NTRY SYSTEM: PRIVACY AND SECURITY POLICY

ARTICLE 1: INFORMATION WE COLLECT

1.1 Account Information

When you register for a NTRY account, we collect information necessary to create and maintain your account. This includes your full legal name (first name and last name), email address, telephone number, organizational affiliation or company name, and the password you create for account access. We also collect information about your role within your organization and your authorization level within the NTRY system. This information is provided directly by you during the registration process and is necessary for account creation, authentication, and communication regarding your service.

1.2 Facility Information

When you create a Product (representing your physical facility), we collect detailed information about that location. This includes the facility name, complete physical address (street, city, country), geographic coordinates (latitude and longitude), facility type (residential complex, office building, school, hospital, etc.), and operational details such as the number of gates, types of barriers, and whether automatic or manual closing is required. We also collect information about your facility's public visibility preference, which determines whether your facility is included in aggregate network statistics.

1.3 Vehicle Information

You provide information about vehicles authorized to access your facility. This includes license plate numbers, vehicle owner names (optional), vehicle descriptions (make, model, color), authorization period (start and end dates if applicable), and any notes or tags you assign to categorize vehicles. This information is entered by you through the NTRY Administration Panel and forms the authorized vehicle whitelist that controls facility access.

1.4 Detection Log Data

The NTRY system automatically generates detection logs whenever a vehicle approaches your facility's gate. Each detection record includes the captured license plate number (or indication of unreadable plate), the Al recognition confidence score (expressed as a percentage), the date and time of detection (timestamp), the detection status (authorized, unauthorized, or unknown), the specific gate where detection occurred, the camera that captured the image, and a reference to the vehicle record if matched to your whitelist. Additionally, if image storage is enabled in your system configuration, we store the actual photograph captured during the detection event. Detection logs are generated automatically by the hardware and transmitted to NTRY's servers during the thirty-minute synchronization cycle described in the Terms of Service.

1.5 Hardware and System Information

We collect technical information about the NTRY hardware installed at your facility. This includes unique device identifiers for each Raspberry Pi processor, camera serial numbers, network configuration details including IP addresses and MAC addresses, system health metrics such as processor temperature and memory usage, network connectivity status and synchronization history, software version information, and error logs generated by the local recognition engine. This technical data is collected automatically and is used exclusively for system maintenance, troubleshooting, and performance optimization.

1.6 Usage and Activity Information

We collect information about how you use the NTRY Administration Panel. This includes login timestamps and IP addresses, which features and pages you access within the dashboard, search queries you perform within your vehicle database, reports you generate and export, configuration changes you make to gates or vehicles, and the frequency and patterns of your system usage. This information helps us understand how the platform is used, identify potential security issues such as unauthorized access attempts, and improve the user interface and feature set.

1.7 Communication Records

When you communicate with NTRY support via email, phone, or through the support ticket system, we retain records of those communications. This includes the content of your messages, attachments you provide, dates and times of communications, and the resolution status of support requests. These records are maintained to provide continuity in support interactions, track recurring issues, and improve our service quality.

ARTICLE 2: HOW WE USE YOUR INFORMATION

2.1 Service Provision and Operation

The primary purpose for which we collect information is to provide and operate the NTRY Service. We use your account information to authenticate you when you log in and to manage your subscription. We use your facility information to configure hardware appropriately for your specific installation environment. We use your vehicle whitelist to make real-time authorization decisions when vehicles approach your gate. We use detection logs to populate your traffic reports and analytics dashboards. We use hardware information to monitor system health and proactively identify maintenance needs. Every piece of information we collect serves a direct operational purpose in delivering the automated license plate recognition service you have purchased.

2.2 System Maintenance and Improvement

We use technical information and usage patterns to maintain and improve the NTRY platform. This includes identifying and fixing software bugs, optimizing Al recognition algorithms to improve accuracy under various conditions, enhancing the user interface based on how Clients interact with the dashboard, planning infrastructure scaling to accommodate growing data volumes, and developing new features that address common user needs. This usage is aggregated and anonymized whenever possible - we analyze patterns across many installations rather than focusing on individual Client behavior.

