Security and privacy

Only privacy-filtered video is transmitted; raw footage never leaves the edge device.

No facial recognition database is maintained. Identity matching uses privacy-preserving embeddings.

Parental access data is limited to their own child's filtered feed only.

Metadata is stripped from all transmitted frames. No location, device, or network data is attached.

Biometric enrolment data is stored on-device only and cannot be exported.

On-site encrypted storage with a strict 48-hour rolling buffer.

AES-256 encryption at rest with hardware-managed keys.

Automatic cryptographic erasure after the retention window.

No cloud backup, no archive, no remote storage of any footage.

Encryption keys rotate every 24 hours via the hardware security module.

Multi-factor authentication required for all parent and nursery accounts.

Role-based access: managers, staff, and parents each have distinct permission levels.

Per-session token rotation prevents replay attacks.

Session timeouts automatically end feed access after inactivity.

All account actions are logged with full attribution.

Automated alerting for hardware tamper detection and anomalous access patterns.

Defined escalation procedures for data breach scenarios.

48-hour incident disclosure commitment to affected parties.

On-device audit logs are tamper-proof and preserved separately from video data.

Regular penetration testing and third-party security audits.