How Kindiguardian works
A transparent look at the technology that makes privacy-first nursery monitoring possible. No black boxes, no hand-waving.
Camera captures room
A standard nursery-grade IP camera records the room continuously. The camera connects directly to our on-site edge device via a secure wired connection. No footage passes through any external network at this stage.
The camera itself has no internet access and cannot be accessed remotely.
AI processes video locally
Our edge device runs real-time AI inference using a dedicated neural processing unit. The system identifies enrolled children using privacy-preserving embeddings that never leave the device.
Processing latency is under 100ms, enabling smooth live feeds with no visible delay.
Child is isolated, others masked
Once the enrolled child is identified, the system generates a privacy-filtered view where every other person in the frame is automatically masked. This happens in real-time, frame by frame.
If AI confidence drops below 95%, the entire frame is masked. The system always defaults to maximum privacy.
Parent views secure live feed
The privacy-filtered feed is streamed to the parent's mobile app via an encrypted channel. Parents see only their own child, clearly and in context, without compromising anyone else's privacy.
Sessions are time-limited and each viewing generates an audit log entry.
Technical deep dive
For those who want to understand what is happening under the hood.
On-device AI
All AI inference runs on a dedicated edge device installed at the nursery. The neural processing unit handles person detection, identity matching, and real-time masking without any cloud dependency. Models are updated via signed, encrypted packages delivered during off-hours.
No raw cloud video
Raw, unmasked video never leaves the nursery premises. The only data transmitted externally is the privacy-filtered feed, sent via TLS 1.3 encrypted channels. Even our own engineers cannot access raw footage remotely.
Encryption everywhere
Footage at rest is protected with AES-256 encryption. Feeds in transit use TLS 1.3. Encryption keys are stored in a hardware security module on the edge device and rotated every 24 hours. Decryption requires physical access to the device.
Fail-closed masking
If the AI cannot identify a person with sufficient confidence, the system defaults to full masking of that individual. If the edge device encounters an error, all feeds are suspended. Privacy is never compromised by a system failure.
Complete audit logs
Every feed access, every login, and every system event is logged with timestamps and user identifiers. Audit logs are tamper-proof, stored separately from video data, and available for regulatory review at any time.
48-hour auto-deletion
The on-site storage buffer holds a maximum of 48 hours of footage. After this window, data is cryptographically erased and overwritten. There is no archive, no backup, and no way to recover deleted footage.
Questions about our technology?
We welcome scrutiny. Our team is happy to walk you through the architecture in detail.