2.3 Security and Fraud Prevention

We use the information we collect to protect the security of the NTRY platform and prevent fraudulent activity. This includes monitoring login patterns to detect unauthorized access attempts, analyzing system logs to identify potential security vulnerabilities, validating device authenticity using hardware identifiers and cryptographic keys, detecting unusual behavior that might indicate account compromise, and investigating suspected violations of the Terms of Service. These security measures protect both NTRY's infrastructure and your facility's data.

2.4 Communication and Support

We use your contact information to communicate with you about your NTRY Service. This includes sending account verification emails during registration, notifying you of scheduled maintenance visits, alerting you to payment issues or subscription renewals, responding to your support inquiries, informing you of system updates or new features, and sending critical security notifications. We do not use your email address for marketing purposes unless you explicitly opt in to receive promotional communications.

2.5 Legal Compliance and Law Enforcement

As described in the Terms of Service, we may use or disclose your information to comply with legal obligations. This includes responding to lawful requests from law enforcement agencies conducting criminal investigations, complying with court orders or subpoenas, responding to government regulatory inquiries, and fulfilling our obligations under Azerbaijani law. When we receive such requests, we verify their legitimacy and scope before providing any information, and we limit disclosure to only what is legally required.

2.6 Aggregate Statistics and Research

For Clients who enable the "Publicly Visible" option, we use facility metadata to generate aggregate network statistics. These statistics might include the total number of facilities using NTRY, the total number of vehicle detections processed across the network, geographic distribution of installations, and average system uptime percentages. These aggregated statistics never include personally identifiable information, specific vehicle plate numbers, or any data that could identify individual vehicles or facilities. We may also use anonymized, aggregated data for internal research purposes to improve Al algorithms and system performance.

ARTICLE 3: INFORMATION STORAGE AND RETENTION

3.1 Data Storage Location

All NTRY cloud data is stored on secure servers located within or controlled by infrastructure providers with operations in the Republic of Azerbaijan or in secure data centers in jurisdictions with adequate data protection standards. Local detection data is temporarily stored on the MicroSD card within the Raspberry Pi device at your facility before being synchronized to the cloud. The authorized vehicle whitelist is stored in the volatile RAM of the local device as described in the Terms of Service, meaning it exists only while the device is powered and is not persistently stored on local disk.

3.2 Detection Log Retention Period

Vehicle detection logs are retained in NTRY’s cloud systems for a period of twelve (12) months from the date of detection. After this retention period, detection logs are automatically purged from active systems. This twelve-month period balances operational needs - allowing you sufficient time to review historical data, generate annual reports, and investigate past incidents - with privacy principles that discourage indefinite retention of personally identifiable information. You may request earlier deletion of specific detection records through the administration panel, subject to our legal obligations to preserve evidence in ongoing investigations or disputes.

3.3 Account Information Retention

Your account information (name, email, facility details) is retained for as long as your NTRY account remains active. Upon account closure or service termination, we retain basic account information for an additional period of three (3) years to support potential dispute resolution, warranty claims, or legal compliance requirements. After this period, account information is permanently deleted except where longer retention is required by law, such as for tax records or regulatory filings.

3.4 Vehicle Whitelist Retention

The vehicle whitelist associated with your Product is retained as long as your account is active. When you delete a vehicle from your whitelist, that deletion is reflected immediately in the active system, but historical detection logs that reference that vehicle are preserved according to the standard retention period. This ensures historical reports remain accurate even after vehicles are removed from authorization. Upon account closure, your complete vehicle database is retained for thirty (30) days to allow for potential data export requests, then permanently deleted.

3.5 Backup and Disaster Recovery

NTRY maintains encrypted backups of critical data to protect against catastrophic system failures, natural disasters, or cyberattacks. These backups are stored in geographically separate locations from primary systems and are retained for a period of ninety (90) days on a rolling basis. Data within backups follows the same retention policies as active data - once data reaches its retention expiration date in the active system, it is also purged from backups during the next backup cycle. Backup systems are subject to the same security controls as production systems.

