Data Tracking vs. Data Requests
What ALPR surveillance systems collect about you — and what California privacy law lets you request back.
80K+
Cameras
49 states
20B
Scans/Month
Flock network
5,000+
Communities
USA-wide
$7.5B
Valuation
Flock Safety
What They Track vs. What You Can Request
✓Legally entitled
⚠Partial
✗No right
Scroll for more
| Data Type | Track | Request | Delete |
|---|---|---|---|
| License plate number | ✓ | ✓ | ✓ |
| Detection date/time/location | ✓ | ✓ | ✓ |
| Vehicle make/model/color | ✓ | ✓ | ✓ |
| Vehicle fingerprint | ✓ | ✓ | ✓ |
| Vehicle images | ✓ | ✓ | ✓ |
| Travel patterns | ✓ | ✓ | ⚠ |
| Predictive analytics | ✓ | ✓ | ⚠ |
| Association analysis | ✓ | ✓ | ⚠ |
| Third-party sharing | ✓ | ✓ | ✗ |
| Federal agency access | ✓ | ✓ | ✗ |
| Search/query logs | ✓ | ✓ | ✓ |
| Hot list matches | ✓ | ✓ | ⚠ |
| Investigation inclusion | ✓ | ⚠ | ✗ |
| "Aggregated" data | ✓ | ⚠ | ✗ |
| AI training data | ✓ | ✗ | ✗ |
Per-User Compliance Cost for Companies
CCPA Right to Know$100
CCPA Right to Delete$50
CCPA Opt-Out$20
Public Records Request$125
DROP Processing$35
ADMT Request$30
Total with overhead~$1,000
Why This Matters
When thousands exercise their rights:
↔️
Flip the script
You ask the questions
✓
Test compliance
Proof, not promises
⚡
Use it or lose it
Rights need exercise
📋
Document violations
Build the record
💰
Cost accountability
$1K+ per person
🔍
Reveal the scope
See what they collect
Watching the watchers — your rights are the only check that works without asking permission.
Part 1: What ALPR Systems Track
Everything modern surveillance cameras capture about your vehicle
Data captured every time your vehicle passes an ALPR camera.
Scroll for more
| Data Point | Description | Retention |
|---|---|---|
| Plate number | Full alphanumeric characters | 30 days default |
| Plate state | State of registration | 30 days |
| Plate type | Standard, temporary, paper, commercial, etc. | 30 days |
| Plate expiration | Registration expiration date visible on plate | 30 days |
| Missing/covered plate flag | AI detection of obscured or missing plates | 30 days |
| Temporary paper plate | AI specifically trained to read paper plates | 30 days |
Scroll for more
| Data Point | Description | Retention |
|---|---|---|
| Make | Manufacturer (Ford, Toyota, etc.) | 30 days |
| Model | Specific model (Camry, F-150, etc.) | 30 days |
| Year | Model year (AI estimation) | 30 days |
| Color | Primary body color | 30 days |
| Secondary color | Two-tone vehicles, mismatched panels | 30 days |
| Body type | Sedan, SUV, truck, van, motorcycle, etc. | 30 days |
| Roof rack | Presence/absence, type | 30 days |
| Bumper stickers | Detected and cataloged (including political) | 30 days |
| Decals | Window decals, body graphics | 30 days |
| Dents/damage | Physical damage patterns | 30 days |
| Scratches | Visible scratches (unique identifier) | 30 days |
| Spare tire | Presence of visible spare tire | 30 days |
| Aftermarket modifications | Lift kits, wheels, exhausts, etc. | 30 days |
| Tinted windows | Level of window tinting | 30 days |
| Commercial markings | Business logos, fleet numbers | 30 days |
Scroll for more
| Data Point | Description | Retention |
|---|---|---|
| GPS coordinates | Precise lat/long of camera location | 30 days |
| Street address | Mapped address of detection | 30 days |
| Date | Date of detection | 30 days |
| Time | Timestamp (often millisecond precision) | 30 days |
| Direction of travel | Which way vehicle was moving | 30 days |
| Speed estimate | Calculated from multi-camera triangulation | 30 days |
| Camera ID | Specific camera that captured image | 30 days |
| Network/jurisdiction | Which agency/HOA owns the camera | 30 days |
Scroll for more
| Data Point | Description | Retention |
|---|---|---|
| High-resolution vehicle photo | Full rear image of vehicle | 30 days |
| License plate close-up | Cropped plate image | 30 days |
| Contextual surroundings | Background, adjacent vehicles | 30 days |
| Vehicle occupants | May capture driver/passengers (varies by angle) | 30 days |
| Pedestrians/bystanders | People near vehicle may be captured | 30 days |
| Video clips | 15-second clips (newer systems) | 30 days |
| Live video feed | Real-time streaming capability (newer systems) | N/A |
Data created by AI analysis of your movement patterns over time.
