Data protection with alarm systems – What Protexium does differently

Why data protection is crucial with alarm systems

An alarm system is supposed to protect your home – not endanger your privacy. Yet with many security providers, the reality looks different: cameras transmit images to unknown servers, the installer retains permanent remote access, and the customer has no overview of who can see their data. Particularly in an age when cyber attacks on Smart Home systems are increasing and public sensitivity to data protection is growing, a security system must meet the highest standards – not only for intrusion protection, but also for protecting personal data.

In this article, we explain in detail how Protexium implements data protection, which technical and organisational measures are used and why, after installation, you retain sole control over your system.

GDPR and video surveillance – the legal requirements

The General Data Protection Regulation (GDPR) places clear requirements on the operation of video surveillance systems. As operator of a camera – even in a private context – you are responsible for ensuring that the recordings are made in accordance with data protection law. The most important principles at a glance:

• Proportionality: Video surveillance must be in reasonable proportion to the purpose of protection. You may monitor your own property, but not public paths or neighbouring plots.
• Transparency: Visitors must be informed about the video surveillance, for example via notice signs.
• Storage limitation: Recordings should not be stored for longer than necessary. A storage period of 48 to 72 hours is considered appropriate.
• Technical safeguarding: Access to recordings must be protected by suitable measures (encryption, access controls).
• Purpose limitation: The recordings may only be used for the defined purpose (security) and must not be passed on to third parties.

Protexium supports you not only in the technical implementation, but also advises on the legal framework. All our camera systems provide the technical prerequisites to fully comply with the GDPR. Learn more about our camera systems on the Video surveillance page.

Privacy zones – selectively hiding sensitive areas

One of the most powerful data protection features of our camera systems is the privacy zones. They allow you to define areas in every camera image that are permanently blanked out. The blanked-out areas appear as black surfaces – neither in the live view nor in recordings is content from these zones visible.

The polygon drawer in action

Setting up the privacy zones is done conveniently via a graphical polygon drawer in the app. You simply mark the areas that are to be hidden – such as:

• Bedrooms and beds: If a camera in the hallway also captures parts of the bedroom
• Safes and valuables: So that the location is not visible on recordings
• Neighbouring plots: To comply with the GDPR requirement for proportionality
• Public pavements: If the camera angle captures parts of the pavement
• Employee workstations: In commercial contexts to protect employees

The following video demonstrates the configuration of privacy zones via the polygon drawer:

The privacy zones are processed directly on the camera – not on a server. This means that the blanked-out image areas are never transmitted or stored. Even with access to the camera’s hard drive or the cloud recordings, the masked areas cannot be reconstructed.

Ajax PRO App vs. Ajax Security System App

A common misunderstanding concerns the different apps in the Ajax ecosystem. There are two completely separate applications with different access rights:

Ajax PRO App – the installer application

The Ajax PRO App is the professional installation application used by Protexium technicians during the setup and configuration of your system. Via this app, sensors are paired, scenarios are programmed and the system is tailored to your individual requirements. After completion and handover of the system, installer access is fully disconnected.

Ajax Security System App – your personal control

The Ajax Security System App is your private user interface. Via this app, you control your system, view camera images, receive notifications and manage user permissions. Only you and the persons you have authorised have access to this app. The installer has no access via this app.

After installation: no access without your permission

This is perhaps the most important point in this entire article, and we want to phrase it unambiguously:

After installation and handover, the Protexium installer has no access whatsoever to your security system, your cameras or your data – unless you actively grant a temporary, time-limited release.

Should a service case arise – for example sensor calibration, a firmware update or a system expansion – you can grant the technician temporary access via the app. This access is limited to a period of 1 to 8 hours and is automatically revoked once this period expires. At any time, you can see which actions the technician is performing, and you can also terminate the access early.

This concept stands in stark contrast to many competitors, where the installer or the security company retains permanent remote access to the system – frequently without the customer even knowing. At Protexium, the system belongs to the customer – in every respect: hardware, software and data.

AES-256 encryption and OS Malevich

Every communication within a Protexium security system is encrypted with AES-256 – the same standard also used by banks, military organisations and government authorities. This covers:

• The communication between sensors and control panel (Jeweller radio)
• The communication between control panel and cloud
• The communication between cloud and app
• Stored video and image data

Even if an attacker were to intercept radio traffic or compromise the internet connection, they could not decrypt the data. The keys are generated dynamically and changed regularly, which makes brute-force attacks practically impossible.

OS Malevich – the proprietary operating system

The Ajax control panel does not run on Linux, Windows or Android, but on a proprietary real-time operating system called OS Malevich. This operating system was developed specifically for security systems and offers several decisive advantages:

• Virus-immune: Since OS Malevich does not use standard operating system architecture, conventional viruses, trojans and ransomware cannot infect the system.
• Minimal attack surface: The system contains only the absolutely necessary functions – no superfluous services, no open ports, no third-party software.
• Automatic updates: Firmware updates are transmitted encrypted, signed and installed automatically – without affecting operation.
• Tamper protection: Any attempt to modify the firmware is detected and reported.

The German Federal Office for Information Security (BSI) generally recommends using devices with current firmware and automatic update mechanisms. OS Malevich fulfils this recommendation exemplarily. You can find more on our certifications on the page Certifications & standards.

Ajax Cloud – where is your data stored?

The Ajax Cloud serves as a secure mediation layer between your installation and your app. The following data is processed in the cloud:

• System events (alarms, arming/disarming, sensor status)
• Push notifications to your app
• Video recordings in case of alarm (if cloud storage is activated)
• Firmware updates for your devices

All data is stored encrypted with AES-256. The servers are located in the European Union and are therefore fully subject to the GDPR. There is no data transfer to third countries outside the EU. Ajax Systems as manufacturer has no access to your individual system data – the encryption keys are held exclusively by you.

By comparison, many cheap Smart Home cameras and security systems use cloud servers in China or the USA, where completely different data protection standards apply. With some providers, it is not even known where the data is stored. You do not take this risk with a Protexium system.

Comparison: Protexium vs. other providers

The following table shows how Protexium’s data protection approach differs from that of common competitors:

Criterion	Protexium (Ajax)	Typical competitor
Installer remote access after installation	No access – only temporary at customer’s request (1–8 h)	Permanent remote access – frequently without the customer’s knowledge
Privacy zones in cameras	Polygon drawer – arbitrary shapes possible	None or only simple rectangular masks
Encryption	AES-256 end-to-end with dynamic keys	Partly unencrypted or only AES-128
Operating system	OS Malevich (proprietary, virus-immune)	Linux/Android (susceptible to known exploits)
Cloud location	EU (GDPR-compliant)	Often USA, China or unknown
Data transfer to third parties	None	Partly advertising partners or analytics services
Hardware ownership	Full ownership rights with the customer	Often rental or leasing models with tie-in

For a more detailed explanation of our security standards and norms, please visit the page Certifications. Detailed information on photo verification and how it reduces false alarms can be found in our article Photo verification against false alarms.

Conclusion – data protection as a core promise

At Protexium, data protection is not an afterthought, but a fundamental principle built into every layer of the system: from the hardware through the operating system to the cloud infrastructure. The combination of privacy zones, strict installer/user separation, AES-256 encryption, the proprietary OS Malevich and EU-based data storage produces a level of data protection that is unparalleled in the alarm system market.

What is particularly important to us: after installation, the system belongs to you – completely. Neither Protexium nor the manufacturer Ajax has access to your cameras, your sensor data or your recordings. You alone decide who is granted access and when. That is our understanding of security: protection not only from burglars, but also from unauthorised viewing.