ARTICLE 4: INFORMATION SHARING AND DISCLOSURE

4.1 No Commercial Data Sharing

NTRY maintains an absolute prohibition on commercial data sharing. We do not sell vehicle detection data to any third party. We do not license access to our databases for marketing, advertising, analytics, or research purposes. We do not participate in data broker networks. We do not share individual facility data with other NTRY Clients. We do not provide vehicle tracking information to insurance companies, employers, private investigators, or any commercial entity. The only exception to this absolute prohibition is aggregate, anonymized statistics for Clients who explicitly enable public visibility, as described in Section 2.6.

4.2 Law Enforcement and Legal Process

NTRY will disclose information in response to lawful requests from authorized government agencies. When we receive a request from law enforcement agencies in the Republic of Azerbaijan - including the Ministry of Internal Affairs, the State Security Service, the General Prosecutor's Office, or other investigative bodies - we verify the legitimacy of the request and the legal authority underlying it. We require that requests be specific in scope, identifying particular dates, times, locations, or vehicles relevant to a defined investigation. We do not provide blanket access to our databases or allow fishing expeditions through our data. We comply with court orders and subpoenas issued by competent Azerbaijani courts. When legally permitted, we notify affected Clients of such requests, though we acknowledge that some investigations prohibit disclosure during active proceedings.

4.3 Service Providers and Contractors

NTRY may share limited information with carefully selected service providers who assist in operating the platform. This includes cloud infrastructure providers who host our servers and databases, email service providers who deliver system notifications and support communications, payment processors who handle subscription billing, and hardware suppliers who provide components for the Default Kit. These service providers are contractually bound to use information only for the specific purposes for which it is shared, to maintain confidentiality, and to implement appropriate security measures. They are prohibited from using NTRY data for their own purposes or from sharing it with other parties.

4.4 Business Transfers

In the event that NTRY undergoes a business transition such as a merger, acquisition, sale of assets, or bankruptcy proceeding, your information may be transferred to the successor entity. Any such transfer would be subject to the receiving entity agreeing to honor the terms of this Privacy Policy. We would provide notice to affected Clients before information is transferred and becomes subject to a different privacy policy, allowing Clients the opportunity to terminate service before the transfer if they do not consent to the new entity’s policies.

4.5 Public Statistics

For facilities that enable the "Publicly Visible" option, we may publicly display aggregate statistics about that facility’s usage. This is limited to high-level metrics such as "Green Valley Residence: 150,000 vehicles detected since installation." We never publicly disclose specific vehicle plate numbers, individual detection timestamps, or any information that could identify specific vehicles or patterns of movement. Clients maintain complete control over this setting and can disable public visibility at any time through the administration panel.

ARTICLE 5: SECURITY MEASURES AND PROTECTIONS

5.1 Encryption in Transit

All data transmitted between NTRY components is encrypted using industry-standard protocols. Communication between the local Raspberry Pi devices and NTRY’s cloud servers uses HTTPS with TLS 1.3 or higher, ensuring that detection logs, synchronization data, and commands cannot be intercepted or read by third parties monitoring network traffic. Communication between your web browser and the NTRY Administration Panel uses HTTPS with strong cipher suites, protecting your login credentials and the data you view from network eavesdropping. We enforce strict transport security policies that prevent downgrade attacks and ensure encryption is always active.

5.2 Encryption at Rest

Sensitive data stored in NTRY’s databases is encrypted at rest using AES-256 encryption, a military-grade standard that renders data unreadable without the correct decryption keys. This includes your account passwords (which are additionally hashed using PBKDF2), detection log databases, vehicle whitelist information, and any stored images from detection events. Encryption keys are managed through secure key management systems with access tightly controlled and regularly rotated. This protection ensures that even if physical storage media were stolen, the data would remain inaccessible to unauthorized parties.

5.3 Password Security Standards

As described in the Terms of Service, all user passwords are processed through the PBKDF2 (Password-Based Key Derivation Function 2) algorithm with HMACSHA512 hashing and unique random salts. This process involves 100,000 computational iterations, making brute-force attacks computationally infeasible even with powerful modern hardware. We never store passwords in reversible form. We never transmit passwords in plain text. We never display passwords back to users. If you forget your password, we cannot retrieve it - we can only allow you to reset it through a secure verification process. We strongly encourage users to choose strong passwords that include a mix of uppercase and lowercase letters, numbers, and special characters, and to avoid reusing passwords across multiple services.