Scroll for more
| Derived Data | Description | How It's Used |
|---|---|---|
| Historical location history | Every place your plate was detected | "Where has this vehicle been?" queries |
| Frequent locations | Home, work, regular stops inferred | Identifying residence/employment |
| Travel routes | Common paths between locations | Predictive positioning |
| Time-of-day patterns | When you typically travel | Behavioral profiling |
| Day-of-week patterns | Weekday vs weekend behavior | Lifestyle inference |
| Speed patterns | How fast you typically drive | Behavioral signature |
| Duration at locations | How long you stay at places | Activity inference |
| First/last seen | Entry/exit from monitored areas | Movement tracking |
Scroll for more
| Derived Data | Description | How It's Used |
|---|---|---|
| Convoy analysis | Vehicles that travel together | Gang/network identification |
| Co-location patterns | Vehicles seen at same places/times | Association mapping |
| Household vehicles | Multiple vehicles at same residence | Family/household profiling |
| Workplace associations | Vehicles at same employment | Professional network mapping |
| Event attendance | Vehicles at protests, rallies, churches | Political/religious profiling |
Scroll for more
| Derived Data | Description | How It's Used |
|---|---|---|
| Predicted future location | Where vehicle is likely to go next | Interception planning |
| Predicted arrival time | When vehicle will reach destination | Resource deployment |
| Anomaly detection | Unusual patterns flagged | "Suspicious behavior" alerts |
| Pattern deviation alerts | When behavior differs from norm | Trigger investigation |
| Geofence predictions | Likelihood of entering specific areas | Proactive monitoring |
Scroll for more
| Inferred Data | Based On | Privacy Concern |
|---|---|---|
| Likely residence | Most frequent overnight location | Home address exposure |
| Likely workplace | Regular weekday location | Employment identification |
| Medical facility visits | Detections near hospitals, clinics | Health condition inference |
| Religious affiliation | Church/mosque/synagogue visits | Religious profiling |
| Political activity | Protest/rally attendance | Political surveillance |
| Reproductive healthcare | Clinic visits | Abortion-related tracking |
| Immigration status risk | Patterns matching enforcement targets | ICE collaboration |
| Gun ownership likelihood | Gun shop/range visits | Second Amendment profiling |
| Union membership | Union hall visits | Labor organizing surveillance |
| Addiction treatment | Rehab facility visits | Substance abuse inference |
| Mental health treatment | Therapy office visits | Mental health inference |
| Romantic relationships | Frequent visits to other residences | Personal relationship tracking |
| Childcare patterns | School drop-off/pickup | Family structure inference |
Data pulled from external databases and matched to your vehicle in real-time.
