How Does Flock Handle License Plate Data Deletion?

One of the most common questions we hear from chiefs, councils, city managers, HOA boards, and residents is some version of this: "How do I know that my Flock data has actually been deleted?"

It's a fair question, and every public safety technology company should be able to answer it with documentation.

The short answer: If your community uses Flock license plate reader (LPR) cameras, the data is automatically and permanently deleted on a rolling schedule: 30 days by default, with the actual window set by the contract and any applicable state or local law. Some jurisdictions run shorter; others, typically driven by state statute or elected officials, run longer. Whatever the configured window is for an agency, deletion isn't a Flock employee. It's an automated process inside Flock’s cloud provider, Amazon Web Services (AWS), and its operating effectiveness is tested annually by independent auditors as part of our SOC 2 Type II audit.

In summary, the retention window is set by your contract and local rules, not by Flock. Once that window passes, the system automatically deletes the data, and external security controls confirm that the system is doing what we say it does.

What Flock LPR Cameras Do and Don't Do

Flock LPR cameras capture point-in-time images of vehicles in public view, then convert those images into searchable, vehicle-centric data: license plate characters, time, location, and objective vehicle characteristics like make, color, body type, and distinguishing features (roof rack, bumper sticker, missing hubcap).

What the system does not do: Flock LPR cameras do not use facial recognition. Flock LPR cameras don’t continuously track a vehicle's movements. Each camera read is a single event on a specific roadway.

In summary, Flock LPR cameras are designed to capture vehicles in plain view.

How to Verify Flock Deletes Your Data

You shouldn't have to take a vendor's word for it. Here's the checklist I'd run if I were on the buyer side of the table:

1. Read the published policy. Our LPR Usage & Security Policy is publicly posted and documents the 30-day default, the ability to increase or decrease it to align with your law or policy, our encryption practices, where data is hosted, and the third-party frameworks we align with.
2. Check your contract. The order form is the authoritative source for what's actually configured for your agency — 30 days, less, or more.
3. Confirm who controls access. Customers do. Customers own 100% of their data, decide who to share with, and can change sharing settings at any time in the platform.
4. Ask how deletion is enforced. It's an automated AWS S3 Lifecycle Policy that runs continuously and irreversibly. No manual step can be skipped or forgotten.
5. Understand the audit trail. AWS CloudTrail captures lifecycle-triggered deletion events with cryptographically verifiable, tamper-resistant timestamps. Those logs are retained by Flock and reviewed by independent auditors during our annual SOC 2 Type II examination, which tests the operating effectiveness of the deletion control. In summation: the records exist, the records are checked, and the people checking them don't work for us.
6. Know the exceptions. A legal hold, a documented investigative need, or a contractual retention requirement can extend retention for specific data. Those are the only carve-outs, and they would be documented in writing.
7. Ask for the third-party reports. SOC 2 Type II, ISO 27001, ISO 27701 (Privacy), ISO 27017 (Cloud Security), ISO 27018 (Public Cloud Privacy), ISO 42001 (AI), and CJIS attestations are available through our security portal at security.flocksafety.com — access requires a quick request and a signed NDA, standard practice for documents of this kind.
   ‍

For the deeper technical walkthrough — lifecycle policies, CloudTrail, KMS encryption, and the AWS Nitro System — read the Proving Data Deletion in AWS white paper we co-authored with the AWS account team.

What Flock Does Not Do With Your Data

Let me be just as direct about what we will not do:

• Flock does not sell customer data.
• Flock does not use facial recognition or biometric identification of people.
• Flock does not enroll any customer in data-sharing relationships automatically — sharing is opt-in, customer-controlled, and can be changed in the platform at any time.
• Flock does not own the data. The customer does.
  ‍

In summary, your data is yours. Not ours, not anyone else's.

How Retention and Deletion Support Public Trust

License plate data helps solve real cases, including missing children, stolen vehicles, hit-and-runs, organized retail crime, and homicide investigations. that demands clear rules about how long it's kept, who can see it, and when it goes away.

A short, predictable retention window protects civil liberties by limiting how long any single image lives in a database, gives investigators a usable window to follow leads, and removes both the temptation and the technical ability to use LPR data for anything beyond active public-safety work.

We picked 30 days as the default because, across thousands of agencies and communities, that window balances investigative usefulness with responsible data minimization. But default doesn't mean fixed — retention periods are set within the law, not Flock’s to impose.

How does Flock protect data with layered cybersecurity?

