Acceptable Use Policy

1. Scope

This AUP applies to all use of TinyGuard's platform, application, hardware (Raspberry Pi devices and accessories), and APIs (the "Services") by facilities, their staff, and the families and individuals who interact with the Services through the facility.

2. Permitted use

TinyGuard is built and licensed for legitimate operation of licensed childcare and elder-care facilities. Permitted use includes:

• Operating cameras on premises owned, leased, or otherwise lawfully controlled by your facility, in areas where you have authority to monitor.
• Logging care events (meals, naps, medications, incidents, observations) for the children or residents in your care.
• Capturing attendance and check-in/check-out events for the individuals in your care.
• Communicating with authorized family members through the family portal and notification channels.
• Billing and tuition collection for the children or residents in your care.
• Compliance and reporting workflows required by your state licensing body, Medicaid program, or other regulator.
• EVV (Electronic Visit Verification) for Medicaid-billed personal care services.

3. Prohibited use

3.1 Surveillance, recording, and privacy violations

• You may not use the Services to monitor individuals without their knowledge in violation of applicable wiretapping, surveillance, or privacy laws.
• You may not enable audio recording on cameras without first obtaining the written informed consent required by applicable all-party-consent statutes (California, Connecticut, Delaware, Florida, Illinois, Massachusetts, Maryland, Montana, New Hampshire, Pennsylvania, Washington — and any other jurisdiction that subsequently adopts such a statute).
• You may not use the Services to perform biometric identification of any kind. TinyGuard does not offer biometric features — facial recognition, voice prints, fingerprints, iris scans, and any other biometric processing are contractually forbidden by our Master Service Agreement §3 (the No-Biometrics Covenant). Routing video from the platform into a separate third-party biometric tool is also out of scope under these Terms.
• You may not use the family portal to share live or recorded video with individuals who do not have a lawful right to receive it under your facility's privacy practices and applicable law (including but not limited to court orders restricting contact between a child and a non-custodial parent).
• You may not point cameras at areas covered by a reasonable expectation of privacy that are not within the scope of your facility's lawful monitoring authority (residents' private living quarters at an elder facility without resident consent, restrooms, changing rooms, sleeping rooms beyond what licensing permits).

3.2 Communications and TCPA compliance

• You may use the SMS broadcast features only in compliance with the Telephone Consumer Protection Act (47 USC §227), the federal CAN-SPAM Act, and applicable state mini-TCPA statutes. Your facility is solely responsible for obtaining prior express written consent from message recipients before enrolling them in SMS notifications, and for maintaining records of such consent. TinyGuard provides the opt-in capture surface and audit trail; the facility owns the consent.
• You may not use email broadcasts for purposes outside the scope of your facility's operations (no marketing to non-customers, no third-party promotional content).
• You may not impersonate any individual or facility in communications sent through the Services.

3.3 Data and access

• You may not access, attempt to access, or otherwise interact with data, accounts, or facilities other than your own.
• You may not share account credentials. Each staff member must use their own account.
• You may not export data from the Services for any purpose other than your facility's own operations or the legitimate exercise of an individual's data-portability rights.
• You may not store, transmit, or process content that is unlawful, defamatory, fraudulent, infringing of third-party rights, or that contains malware.
• You may not use the Services to process payment-card data outside the platform's Stripe-integrated flow. TinyGuard does not store full PAN data; you may not introduce any process that does.

3.4 Platform integrity

• You may not attempt to reverse-engineer, decompile, or extract source from TinyGuard's software or hardware beyond what applicable law expressly permits.
• You may not probe, scan, or test the vulnerability of TinyGuard's infrastructure without prior written authorization. Coordinated security disclosure is welcomed at security@tinyguard.co.
• You may not introduce or facilitate the introduction of malicious code, denial-of-service activity, or other content intended to disrupt the Services or other facilities.
• You may not use the Services in any way that consumes resources beyond what your subscription tier authorizes, intentionally circumvents rate limits, or otherwise abuses the platform's shared infrastructure.

3.5 Children's privacy

• You may not collect personal information from a child under the age of 13 directly through TinyGuard. Children's data is entered into the platform by facility staff on behalf of the facility, with the parent's or guardian's consent under COPPA.
• You may not use children's data — names, photos, video, care events, biometric data — for any purpose other than operating your facility. You may not use it for marketing, advertising, training third-party AI models, or any commercial purpose unrelated to caring for the child.

3.6 AI features

• You may not represent AI-generated content (daily reports, observations, incident summaries) as having been written by a clinician, licensed professional, or any individual who did not in fact author or sign off on it.
• You may not rely on AI-generated content as the system of record for legally-required filings without staff review and sign-off. The AI is a drafting aid; the facility owns the document of record.
• You may not attempt to extract, fine-tune on, or otherwise re-use the data sent through TinyGuard's AI features outside the operation of your own facility.