Scroll for more
| Database | Data Matched | Alert Generated |
|---|---|---|
| NCIC | Stolen vehicles, wanted persons | Immediate alert to law enforcement |
| NCMEC | Vehicles in AMBER alerts | Immediate alert |
| State DMV databases | Registration status, owner info | Owner identification |
| Local BOLO lists | Be On Lookout vehicles | Agency-specific alerts |
| Stolen plate databases | Mismatched plate/vehicle | Fraud detection |
| Warrant databases | Vehicles linked to active warrants | Arrest alerts |
| Probation/parole lists | Supervised individual vehicles | Compliance monitoring |
| Gang databases | Vehicles linked to gang members | Gang enforcement |
| Custom hot lists | Any plate agencies want tracked | Custom surveillance |
Scroll for more
| Integrated Data Source | What It Adds |
|---|---|
| Computer-Aided Dispatch (CAD) | 911 call history, incident reports |
| Records Management System (RMS) | Arrest records, case files |
| Jail/booking systems | Incarceration history |
| Open-Source Intelligence (OSINT) | Social media, public records |
| Public records | Property records, business filings |
| Social Security data | Identity verification (per Forbes report) |
| Credit histories | Financial profiling (per Forbes report) |
| Drone footage | Aerial surveillance integration |
| Ring doorbell footage | Amazon partnership (Oct 2025) |
| Gunshot detection (Raven) | Audio surveillance correlation |
| Human distress detection | Scream detection (Oct 2025) |
Scroll for more
| Entity Type | Data Shared | Legal Basis |
|---|---|---|
| Other law enforcement (local) | Full ALPR data | Network sharing agreements |
| Other law enforcement (national) | Full ALPR data | Flock national network |
| Federal agencies (ICE, CBP, DEA) | Query access documented | Varies (often violates state law) |
| Fusion centers | Aggregated intelligence | Information sharing agreements |
| Private security | HOA/business camera data | Private network participation |
| Repo companies | Location data sold | Commercial arrangements |
| Insurance companies | Potential data sales | Business relationships |
Scroll for more
| Logged Data | Description | Retention |
|---|---|---|
| Who searched | Officer/user ID | Varies (often years) |
| What was searched | Plate, vehicle description, location | Varies |
| When searched | Date/time of query | Varies |
| Search purpose | Stated reason for query | Varies |
| Results returned | What data was shown | Varies |
| Networks queried | How many agency databases searched | Varies |
Scroll for more
| Data Type | Description |
|---|---|
| Camera health status | Operational status of cameras |
| Image quality metrics | Read accuracy statistics |
| False positive rates | Misidentification statistics |
| Alert response data | How officers responded to alerts |
Official vs. Actual Retention
Scroll for more
| What They Say | What Actually Happens |
|---|---|
| "30-day retention" | Raw images deleted after 30 days |
| N/A | "Aggregated data" retained indefinitely by Flock |
| N/A | Derived patterns/analytics retained indefinitely |
| N/A | Search logs retained for years |
| N/A | Data shared to other agencies has separate retention |
| N/A | Federal agencies may retain indefinitely |
| N/A | Investigation-related data retained until case closes |
The "Aggregated Data" Loophole
Per Flock's contracts, they retain perpetual rights to "aggregated and anonymized data." This includes:
- • Travel patterns across the network
- • Vehicle fingerprint templates
- • Behavioral models
- • Predictive analytics training data
- • Network-wide statistics
This means: Even after "deletion," your movement patterns train their AI models forever.
