Our security commitments.
How we handle your data, your camera footage, and your privacy — concretely, not as marketing language.
Core principles
- We detect garden visitors, not people. Garden Sentry classifies wildlife — deer, rabbits, squirrels, raccoons, and similar garden pests. We do not run face recognition, identify individual humans, or build biometric profiles. If Ring's clip contains a person, our model tags them as "person" and moves on.
- We don't share proactively with law enforcement. We respond to lawful subpoenas and preserve records when required — and we notify you unless legally prohibited.
- We don't sell data. Not to advertisers, data brokers, insurance carriers, or model-training pipelines outside our own system.
- Responses respect your zones. Sirens, sprinklers, and lights only activate for visitors inside the zones you draw. Where technically possible, we minimize processing to the relevant area of the frame.
Data handling
Three categories of data pass through our systems:
- Account data — email, name, subscription status. Encrypted at rest. Never shared.
- Event metadata — timestamps, detection classes, confidence scores, zone references, thumbnail crops.
- Short event clips — brief clips (≤30s) delivered by Ring's App Integration API, used for model inference. Stored for the retention window on your plan, then deleted.
Full-resolution camera archives stay on Ring's servers. We receive only the short event clips and thumbnails needed to run detection. We never ingest continuous video streams.
Retention & deletion
Different categories of data have different retention windows. Here's the full picture:
| Category | Examples | Kept for |
|---|---|---|
| Event metadata | timestamp, detected species, confidence score, zone name, device id | 7 days (Basic) · 30 days (Pro) |
| Thumbnails | small still image of the detected visitor, shown in the dashboard feed | 7 days (Basic) · 30 days (Pro) |
| Short event clips | the ≤30s clip Ring delivered to our webhook, used for model inference | Processed then discarded within 24 hours unless you open a support ticket |
| Account data | email, name, subscription status, preferences, zone definitions | As long as your account is active |
| Billing records | invoices, payment confirmations — amounts and dates, not card numbers | Up to 7 years for tax compliance |
| Operational logs | request logs (IP, path, status code) for debugging and abuse prevention | 14 days rolling |
When you delete your account, everything except the minimal billing records is removed within 30 days.
Access control
- All data in transit is TLS-encrypted (TLS 1.2 or newer)
- Data at rest is encrypted at the disk layer on our hosting provider
- Access to production is restricted to the on-call engineer and gated by SSH key + multi-factor auth on the hosting provider
- Employees do not view your event clips unless you open a support ticket and explicitly ask us to
Garden Sentry is a small, pre-revenue project. We're being specific about what we do today rather than claiming enterprise controls we don't yet have.
Law enforcement
Our policy:
- We require a valid, specific legal demand — no voluntary sharing
- We notify the affected account holder unless legally prohibited
- We publish an annual transparency report with aggregate numbers
- We do not participate in bulk data requests or "fishing expedition" demands
Compliance
- US privacy laws: we honor CCPA / CPRA (California) rights — access, deletion, opt-out of sale (we don't sell) — for all users
- Payment data: PCI DSS via Stripe. Card numbers never touch our servers.
- SOC 2: we are not SOC 2 certified today. We aim to work toward SOC 2 Type II if and when our scale justifies the effort.
We don't collect biometric data (fingerprints, face geometry, voiceprints) and therefore BIPA (Illinois) and Texas biometric law don't apply to what we do today. If we ever add human-recognition features, we'll publish a separate policy with explicit consent language before turning them on.
Incident response
If we become aware of unauthorized access to account data or event clips, we commit to:
- Notifying affected users by email within 72 hours of confirming the incident
- Publishing a short plain-language summary of what happened and what data was involved
- Being honest about what we don't yet know, rather than guessing
As a small project, we don't have a 24/7 SOC. We do have monitoring and we do watch for anomalies. If you spot something that looks off, security@gardensentry.app is read by a human.
Contact
Reach our security team at security@gardensentry.app. We respond within 3 business days and run a responsible-disclosure program for verified vulnerabilities.