When store cameras
become police infrastructure.

The bridge nobody asked you to vote on

In February 2025, the Bend Police Department launched Connect Bend — a community camera registry powered by Fusus, the public-private surveillance platform Axon acquired in 2024. By March 2026, 618 cameras were registered across the city. 174 of those had been upgraded with FususCORE devices, giving the Bend Police Department conditional access to live and recorded feeds. The platform costs the department approximately $75,000 per year and is the same Axon/Fusus infrastructure used for body cameras and digital evidence storage. (Source: The Bulletin, May 15, 2025 and March 4, 2026.)

In November 2025, the Bend Police Department and the Deschutes County District Attorney's Office added a grant program on top of the registry. Up to ten Bend retailers could receive a FususCORE Device Bundle — the hardware that converts a private camera into an integrated feed — through the Oregon Criminal Justice Commission's Organized Retail Theft Grant Program. Applications were due August 3, 2025; after the one-year grant term, businesses pay $150/year to remain integrated. The headline framed it as a fight against shoplifting. (Source: The Source Weekly; Central Oregon Daily.)

What the announcements have not emphasized is the architecture itself. Connect Bend is not a city program in the conventional sense. The website is bendconnect.org. The footer says "Powered by Axon" and "©2026 Axon Enterprise, Inc." The contact email for unsubscribing or deleting your registry data is connect@fusus.com — a Fusus address, not a Bend city address. Data flows through FūsusCORE devices to AWS GovCloud, where it is stored in FūsusONE, a CJIS-compliant cloud environment. (Source: bendconnect.org Privacy FAQ.)

The contract that governs each retailer's participation is published at bendconnect.org/terms-conditions/ as a Data Share and License Agreement between the camera owner and the City of Bend. Section 5 makes a contractual promise to camera owners: "City will not share access to Owner's camera views with members of the public, or outside of City, without the prior written consent of Owner." Section 6 requires the camera owner to provide Bend "camera make, model, IP address, and camera and/or associated DVR/NVR login information." Section 7 confirms that Bend, not Axon, is the physical custodian of the FūsusCORE hardware on each property.

The contract is between the camera owner and the City. It does not bind Axon. Axon operates the platform that processes, stores, and routes the data. Axon's contractual relationships with other agencies, its retention policies, its use of the data to train artificial intelligence models, and its own audit logs are not addressed by the agreement that the retailer signed. Customers in the parking lot are not party to the agreement at all.

This is the bridge. Retail surveillance and police surveillance are not separate categories when the cameras are wired into the same platform. Whether the store calls it "asset protection" or the city calls it "Organized Retail Theft Grant," the practical effect is the same: a private camera operating in a place of public accommodation becomes part of a public surveillance network, and the platform that operates it is a multi-billion-dollar publicly traded surveillance vendor headquartered in Scottsdale, Arizona.

Bend residents have not voted on this. They are unlikely to have been notified by any retailer that has joined. The list of participating retailers, the policy governing access escalation, the retention period for the footage, the conditions under which it can be shared with federal agencies — none of that is yet in the public record. The Bend Privacy Alliance toolkit and templates published alongside this piece are designed, in part, to surface it.

What the policies actually say

This section sticks to one type of evidence: language pulled from each company's own current, public privacy policy. These are statements the companies have committed to in writing, dated, and posted on their corporate websites between April 2025 and February 2026. They are not allegations.

A privacy policy describes what a company reserves the right to do. It does not prove that any particular store is doing it. That is a separate question, addressed in section 5.

The six retailers, in their own words

How to read this table

The clearest pattern: facial recognition, ALPR, in-store device tracking, and inferences are now standard disclosures in major-retailer privacy policies. The companies are not hiding it. They are simply describing it in the place fewest people read.

What the policies do not tell you is which specific Bend, Oregon stores have any of these systems deployed today. That is the next chapter of work, and it is what Oregon's privacy law was designed to support.

A short history of how Bend got here

Three threads converge in 2025–2026: a city-government experiment with automated license plate readers, a retail-theft grant pipeline, and a national pattern of surveillance vendors quietly accumulating local footholds. The Bend story is the local edition of a story playing out in many small American cities.

The pattern that emerges: Bend has been responsive when residents engage on a specific surveillance vendor or contract. The Flock suspension is the proof. But the retail-camera integration pathway has not been the subject of the same public scrutiny because it operates through a different door — a grant program framed as anti-theft assistance, not surveillance procurement.

Where the data can go
once it leaves the store

Imagine you push a cart through a Bend Albertsons or Fred Meyer or Lowe's. By the time you reach the parking lot, a series of systems may have captured signals about you. Each of those signals can travel through more than one downstream pipeline.

Here is what corporate policies disclose as possible destinations for the data each retailer collects.