Scroll for more
| Entity | Access Level | Authorization Required |
|---|---|---|
| Local police (camera owner) | Full access | Login credentials |
| Regional partner agencies | Full access | Network sharing agreement |
| National network participants | Query access | Flock network membership |
| Flock Safety employees | System access | Employment |
| Federal agencies | Query access | Often informal/undocumented |
Scroll for more
| Agency | Purpose | State Law Violated |
|---|---|---|
| ICE | Immigration enforcement | CA, IL, VA state laws |
| CBP | Border enforcement | CA state law |
| Texas officer | Abortion investigation | N/A (TX) |
| Multiple agencies | Protest surveillance | First Amendment concerns |
Your Vehicle's Data Profile Likely Includes:
- 1. Every detection of your plate in network areas
- 2. Your vehicle's unique "fingerprint"
- 3. Your inferred home address
- 4. Your inferred workplace
- 5. Your travel patterns
- 6. Your associations
- 7. Sensitive location visits
- 8. Predictive models of your future movements
- 9. Cross-referenced criminal/civil databases
- 10. Search history (who looked you up)
Detection Frequency (California)
With 10,000+ cameras statewide:
Urban areas70+ scans/day
Suburban areas20-40 scans/day
Commuters100+ scans/week
Annual total5,000-25,000+ records
Part 2: What WhoSeesYou Requests
15-25+ formal privacy requests submitted on your behalf
Targets: Flock Safety, Vigilant Solutions, DRN, Palantir, Neology, Ubicquia, Rekor, Leonardo, Axon (based on your region)
Scroll for more
| Category | Specific Data Requested |
|---|---|
| Specific pieces of personal information | All data associated with your license plate, vehicle, name, address |
| Categories of personal information collected | List of all data types collected about you |
| Categories of sources | Where they obtained data (cameras, third parties, databases) |
| Business/commercial purpose | Why they collected and used the data |
| Categories of third parties disclosed to | Who they shared your data with |
| Categories sold or shared | What data was sold and to whom |
| Retention periods | How long each data type is kept |
Specific ALPR Data Requested:
- • All images capturing your vehicle
- • All license plate detections with date/time/location
- • Vehicle fingerprint data
- • Any derived data (travel patterns, associations)
- • All query/search logs where your plate was searched
- • All hot list matches or alerts triggered
- • All third parties who received your data
- • All federal agency access to your data
Legal Basis: Businesses must provide this within 45 days (Cal. Civ. Code § 1798.130)
Scroll for more
| Deletion Target | Description |
|---|---|
| All images | Every photo capturing your vehicle |
| All detection records | Every plate read with metadata |
| All vehicle fingerprint data | Make, model, color, features profile |
| All derived/inferred data | Travel patterns, associations, predictions |
| All search/query logs | Records of who searched for you |
| All hot list associations | Custom hot list entries |
| Service provider data | Instruct all processors to delete |
| Backup/archive copies | Including disaster recovery systems |
Legal Basis: Deletion required within 45 days unless exemption applies
Scroll for more
| Opt-Out Scope | Description |
|---|---|
| Opt-out of sale | Do not sell your data to any third party |
| Opt-out of sharing | Do not share for cross-context behavioral advertising |
| Opt-out of network sharing | Do not share with other agencies via network |
| Opt-out of federal sharing | Do not share with federal agencies |
| Future collection opt-out | Do not collect new data about you |
Legal Basis: Must be honored within 15 business days
Scroll for more
| Information Category | What We Ask For |
|---|---|
| Logic of ADMT | How their AI makes decisions about you |
| Personal info used | What data feeds their algorithms |
| Outputs generated | What conclusions/predictions made about you |
| Decision impacts | How ADMT outputs affect you |
| Opt-out mechanism | How to opt out of ADMT processing |
| Appeal process | How to challenge ADMT decisions |
Legal Basis: New CCPA regulations (11 CCR §§ 7150, 7200-22)
Targets: Your local law enforcement agency (LAPD, SFPD, city PD, or county sheriff)
Scroll for more
| Document Type | Description |
|---|---|
| ALPR usage policy | Department policy on ALPR use |
| Data retention policy | How long data is kept |
| Data sharing agreements | MOUs with other agencies |
| Vendor contracts | Contracts with Flock/Vigilant/Ubicquia |
| Privacy impact assessment | If conducted |
| Local surveillance ordinance compliance | City/county-specific oversight |
| Audit procedures | How usage is audited |
| Access control policies | Who can access data |
| Training materials | Officer ALPR training |
Scroll for more
| Record Type | Description |
|---|---|
| All detections of your plate | Every time your plate was captured |
| All queries of your plate | Every search run on your plate |
| Query logs | Who searched, when, why |
| Alert history | Any hot list matches |
| Investigation inclusion | Cases where your data was used |
Legal Basis: California Public Records Act (Gov. Code § 6250 et seq.)