5.4 Hardware Authentication

Each Raspberry Pi device uses a unique cryptographic key for authentication when communicating with NTRY’s servers. These keys are generated using cryptographically secure random number generation, making them unpredictable and unguessable. The keys are hashed using the same PBKDF2 process as user passwords before being stored in our database. When a device makes a request, it includes its key in a custom HTTP header (X-PI-DEVICE-KEY), and the server verifies this key matches the stored hash for that specific device. This authentication system prevents unauthorized devices from impersonating legitimate installations, prevents attackers from injecting false detection data, and ensures that only NTRY-authorized hardware can access the API endpoints that control gates and report detections.

5.5 Access Controls and Least Privilege

NTRY implements strict role-based access controls throughout the platform. The Super Administrator has complete access to all system functions, necessary for provisioning hardware and managing the global platform. Product Owners (Admins) can only access data for their own facilities - they cannot view other Clients' information, detection logs, or vehicle lists. Within the NTRY organization, staff members have access only to the systems and data necessary for their specific job functions. Database administrators can access technical infrastructure but not view unencrypted client data. Support staff can access accounts to resolve issues but all such access is logged and monitored. This "least privilege" principle ensures that even if individual accounts are compromised, the potential damage is contained.

5.6 Multi-Factor Authentication

NTRY supports multi-factor authentication (MFA) for user accounts, adding an additional layer of security beyond passwords. When MFA is enabled, logging in requires both your password (something you know) and a verification code from your mobile device (something you have). We strongly recommend all Clients enable MFA, particularly for accounts with administrative privileges. MFA significantly reduces the risk of unauthorized access even if your password is compromised through phishing, data breaches at other services, or keylogging malware.

5.7 Network Security and Intrusion Detection

NTRY’s infrastructure is protected by multiple layers of network security. Firewalls restrict incoming connections to only authorized services and protocols. Intrusion detection systems continuously monitor for suspicious activity patterns such as unusual login attempts, unexpected data access patterns, or network traffic anomalies. Automated security scanning tools regularly assess our systems for known vulnerabilities. Security patches and updates are applied promptly when vulnerabilities are identified. Our infrastructure providers implement DDoS (Distributed Denial of Service) protection to ensure the service remains available even during coordinated attacks.

5.8 Physical Security

The servers that host NTRY’s cloud infrastructure are located in professionally managed data centers with multiple layers of physical security. This includes 24/7 security personnel, biometric access controls that restrict entry to authorized personnel only, comprehensive video surveillance systems that record all access to server rooms, environmental controls that maintain optimal temperature and humidity, redundant power supplies with backup generators, and fire suppression systems. These physical protections ensure that unauthorized individuals cannot gain physical access to the hardware that stores your data.

5.9 Employee Training and Background Checks

All NTRY personnel with access to client data undergo security training covering data protection principles, recognizing phishing and social engineering attacks, secure password practices, and the importance of client confidentiality. The Super Administrator and any future employees in security-sensitive roles undergo background checks appropriate to their level of access. All personnel are bound by confidentiality agreements that legally prohibit unauthorized disclosure of client information.

5.10 Security Incident Response

NTRY maintains an incident response plan that defines procedures for detecting, responding to, and recovering from security incidents. In the event of a data breach or security compromise, we will promptly investigate the incident to determine its scope and impact, take immediate action to contain the breach and prevent further unauthorized access, assess what data may have been accessed or compromised, notify affected Clients as required by law and within a reasonable timeframe, cooperate with law enforcement if criminal activity is suspected, and implement corrective measures to prevent similar incidents in the future. We take security incidents extremely seriously and commit to transparency with our Clients when breaches occur.

ARTICLE 6: YOUR PRIVACY RIGHTS AND CHOICES

6.1 Access to Your Information

You have the right to access the personal information NTRY holds about you. Through the NTRY Administration Panel, you can view your account details, facility information, vehicle whitelist, and detection logs. If you need information that is not readily available through the interface - such as detailed logs of your own account access history or technical information about your installation - you may submit a request to NTRY support. We will provide this information in a commonly used electronic format within thirty (30) days of your request.