An Oregon shopper's data has a long route

To make the data flow concrete, here is a plausible (not hypothetical) sequence based on what each step's company says in writing:

1. You park outside a Bend Lowe's. The parking-lot ALPR camera records your license plate, the make, model, and color of your vehicle, and a timestamp. Retention per Lowe's policy: 90 days, longer if necessary.
2. You walk in. A ceiling camera captures your image. Lowe's U.S. Privacy Statement says that in some states, recorded footage may be analyzed using "image matching and analysis technology" by Asset Protection following an incident.
3. You connect to the free in-store Wi-Fi to look up a product price. Lowe's collects your device usage information.
4. You use the mobile app. Lowe's app collects your "keystroke activity and rhythms, mouse movements, scrolling and clicks."
5. You buy something with a stored credit card linked to your Lowe's account. Inferences about your project, your home, and your buying patterns join your account profile. Lowe's reserves the right to enrich this with public-records data including property size, year built, and number of rooms.
6. That profile is shared, for marketing purposes, with advertising partners. Under Oregon and California law, this is generally a "sale" or "sharing."
7. Separately, the ALPR record may be shared with law enforcement "upon appropriate request and solely in connection with criminal investigations" — per Lowe's own ALPR Privacy Policy. If your Bend Lowe's is one of the retailers connected to Bend Connect through a FususCore bundle, the camera footage itself becomes accessible to Bend Police through the city's platform.

Every one of those steps is described, in writing, in a corporate policy. None of them require malicious intent on the part of the retailer. They are the standard architecture of modern retail surveillance.

A risk map for residents

Not every form of in-store data collection is equally consequential. Privacy advocacy that treats them as equivalent loses credibility quickly. Here is a rough ordering, from least to most consequential for individual rights, based on what current corporate policies disclose and what current civil-liberties literature documents about each practice.

Why the integration is the linchpin

Each individual surveillance practice has known harms. The harms are not new, and most of them have been the subject of state-level legislative attention. What makes the Bend Connect / FususCore arrangement different is structural: it lowers the legal and procedural friction between two systems that used to be separate.

A private retailer's camera is bound by the retailer's own policy. A police camera is bound by Fourth Amendment doctrine and (where applicable) state surveillance laws. When the two are merged, the retailer's permissive rules govern the front end and the police's broad access governs the back end. The privacy gap appears in the middle, where neither rulebook fully applies.

The privacy gap appears in the middle, where neither rulebook fully applies. The structural problem the Bend Privacy Alliance is describing

Oregon law is more powerful
than most people realize

The Oregon Consumer Privacy Act took effect on July 1, 2024. It is enforceable only by the Oregon Attorney General — consumers cannot file private lawsuits under it — but the rights it grants Oregon residents are unusually strong, and most residents have not exercised them.

The Oregon-distinctive right

Oregon law gives you a right that no other US state currently gives. Under ORS 646A.574(1)(a)(B), you can require a company that processes your data to tell you, at the company's option, either (i) the specific third parties to which it has disclosed your personal data, or (ii) the specific third parties to which it has disclosed any personal data. The company has the option of which list to provide. The right itself is not optional.

What this means in practice: if you file an OCPA Right to Know request with a Bend Home Depot, Lowe's, Walmart, Fred Meyer, Safeway, or Albertsons, the company must tell you who it has shared customer data with. Not just the categories. The specific names. This is the lever that turns "advertising partners" from a vague policy phrase into a concrete list you can examine.

The four core OCPA rights

Right to know and access

Confirmation that the company processes your data, the categories it processes, and a copy of the data in a portable format. ORS 646A.574(1)(a).

Right to specific third parties

The Oregon-distinctive right described above. At the controller's option, but not optional in principle. ORS 646A.574(1)(a)(B).

Right to correct and delete

Correction of inaccuracies, and deletion of personal data (including derived data and data obtained from other sources). ORS 646A.574(1)(b) and (c).

Right to opt out

Opt out of the sale of personal data, targeted advertising processing, and profiling that produces legal or similarly significant effects. ORS 646A.574(1)(d). The company must honor Global Privacy Control browser signals.

The 45-day clock

Under ORS 646A.576, the company has 45 days to respond. They can take a 45-day extension if they tell you why within the first 45 days. If they go silent, you can file with the Oregon AG, which has exclusive enforcement authority under ORS 646A.583.

What sensitive data covers

OCPA's definition of sensitive personal data is broader than most other state laws. It includes, in addition to the usual categories (race, ethnicity, religious beliefs, health condition, sex life, citizenship, immigration status, genetic data, biometric data, precise geolocation, child data), status as transgender or non-binary and status as a crime victim. Sensitive data has heightened protections, including opt-in consent requirements.

What it means for retail: the inference category in Albertsons' policy — "psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes" — could, if it includes data that touches sensitive categories, trigger heightened OCPA protections. Whether it does is a question worth pressing through a Right to Know request.

The Portland comparison

The City of Portland prohibits private entities from using face recognition technology in places of public accommodation within city limits (Portland City Code Chapter 34.10). Bend has no equivalent. A Surveillance Technology Accountability Ordinance for Bend would be the local mechanism for closing this gap — not relying on OCPA alone, which provides individual rights but does not ban any specific technology.