Target: All registered data brokers in California (500+)
What DROP Does
Scroll for more
| Action | Description |
|---|---|
| Single deletion request | One request to ALL registered data brokers |
| Continuous deletion | Brokers must delete new data every 45 days |
| Suppression list | You stay on "do not collect" list |
| Broker reporting | Each broker must report compliance status |
Data Brokers Affected
DROP covers all businesses that "knowingly collect and sell to third parties the personal information of a consumer with whom the business does not have a direct relationship."
Relevant to ALPR: Data brokers who may have purchased or received ALPR-derived data, vehicle ownership data, location data, or movement pattern data.
Timeline:
DROP portal live: January 1, 2026
Broker compliance begins: August 1, 2026
Target: California Privacy Protection Agency
When Filed
Complaints filed when:
- • Company fails to respond within 45 days
- • Company denies request without valid exemption
- • Company provides incomplete response
- • Company fails to delete as requested
Complaint Contents
Scroll for more
| Element | Description |
|---|---|
| Company identified | Which company violated CCPA |
| Request type | Know, delete, opt-out, or ADMT |
| Date submitted | When original request was sent |
| Response received | What company responded (if anything) |
| Violation alleged | How company violated CCPA |
| Evidence | Copies of requests and responses |
Enforcement:
CPPA can impose $2,500 per violation, $7,500 per intentional violation
Per-User Request Count
Scroll for more
| Target | Request Types | Count |
|---|---|---|
| Flock Safety | Know, Delete, Opt-Out, ADMT | 4 |
| Ubicquia | Know, Delete, Opt-Out, ADMT | 4 |
| Vigilant Solutions | Know, Delete, Opt-Out, ADMT | 4 |
| Local PD/Sheriff | CPRA policy + personal records | 2 |
| DROP Portal | Statewide data broker deletion | 1 |
| TOTAL PER USER | 9-13 |
From Surveillance Vendors
If companies comply, you should receive:
Scroll for more
| Disclosure | What It Reveals |
|---|---|
| Detection history | Every place/time vehicle was captured |
| Vehicle profile | What "fingerprint" data they have |
| Derived data | Travel patterns, predictions, associations |
| Third-party sharing | Who else has your data |
| Federal access | Whether ICE/CBP accessed data |
| Search logs | Who has looked you up |
| Retention reality | How long data actually kept |
From Law Enforcement
Scroll for more
| Disclosure | What It Reveals |
|---|---|
| Query history | Every search of your plate |
| Investigative use | Cases where data was used |
| Sharing partners | Other agencies with access |
| Policy compliance | Whether following own rules |
Appendix: Legal Citations
Statutory references and case law
- Cal. Civ. Code § 1798.100 - Right to Know
- Cal. Civ. Code § 1798.105 - Right to Delete
- Cal. Civ. Code § 1798.120 - Right to Opt-Out
- Cal. Civ. Code § 1798.130 - Response Requirements
- Cal. Civ. Code § 1798.140 - Definitions
- Cal. Civ. Code § 1798.121 - Sensitive Personal Information
- Cal. Civ. Code § 1798.185 - ADMT Regulations Authority
- 11 CCR § 7001 - Definitions
- 11 CCR § 7024 - Authorized Agent
- 11 CCR § 7063 - Authorized Agent Verification
- 11 CCR §§ 7150-7157 - Risk Assessments
- 11 CCR §§ 7200-7222 - ADMT Requirements (effective 2027)
- Cal. Civ. Code § 1798.99.80 et seq.
- DROP Regulations (effective January 2026)
- Gov. Code § 6250 et seq.
- Gov. Code § 6254 - Exemptions
- Commonwealth v. Bell (Norfolk Cir. Ct. 2024) - ALPR as Fourth Amendment search
- Carpenter v. United States, 138 S. Ct. 2206 (2018) - Location tracking precedent