacy-law compliance controls in place before any biometric data is processed. Until and unless that happens, the commitments in this section are contractually binding on Advizia.
Employee rights at a Pulse-enabled venue. If you are an employee at a Pulse-enabled venue, you have the right to:
Know that Pulse is in use at your workplace
Know what information Pulse collects about your work activity (operational events credited to you via your POS login — nothing biometric)
Request that your employer remove you from Pulse enrollment (your continued employment may depend on willingness to be enrolled, which is between you and your employer)
Because the operator is the controller, direct requests first to your employer. If your employer routes the request to us, we will support it. Contact privacy@advizia.ai.
11. Your rights
If you are an operator (our customer):
Access the information we hold about you
Correct inaccurate information
Delete your account and request deletion of your operational data
Export your operational metadata in a machine-readable format
Withdraw consent for product communications at any time
If you are a US resident with state-level rights (California, Colorado, Connecticut, Virginia, Utah, Texas, and others): You have the right to know, the right to delete, the right to correct, the right to opt out of "sale" or "sharing" (we don't do either), and the right to non-discrimination. Submit requests to privacy@advizia.ai and we will verify your identity and respond within 45 days.
If you are an employee at a Pulse-enabled venue: See Section 10. Pulse does not collect biometric data about you. You have the right to know that Pulse is in use, to know what work-activity data Pulse holds about you, and to coordinate with your employer on requests for access or deletion.
If you were a guest at a Pulse-enabled venue: The venue, not Advizia, operates the camera system that captured you. Direct requests for footage access, correction, or deletion to the venue.
How to make a request: Email privacy@advizia.ai with subject "Privacy Request" and a description of what you want. We verify your identity before acting.
12. Cookies and the advizia.ai website
The Advizia website uses a small number of cookies:
Strictly necessary — keep you logged in and remember your preferences
Analytics — understand how visitors use the site. Not used for advertising or to identify you personally
No third-party advertising trackers — no Facebook Pixel, no Google Ads tracking
