Legal

Privacy Policy

Effective: May 19, 2026. TinyGuard LLC, 7428 SW Ashford St, Tigard, OR 97224. Questions: del@tinyguard.co

Scope and who we are
What data we collect
How we use it
Payment processing
AI features
Video and camera data
Children's privacy (COPPA)
Subprocessors
Security
Data retention
Your rights
Changes to this policy
Contact us

1. Scope and who we are

TinyGuard LLC ("TinyGuard," "we," "us") operates a cloud-based management platform for childcare and elder care facilities. This policy explains how we handle personal data for:

Facility operators and staff — people who log into the TinyGuard dashboard to manage their facility.
Families and authorized contacts — parents, guardians, and relatives who access the family portal or receive communications.
Children and residents — individuals whose care is recorded in the platform. We receive this data from the facility, not directly from individuals.
Website visitors — people who visit tinyguard.co without an account.

TinyGuard acts as a Business Associate under HIPAA when processing Protected Health Information on behalf of facilities. The facility (Covered Entity) controls how PHI is used; TinyGuard processes it per the signed BAA. See our Business Associate Agreement for full PHI handling details.

2. What data we collect

Account and facility data

Facility name, address, subdomain, and plan tier
Owner and staff names, email addresses, phone numbers, roles, and profile photos
Authentication credentials (passwords stored as bcrypt hashes; we never store plaintext)
Billing information (processed by Stripe — we store the last 4 digits and card brand, not the full card number)

Care and operational data

Children's and residents' names, dates of birth, enrollment dates, and care room assignments
Health records, medication schedules, allergy information, immunization records, and dietary restrictions — entered by facility staff
Daily care events: meals, naps, diaper changes, medications administered, observations, and incidents
Check-in/check-out records with timestamps and guardian identity
Attendance, billing, and Electronic Visit Verification (EVV) records
Authorized family and emergency contact information

Video and device data

Live and recorded video from cameras configured by the facility (see Section 6)
Device identifiers and heartbeat telemetry from Raspberry Pi hardware

Usage and log data

Access logs: who logged in, from what IP, at what time, and what actions they took
API request logs (sanitized — no passwords or card numbers)
Browser type and version (for error diagnostics)

Communications

Messages between staff and families through the platform's messaging feature
Email content for daily reports sent to families

3. How we use it

Delivering the service: All data collected is used to provide the features your facility has enabled — video monitoring, care logging, billing, EVV, parent communications, and compliance reporting.
Security and fraud prevention: Access logs and authentication data are used to detect unauthorized access and protect accounts.
Product improvement: We use aggregated, de-identified analytics to understand how features are used and to improve the platform. We do not sell individual data.
Communications: We send transactional emails (account confirmations, billing receipts, daily reports) and may send product update emails to facility owners. You can opt out of product emails at any time.
Legal compliance: We retain certain records as required by law and respond to lawful requests from government authorities.

We do not sell your personal data to third parties. We do not use children's data for advertising purposes.

4. Payment processing and financial data

Subscription payments are processed by Stripe (credit/debit cards) and Dwolla (ACH bank transfers). When you enroll in ACH billing, Plaid is used to verify and (for facility-owner bank links) reconcile your bank account.

TinyGuard never stores your full card number, bank account number, or routing number on our servers. Plaid securely returns verified bank account details directly to Dwolla. By linking a bank account, you agree to Plaid's End User Privacy Policy and Dwolla's Privacy Policy.

Plaid scope by use case: family ACH (tuition payments) uses Plaid Auth only — bank account verification, nothing more. Facility-owner bank linking uses Plaid Auth plus Plaid Transactions to reconcile incoming tuition disbursements against facility income. We do not access balances, identity verification (beyond what Dwolla requires to onboard a Verified Customer), or income data through Plaid.

5. AI features

Several features call out to AI providers to generate content. A given request is served by one of three providers (Anthropic, OpenAI, or Google) selected by TinyGuard's routing layer; data does not fan out to all three:

Daily report drafts: Child or resident name, age, and today's logged care events.
Observation polish: Staff-typed observation text.
Incident analysis: Incident text and descriptions.
Lesson-plan generation: Facility curriculum context and room metadata.
Support chat: Operator-typed support questions and the platform context required to answer them.

💡 AI opt-out

AI features are optional and can be disabled per-facility on request. The platform works without them. For enterprise customers, we can enable Anthropic's Zero Data Retention option on the Anthropic path and route around providers your compliance team excludes. Email del@tinyguard.co to request this. For HIPAA-regulated facilities, TinyGuard will not route PHI to an AI provider before a downstream BAA is in place; see our BAA §3.3 for current subprocessor BAA status.

AI-generated content (daily reports, suggestions) is always presented to staff for review before being shared with families. TinyGuard does not use AI to make decisions about children's or residents' care.