Deletion is one layer. The broader security posture is what makes that deletion trustworthy.

Flock runs a layered cybersecurity program with in-house security expertise, continuous monitoring, and continuous third-party adversarial testing through Bishop Fox across our hardware, software, and cloud infrastructure. Data is hosted in U.S.-based AWS infrastructure, encrypted at rest with AWS KMS, and protected by AWS's zero-trust Nitro System, designed so that even AWS personnel can't access customer data on the underlying hardware. We hold certifications across ISO 27001, 27701, 27017, 27018, and 42001, and publish a SOC 2 Type II report annually.

Vulnerabilities are a reality of modern hardware and software. The more important question is how a vendor responds when issues arise: whether they have the expertise, processes, and transparency to identify issues quickly, remediate them responsibly, and keep customers informed throughout the process. We publish our security program and coordinated disclosure process so you can judge that for yourself.

What questions should I ask before choosing an LPR vendor? 

If I were on the buyer side, this is the list I'd bring to any LPR vendor evaluation. Most of these are yes/no.

Data, retention, and ownership

• Does any part of the platform use facial recognition or biometric identification of people?
• Who owns the data under the contract — the customer, or the vendor?
• Can the retention window be configured to match my law and policy?
• Does the vendor sell, license, share, or commercialize customer LPR data in any form, ever?
• Does the contract prohibit the vendor from using customer data to train models without explicit, written consent?
  ‍

Deletion and exit

• Is deletion a scheduled, system-enforced process, or a manual one that a person has to remember to run?
• Is the deletion control specifically tested by an independent auditor on a recurring basis (e.g., annual SOC 2 Type II)?
• What happens to my data if I stop being a customer — and how is that confirmed?
  ‍

Access, sharing, and auditability

• Is data sharing opt-in by default, and who at my organization must approve a new data-sharing relationship?
• Can I see exactly who has searched my data, when, and for what stated purpose?
• Is a structured purpose-of-use (e.g., an offense code) required for every search before it runs?
• Is there a written, customer-facing commitment that the vendor will not build or maintain any "backdoor" access for any party?
  ‍

Security and third-party validation

• Is all customer data hosted in a U.S.-based, CJIS-compliant cloud infrastructure?
• Does the vendor undergo continuous third-party adversarial testing, with results shareable under NDA?
• Does the vendor publish a coordinated vulnerability disclosure program?
• What third-party certifications does the vendor hold — SOC 2 Type II, ISO 27001/27701/27017/27018/42001, CJIS? Are the actual reports available?
  ‍

Transparency and community trust

• Is the vendor's full data and usage policy published publicly online today, not on request, not behind a portal, so residents can read it?
• Does the vendor provide a public-facing transparency portal showing where cameras are deployed and what policies govern their use?
  ‍

A vendor that answers those with documentation, contract language, and audit reports rather than marketing language is one you can trust with public-safety data. A vendor that can't answer "no"  in writing to the data-sale, facial-recognition, and backdoor questions probably isn't.

FAQ

How do you know Flock deletes license plate data?

Deletion isn't enforced by a person. It's enforced by an automated AWS S3 lifecycle policy that runs at the configured interval (30 days by default). Lifecycle deletion events are recorded in tamper-resistant AWS CloudTrail logs, and the operating effectiveness of the control is tested annually by independent auditors in our SOC 2 Type II audit. In summation: deletion is automatic, and an audit occurs every year.

How does the deletion actually work?

LPR data is stored in AWS S3. A lifecycle policy automatically expires objects once they pass the retention period configured for your agency. Once an object is permanently deleted, it cannot be recovered — not by the customer, not by Flock, not by AWS. AWS's own documentation is explicit: "Deleting an object can't be undone."

Is the retention period the same for every Flock customer?

No. 30 days is the default, but the actual period varies by customer based on contract and any applicable state or local laws, ordinances, or agency policy. Some communities run shorter; others, typically driven by state statute or elected officials, run longer. The window that applies to is the one written into a customer contract. If ordinary citizens want to know what a local agency has configured, they should ask the chief, sheriff, city manager, or HOA board. 

Does Flock share LPR data with federal agencies by default?

No. Sharing is opt-in and customer-controlled. By default, agencies are not enrolled in any sharing relationship. Any sharing decision — local, regional, or federal — is the customer's call, can be changed in the platform at any time, and is logged.

Let's Talk

If you're evaluating Flock or you're already a customer and your council, board, or community is asking these questions, reach out. Trust is earned by showing the work, and we're happy to show it.