3.7 Resale and sublicensing

• You may not resell, sublicense, or otherwise make the Services available to a third party as a standalone offering. The Services are licensed to your facility for its own operation.
• You may use the Services to operate multiple facilities under common brand or ownership only under TinyGuard's Brand Pricing schedule.

4. Copyright (DMCA)

TinyGuard respects intellectual property rights and complies with the Digital Millennium Copyright Act ("DMCA"). If you believe that material posted through the Services infringes your copyright, send a written notification to our Designated Agent:

DMCA Designated Agent
Gerald Delane Peck
TinyGuard LLC
7428 SW Ashford St, Tigard, OR 97224
dmca@tinyguard.co · (510) 686-3357

What your takedown notice must include

To be effective under 17 U.S.C. § 512(c)(3), your notification must include each of the following:

• A physical or electronic signature of a person authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.
• Identification of the copyrighted work claimed to have been infringed (or a representative list, if multiple works at the same site are covered by a single notification).
• Identification of the material that is claimed to be infringing or to be the subject of infringing activity, with information sufficient to permit us to locate the material — URL or specific in-platform location.
• Your contact information: name, mailing address, telephone number, and email.
• A statement that you have a good-faith belief that use of the material is not authorized by the copyright owner, its agent, or the law.
• A statement, under penalty of perjury, that the information in the notification is accurate, and that you are authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.

How we respond

We respond to valid notifications expeditiously — typically same business day. Steps we take on receipt of a valid §512(c)(3) notice:

• Acknowledge the notification within 24 hours of receipt.
• Disable access to the allegedly-infringing material expeditiously.
• Notify the user who posted the material that it has been removed and that they may submit a counter-notification.
• If a valid counter-notification arrives, restore access not less than 10 and not more than 14 business days after receipt of the counter-notification, unless the original noticing party files an action in court within that window.

Counter-notification

If you believe that material has been removed in error, you may submit a counter-notification per 17 U.S.C. § 512(g)(3) to the same Designated Agent. Your counter-notification must include the elements required by §512(g)(3): your signature, identification of the removed material and its prior location, a statement under penalty of perjury that the removal was a result of mistake or misidentification, and your consent to the jurisdiction of the federal district court for the judicial district in which you reside (or, if outside the United States, any judicial district where TinyGuard may be found).

False notifications

Knowingly material misrepresentations in either a notification or a counter-notification may subject you to liability for damages under 17 U.S.C. § 512(f), including costs and attorney's fees incurred by us, the alleged infringer, or any copyright owner or licensee.

Repeat-infringer policy

It is TinyGuard's policy to terminate, in appropriate circumstances, the account of any subscriber or account holder who is determined to be a repeat infringer of copyrights. We consider an account to be a repeat infringer if it has been the subject of two or more separate DMCA takedown notifications that we determined to be valid and that resulted in material being removed or disabled, where the account holder has not successfully challenged the removals through the counter-notice procedure. We may, in our discretion, accelerate termination in cases of egregious infringement. Account holders who believe their account has been terminated in error may appeal by contacting dmca@tinyguard.co.

5. Compliance with law

You agree to use the Services in compliance with all applicable federal, state, and local laws, including but not limited to:

• HIPAA and HITECH (45 CFR Parts 160 + 164) — your facility's obligations as a Covered Entity, in addition to TinyGuard's obligations as a Business Associate under the executed BAA.
• COPPA (15 USC §6501 et seq.) and applicable state child-privacy statutes.
• FERPA, where applicable to your facility (most childcare and elder-care facilities are not FERPA-covered; check with your counsel).
• State childcare licensing regulations, state elder-care licensing regulations, and Medicaid program requirements applicable to your operations.
• State wiretap and biometric-privacy statutes — see §3.1 above.
• TCPA, CAN-SPAM, and state mini-TCPA statutes — see §3.2 above.
• The Americans with Disabilities Act and applicable state accessibility statutes for your facility's operations.

If TinyGuard receives a lawful request for data from a government authority, we will respond per the Privacy Policy and BAA. If we receive a request that we believe is overbroad or improperly served, we will challenge it before complying to the extent legally permitted.

6. Enforcement

TinyGuard may suspend or terminate access for material violations of this AUP, immediately for violations that pose an ongoing risk (e.g., active malware, ongoing privacy violation, fraud). Less severe violations are subject to a 14-day cure period after written notice.

Termination for AUP violation does not entitle the facility to a refund of fees paid for the unused portion of any subscription period. TinyGuard's standard data-export window (30 days post-termination, per Terms §6) applies.

7. Changes

TinyGuard may update this AUP with 30 days' written notice to the account owner's email. Material changes affecting the scope of permitted or prohibited use will be highlighted in the notice. Continued use after the notice period constitutes acceptance.

8. Contact

Acceptable-use questions: abuse@tinyguard.co
Security disclosures: security@tinyguard.co
General: del@tinyguard.co
Phone: (510) 686-3357
TinyGuard LLC, 7428 SW Ashford St, Tigard, OR 97224