6.2 Correction and Update Rights

You have the right to correct inaccurate information. You can update your account information, facility details, and vehicle records at any time through the administration panel. Changes take effect immediately in the system and are synchronized to your local hardware during the next sync cycle. If you identify information that you cannot correct yourself through the interface, contact NTRY support for assistance.

6.3 Deletion Rights

You have the right to request deletion of your information, subject to certain limitations. You can delete individual vehicle records from your whitelist at any time. You can request deletion of your entire account by contacting NTRY support, which will initiate the service termination process described in the Terms of Service. However, we may retain certain information even after deletion requests when required for legal compliance, such as maintaining records of completed financial transactions for tax purposes, preserving evidence relevant to ongoing legal disputes, or fulfilling law enforcement preservation requests. When retention is no longer legally required, information is permanently deleted.

6.4 Data Portability

You have the right to receive your data in a portable format. Through the administration panel, you can export your vehicle whitelist and detection logs as CSV (comma-separated values) files that can be imported into spreadsheet applications or other systems. If you need data in different formats for migration to alternative platforms, contact NTRY support to discuss export options.

6.5 Public Visibility Control

You maintain complete control over whether your facility participates in public statistics. You can enable or disable the "Publicly Visible" setting at any time through your Product configuration. When you disable public visibility, your facility’s data is immediately excluded from all aggregate statistics and public reporting. This setting applies only to high-level aggregate data - your detailed detection logs and vehicle information are always private regardless of this setting.

6.6 Marketing Communications

NTRY does not send marketing communications unless you explicitly opt in to receive them. If you do opt in and later wish to stop receiving promotional emails, you can unsubscribe through the link included in every marketing email or by adjusting your communication preferences in the administration panel. Note that even if you opt out of marketing communications, you will still receive essential service-related communications such as security alerts, billing notifications, and scheduled maintenance announcements, as these are necessary for service operation.

6.7 Right to Object and Restrict Processing

If you believe NTRY is processing your information in a manner inconsistent with this Privacy Policy or your expectations, you have the right to object. Contact NTRY support to explain your concern, and we will investigate and respond within thirty (30) days. In some cases, you may request that we restrict certain processing activities while we investigate your objection. However, note that some processing is essential to providing the Service - if you object to core operational uses of data (such as using your vehicle whitelist to control gate access), we may not be able to continue providing service.

ARTICLE 7: SPECIAL CONSIDERATIONS FOR DETECTION SUBJECTS

7.1 Information About Third Parties

The NTRY system inevitably collects information about individuals who are not NTRY Clients - specifically, the owners of vehicles that approach facilities equipped with NTRY. These individuals (referred to as "detection subjects") have limited direct control over NTRY’s collection of their license plate data because the system is operated by the facility they are visiting, not by NTRY directly. However, we recognize these individuals have privacy interests and provide the following information.

7.2 What Information Is Collected

When a vehicle approaches a NTRY-equipped facility, the system captures the vehicle’s license plate number, the date and time of the approach, and potentially a photograph of the vehicle. If the plate matches a vehicle in the facility’s authorized list, the detection is marked as "authorized" and linked to whatever information the facility has recorded about that vehicle (which might include owner name and contact details). If the plate does not match, the detection is marked as "unauthorized" or "unknown."

7.3 Purpose of Collection

This information is collected for the sole purpose of facility access control. The facility operator uses NTRY to determine whether approaching vehicles should be granted entry. This serves legitimate security interests in protecting private property, ensuring only authorized persons access residential complexes or private facilities, and maintaining records of facility access for security purposes.

7.4 Control and Responsibility

The facility operator (the NTRY Client) is the primary controller of how this information is used. If you are a resident of a complex using NTRY, you should direct privacy inquiries to your facility management. They decide whether to add your vehicle to the authorized list, how long to retain that authorization, and what additional information to record about your vehicle. NTRY provides the technical platform, but the facility operator makes the operational decisions about how it is used.

7.5 Rights of Detection Subjects

If you believe your license plate has been captured by a NTRY system and you wish to exercise privacy rights regarding that information, you should first contact the facility where the detection occurred. The facility operator can remove your vehicle from their whitelist, delete detection records associated with your vehicle (subject to their own legal retention requirements), or provide you with information about when your vehicle was detected. If the facility operator is unresponsive or if you have concerns about NTRY’s own handling of the data, you may contact NTRY support. We will work with the facility operator to address your concerns to the extent our relationship allows, though ultimate responsibility for detection data rests with the facility operator.