What a real surveillance
accountability ordinance
would do

The structural argument of the Bend Privacy Alliance is that retail surveillance and public surveillance become a single accountability problem the moment they are integrated. The Surveillance Technology Accountability Ordinance and Procurement Framework already in front of the Bend City Council and Procurement Committee is one model for what such a rule could look like. The principles below are not the ordinance text; they are the policy logic the ordinance applies to all surveillance technology operated by, contracted by, or funded by the City of Bend — including FususCore integrations and retail-camera partnerships.

These are the same principles that govern responsible municipal surveillance procurement in cities that have already adopted Surveillance Technology Ordinances — Oakland, Seattle, Cambridge, Nashville, San Francisco, and others. Bend has the opportunity to be the first Oregon city outside Portland to apply them comprehensively. The work in front of the Bend City Council and Procurement Committee is the vehicle.

What you can do this week

Most of what this piece describes can be tested by any Bend resident with a thirty-minute time investment and a willingness to wait 45 days. Here are four things that are within reach.

The toolkit and the Evidence Matrix that accompany this piece contain the legal citations, contact channels, escalation procedures, and confidence ratings for every claim made above. Use them. Verify them. Improve them. Send corrections to westmoreland.jonathan@gmail.com.

Sources, and how to verify

Every factual claim in this piece is traceable to a primary source: a corporate privacy policy current as of May 24, 2026, an Oregon statute or DOJ guidance page, a court docket, or local Bend reporting from named outlets. The full source ledger, with version dates, archive recommendations, and confidence ratings, is in section 9 of the companion Action Toolkit document.

Headline citations for the claims in this piece:

• Lowe's: Lowe's U.S. Privacy Statement, effective April 21, 2025 (current corporate privacy notice; uses "image matching and analysis technology" language). An older Lowe's mobile-app help page cited by the ACLU in 2018 used "facial recognition technologies" language; the current language on that page has not been independently confirmed for this piece and is not relied on here.
• Home Depot: The Home Depot Privacy and Security Statement (last revised December 29, 2025), including the explicit Biometric Information / Facial Recognition category and the dedicated ALPR Usage and Privacy Policy. The Home Depot FY2023 Annual Report (SEC Form 10-K) discloses Computer Vision deployment across all U.S. stores; available via the SEC EDGAR system at sec.gov.
• Walmart: Walmart Customer Privacy Notice and the dedicated Walmart Automated License Plate Readers (ALPR) Privacy Notice updated February 16, 2026 (60-day retention).
• Fred Meyer / Kroger: Fred Meyer / Kroger Privacy Policy, including the explicit keystroke/cursor/scroll behavioral analytics disclosure and the 84.51° subsidiary description.
• Albertsons / Safeway: Albertsons Companies Privacy Policy, last updated December 9, 2025 (smart shopping carts with cameras and sensors; AI/ML training; $4.13 per consumer data value), and the separate Albertsons California Automated License Plate Reader Usage and Privacy Policy (60-day default retention, 12-month "high-crime" retention, Director of Corporate Asset Protection custody, inter-retailer sharing).
• Oregon Consumer Privacy Act: ORS 646A.570–589, with the specific-third-parties right at ORS 646A.574(1)(a)(B).
• Oregon DOJ: Oregon Department of Justice Privacy Law overview and FAQs.
• Oregon Public Records Law: ORS 192.311–192.478.
• Portland City Code: Chapter 34.10 — Prohibition on Use of Face Recognition Technologies by Private Entities in Places of Public Accommodation.
• Connect Bend program (Axon-operated): bendconnect.org home; Connect Bend Data Share and License Agreement; Connect Bend Privacy FAQ; Axon Fusus Community Connect and Registry Website Privacy Notice (Axon's corporate privacy notice, last updated February 21, 2025; serves as the privacy notice for the Bend-branded program).
• Reporting: Central Oregon Daily, "Bend retailers offered theft tech from police through grant," November 12, 2025 (FususCore / Bend Connect / ORT grant program); The Source Weekly, "Ten Businesses can Apply to Connect Security Cameras with Bend Police," July 10, 2025; The Bulletin, "Bend Police: More than 500 cameras registered," May 15, 2025; The Bulletin, "Bend Police program now includes hundreds of private security cameras," March 4, 2026.
• Bend Flock suspension reporting: The Source (Bend, Oregon) coverage by Peter Madsen, January through May 2026, on the Flock suspension and Axon transition (see bendsource.com).
• Litigation references (allegations only): Jankowski v. The Home Depot, Inc., No. 1:25-cv-09144 (N.D. Ill., filed Aug 1, 2025, voluntarily dismissed without prejudice Oct 31, 2025) — allegations of BIPA violations re: Computer Vision at self-checkout. The allegations were not adjudicated. Schmierer v. Home Depot U.S.A. (Sacramento Superior Court, April 2026) and the related N.D. Cal. action — pending California ALPR Privacy Act class actions. Allegations only. Milberg BIPA class action against Walmart in Illinois — pending. Allegations only.

If you find an error, send a correction to the Bend Privacy Alliance at westmoreland.jonathan@gmail.com. This piece will be revised. The companion Evidence Matrix and Action Toolkit will be revised alongside it. The goal is a record that can be verified by anyone with the same documents, not an argument that depends on trust.