Legal · Childcare

Data Processing Agreement

TinyGuard's childcare Data Processing Agreement (document code TG-DPA-001) is the contract that allocates data-protection responsibilities between your Center and TinyGuard. Elder care facilities operate under the Business Associate Agreement (TG-BAA-E-001) instead — different regulatory regime, different document.

What the DPA does

The DPA does three things at once: (a) names the Center as the data controller and TinyGuard as the data processor for personal data the platform handles on the Center's behalf; (b) sets the operational obligations on each side (consent collection vs. infrastructure delivery, breach notification timelines, sub-processor handling); and (c) incorporates the Center's COPPA-aware obligations for under-13 children's data along with applicable state child-privacy statutes.

The DPA is paired with the four Legal Stack v1.0 covenants — no biometrics, live-only video, enrollment-gated broadcast, audio-off-by-default. The covenants are MSA-locked architectural commitments; the DPA is the contractual frame around how the day-to-day data flow is governed.

1. The controller / processor split

The DPA's central allocation:

Center (data controller)

Consent collection from parents at enrollment (per the enrollment-gated broadcast covenant).
Signage in the facility per state law (camera-recording, audio-on if applicable).
Operational compliance — staff training, ratio rules, attendance accuracy, incident handling.
Authoritative facility records — enrollment, withdrawal, parent-of-record, custody changes.
Center attestation (TG-ATT-001) — signed periodic confirmation that the four covenant gates remain met.

TinyGuard (data processor)

Infrastructure — Pi, network connectivity, video pipeline, parent app, billing, dashboard.
Audit log — append-only record of consent state, broadcast state, access events.
Sub-processor management — the third parties listed at /legal/subprocessor-list; TinyGuard contracts each on the Center's behalf.
Covenant-gate enforcement — operator-attestation receiving + audit recording today; software-enforced per-room broadcast auto-suspend on the four gate conditions (consent / signage / attestation / device placement) ships June 2026. See /legal/covenants for the timeline.
Breach notification to the Center within 24 hours of discovery.
Data deletion on Center request or contract end.

2. Personal data in scope

The DPA covers the personal data categories that pass through the platform on the Center's behalf:

Child records — name, date of birth, family contacts, attendance, daily logs, care notes, milestones.
Family contacts — parent / authorized adult names, contact methods, custody designations.
Staff records — names, roles, schedules, certifications, attendance.
Video — live broadcast to enrolled families; incident footage stored on the in-room Pi; opt-in plan-tiered cloud archive when enabled by the Center.
Billing identifiers — payment methods, tuition / subsidy records, autopay setup.

What is not in scope: biometric data of any kind (per the standalone no-biometrics covenant — see /legal/biometric-data-policy); raw video derivatives sent to AI providers (AI features receive structured text, metadata, and — for opt-in photo features — still images of the moment, never video frames or face crops); and any data category not generated by the platform's documented features.

3. COPPA

The DPA incorporates the Center's COPPA obligations under the operator-exception path. The Center is the COPPA-regulated operator; TinyGuard, as processor, supports the Center's compliance by:

Surfacing the printable parental consent template at /legal/coppa-parental-consent-template for the Center to use at enrollment.
Maintaining facility-scoped data isolation so one Center's child records are not accessible to another.
Honoring deletion requests escalated by the Center within the COPPA-required timelines.

The Center, not TinyGuard, is responsible for obtaining the operator-exception parental consent at enrollment. TinyGuard's role is to make the Center's compliance work mechanically easier, not to be the COPPA-regulated party.

4. State-specific addenda

Where a state's child-privacy or wiretap or biometric statute imposes obligations beyond the federal baseline, the DPA is paired with a state addendum (TG-STA-001..012 today, with NH/NV/MT/DE/MI/OK in the drafting queue). Drafted as of 2026-05-24: TX, CA, IL, MN, NY, FL, CT, MD, MA, PA, WA, OR. If your facility's state isn't on the list, email legal@tinyguard.co — we draft on signing.

5. Term, termination, and data return

The DPA's term is the same as the underlying Master Service Agreement (TG-MSA-001). On termination or expiry, TinyGuard returns or destroys the Center's personal data at the Center's election within 30 days, retaining only what is required for ongoing legal obligation (e.g., financial records subject to 6-year retention under state law). The audit log is retained for six years for breach-defense purposes, scrubbed of personal data on a Center-specific request where statutory retention does not prohibit it.

Request the current template

The DPA template is provided to counsel for review on request. Email legal@tinyguard.co with your facility name and counsel's contact; we send a redline-friendly Word version plus a clean PDF for signing. Most reviews finish in 24–48 hours.

Email legal@ for the template

6. Cross-references

Four Legal Stack v1.0 covenants — the architectural commitments the DPA wraps.
No-Biometrics Covenant — Covenant 01 in full.
Subprocessor list — the third parties TinyGuard contracts on the Center's behalf.
COPPA parental consent template — printable form for facility enrollment.
Privacy Policy — public-facing TG-PUB-001.
BAA — the parallel agreement for elder care (TG-BAA-E-001 = HIPAA path).
Terms of Service — TinyGuard's general terms.

7. Contact

DPA template requests + counsel review: legal@tinyguard.co
Procurement / general legal questions: del@tinyguard.co
Phone: (510) 686-3357
TinyGuard LLC, 7428 SW Ashford St, Tigard, OR 97224