ARTICLE 8: CHILDREN’S PRIVACY

8.1 Age Restrictions

The NTRY Service is not directed to children and is intended for use only by adults (individuals 18 years of age or older) acting in a business or organizational capacity. We do not knowingly collect personal information from children under 18. If you are under 18, you may not register for a NTRY account or use the Service.

8.2 Accidental Collection

If we become aware that we have inadvertently collected personal information from someone under 18, we will take steps to delete that information as quickly as possible. If you believe a child has provided information to NTRY, please contact us immediately at the email address provided in Article 10.

8.3 Detection of Vehicles with Child Passengers

The NTRY system may incidentally detect vehicles that have children as passengers. However, the system only captures license plate numbers - it does not identify individual passengers, does not use facial recognition, and does not collect information about who is inside vehicles. The detection of a vehicle is not equivalent to collecting personal information about the vehicle’s occupants.

ARTICLE 9: INTERNATIONAL DATA TRANSFERS

9.1 Primary Data Location

NTRY primarily operates within the Republic of Azerbaijan, and data is primarily stored on servers within Azerbaijan or in nearby jurisdictions with adequate data protection standards. However, some components of our infrastructure may involve international data transfers.

9.2 Cloud Service Providers

NTRY utilizes cloud infrastructure providers that may have data centers in multiple countries. When we use such providers, we ensure they implement appropriate security measures and comply with recognized international standards for data protection. Data transfers are conducted using encrypted channels and are subject to contractual protections requiring the providers to maintain confidentiality and security.

9.3 Legal Compliance

International data transfers are conducted in compliance with Azerbaijani laws regarding cross-border data flows. We do not transfer data to jurisdictions that lack adequate legal protections for personal information. If Azerbaijani regulations regarding international data transfers change in the future, we will update our practices accordingly and notify Clients of any material changes.

ARTICLE 10: CHANGES TO THIS PRIVACY POLICY

10.1 Right to Modify

NTRY reserves the right to modify this Privacy Policy at any time to reflect changes in our practices, technologies, legal requirements, or business operations. When we make changes, we will update the "Effective Date" at the top of this document and post the revised Policy on the NTRY website.

10.2 Notification of Changes

For material changes that significantly affect how we collect, use, or share information - such as introducing new categories of data collection or sharing data with new types of third parties - we will provide advance notice to all Clients via email. This notice will be sent to the email address associated with your account at least thirty (30) days before the changes take effect.

10.3 Acceptance of Changes

Your continued use of the NTRY Service after the effective date of a revised Privacy Policy constitutes your acceptance of the changes. If you do not agree with the modified Policy, your sole remedy is to terminate your service in accordance with the Terms of Service before the changes take effect.

10.4 Historical Versions

We maintain archived versions of previous Privacy Policies on our website so that you can review how our practices have evolved over time. If you need to reference a previous version, contact NTRY support for assistance.

ARTICLE 11: CONTACT INFORMATION AND COMPLAINTS

11.1 Privacy Inquiries

If you have questions about this Privacy Policy, our data practices, or your privacy rights, you may contact NTRY through the following methods:

• Email: privacy@ntry.az (example - adjust to your actual email)
• Support Portal: Through the NTRY Administration Panel support ticket system
• Mailing Address: NTRY System, Baku, Republic of Azerbaijan (provide actual address)

We will respond to privacy inquiries within thirty (30) days.

11.2 Data Protection Complaints

If you believe NTRY has violated your privacy rights or mishandled your personal information, you may file a complaint with us directly. We take complaints seriously and will investigate them promptly and thoroughly. You may also have the right to file a complaint with the relevant data protection authority in the Republic of Azerbaijan, though we encourage you to contact us first so we can attempt to resolve your concerns directly.

11.3 Security Incident Reporting

If you discover a security vulnerability in NTRY’s systems or suspect unauthorized access to your account, please report it immediately to security@ntry.az (example - adjust to your actual security contact). We appreciate responsible disclosure and will work with security researchers who report issues in good faith.