6. Video and camera data

TinyGuard handles video in two stages:

Cameras stay on your local network. Camera RTSP streams terminate at the Raspberry Pi on your premises. Cameras themselves never speak directly to the internet.
Live viewing relayed in real time, not stored. When an authorized viewer (staff, owner, family) opens a live stream from off-site, the Pi publishes the stream through Cloudflare Calls (a real-time WebRTC relay) so the viewer's browser can subscribe. Streams are encrypted in transit (TLS / DTLS-SRTP) but transit Cloudflare's network; they are not stored unless cloud recording is enabled.
Cloud recording (opt-in). When enabled by the facility, video segments are stored in Cloudflare R2 (US infrastructure, AES-256 server-side encryption) for the retention period you've selected (7–365 days by plan). Segments are accessible only through signed JWT URLs that expire in minutes.

Access to video is restricted to authorized staff at your facility. TinyGuard employees do not access your video feeds unless you explicitly grant support access for a specific technical issue.

Facilities are responsible for ensuring that families, residents, and staff have been informed of and consented to video monitoring (and, where audio capture is enabled, audio recording in all-party-consent states) as required by applicable law.

No biometrics, ever. TinyGuard does not perform facial recognition, voice-print derivation, or any other biometric processing on the video that runs through the platform — locked as a standalone covenant in our Master Service Agreement §3 and reaffirmed per state. See the full No-Biometrics Covenant and the broader Legal Stack v1.0 covenants page for the architectural decisions that shape this commitment.

7. Children's privacy (COPPA)

TinyGuard's platform is not directed at children. Children's personal information is entered into the platform by facility staff, not by the children themselves. We do not knowingly collect personal information directly from children under 13.

Facilities using TinyGuard are responsible for obtaining all required parental consents for the collection and processing of children's information, and for complying with the Children's Online Privacy Protection Act (COPPA) and applicable state law.

If you believe TinyGuard has collected children's data in violation of COPPA, contact us at del@tinyguard.co.

8. Subprocessors

Third-party services that process personal data on our behalf:

Subprocessor	Purpose	Data category
Cloudflare	Edge compute, video storage (R2), device tunnel, WebRTC relay	All in-app data, video segments
Neon	PostgreSQL database hosting	All platform data
Anthropic	AI features (daily reports, observations, incident analysis, support chat)	Care data in AI-enabled features only
OpenAI	Secondary AI provider	Same surface as Anthropic
Google (Gemini / Vertex AI)	Tertiary AI provider	Same surface as Anthropic. For HIPAA-regulated facilities, routed only through Google Vertex AI (BAA-covered) when contracted; see BAA §3.3.
Stripe	Subscription and tuition payments	Billing identifiers, payment methods
Dwolla	ACH bank transfer processing	Verified bank account references
Plaid	Bank account verification	Bank credentials (passed to Dwolla; not stored by TinyGuard)
Resend	Transactional email	Email addresses, email content
Twilio	SMS notifications	Phone numbers, message text
Google Analytics / GTM	Website analytics	Page views, anonymized visitor data (tinyguard.co only)

We do not authorize subprocessors to use your data for any purpose other than providing services to TinyGuard. We give 30 days' advance notice of material changes to this list.

9. Security

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Access is controlled through role-based permissions with JWT authentication and refresh-token rotation. Each facility's data is isolated through tenant-scoped access controls enforced on every database query — one facility cannot access another's records.

We conduct regular security reviews. If you discover a vulnerability, please disclose it responsibly to del@tinyguard.co. See tinyguard.co/security for our full security posture.

10. Data retention

During service: All facility data is retained and accessible through the dashboard.
After cancellation: Data remains available for export for 30 days after your subscription ends. After that window, all facility data is permanently deleted.
PHI (under BAA): Minimum 6-year retention from date of creation per 45 CFR 164.530(j), unless Covered Entity requests earlier destruction.
Cloud video recordings: Retained per your plan's retention period (7–365 days), then automatically deleted from R2.
Audit logs: Retained for 6 years minimum.

11. Your rights

Depending on your location, you may have rights including:

Access: Request a copy of the personal data we hold about you.
Correction: Request correction of inaccurate data.
Deletion: Request deletion of your account and associated data. Facilities can use the account deletion feature in the dashboard; staff can request deletion via del@tinyguard.co.
Data portability: Export your facility's data in CSV/JSON format at any time through the dashboard.
Opt-out of AI features: Disable AI processing for your facility by contacting us.

To exercise these rights, email del@tinyguard.co. We respond within 30 days.

California residents: You have additional rights under the CCPA. We do not sell personal information. You may request disclosure of data we collect about you or request deletion. Contact us at the email above.

12. Changes to this policy

We update this policy when our practices change. Material changes will be announced to facility owners via email with 30 days' notice. Continued use of the platform after the notice period constitutes acceptance.

Previous versions are available on request at del@tinyguard.co.

13. Contact us

Privacy inquiries: del@tinyguard.co
General: del@tinyguard.co
Phone: (510) 686-3357
TinyGuard LLC, 7428 SW Ashford St, Tigard, OR 97224