Privacy Policy

Effective date: 1 April 2026

Who we are: New Venture Capital Pty. Ltd. (ACN 626 647 256, ABN 56 626 647 256) ("we", "us", "our"), trading as Puffin Guard.

This Privacy Policy explains how we collect, use, disclose, and protect personal information when you use the Puffin Guard website, web application, physical sensor device, and related services (collectively, the "Service"). We comply with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth).

1. Privacy by Design

Puffin Guard was built with privacy at its core:

  • No cameras or microphones. The Device uses a passive infrared (PIR) sensor to detect motion only
  • No activity tracking. We do not record patterns of movement, daily routines, or behaviour
  • Alert-only model. Contacts are notified only when expected presence is not detected. No one can remotely "check in" on a person's activity or presence
  • Minimal data collection. We only collect what is necessary to provide the service

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Name and email address
  • Phone number(s), mobile and/or voice, used for verification and to receive alerts
  • Timezone and country
  • Password (stored securely using one-way encryption, we cannot see your password)

2.2 Device Data

When the Device checks in with our server (typically once every 24 hours, or when manually triggered), we receive:

  • Device identifier (hardware ID)
  • Firmware version
  • Battery level
  • WiFi signal strength
  • A confirmation that motion was or was not detected (yes/no, no details about the nature or frequency of movement)

The Device does not stream data, record audio, capture images, or track location.

2.3 Data Stored on the Device

The Device stores the following information locally on its internal memory:

  • Your WiFi network credentials (SSID and password), required to connect to your home network. These are stored on the device only and are not transmitted to our servers.
  • Motion detection timestamps, stored temporarily on the device between check-in uploads, then transmitted to our server and cleared from the device.
  • Device configuration (check-in schedule, server endpoint), received from our server during each check-in.

If you dispose of or return the device, we recommend performing a factory reset to clear all stored data. Instructions are available in the setup guide or by contacting us.

2.4 Emergency Contact Information

You provide names, phone numbers, and email addresses for emergency contacts. These are used solely to send alerts when expected presence is not detected. You are responsible for obtaining your contacts' consent before adding them.

2.5 Payment Information

Payments are processed by Stripe. We do not store your credit card number, CVV, or full payment details on our servers. We retain only a Stripe customer reference for billing management.

2.6 Usage and Technical Data

We collect standard web analytics data including pages visited, browser type, IP address, device type, and referral source. This helps us improve the Service.

2.7 Voice Call Data

When Puffin Guard places automated voice calls (e.g., grace period alerts or emergency contact notifications), we generate audio using text-to-speech technology. We record:

  • Call duration and status (answered, missed, etc.)
  • Keypad responses (e.g., pressing "1" to check in)
  • Call cost for internal accounting

We do not record the audio of calls or listen to conversations.

2.8 SMS Data

When we send or receive SMS messages (e.g., check-in reminders, replies), we record the message content, delivery status, and cost. Inbound SMS replies (e.g., replying "Check in") are processed to trigger a check-in on your behalf.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the monitoring service
  • Send alerts to you and your designated emergency contacts when needed
  • Generate voice call audio for automated notifications (using text-to-speech)
  • Process payments and manage subscriptions
  • Send important service communications (e.g., device offline alerts, low battery warnings, billing reminders)
  • Improve and develop the Service
  • Analyse aggregate, anonymised usage to understand product performance
  • Comply with legal obligations

We do not sell, rent, or share your personal information with third parties for marketing purposes.

4. Service Providers (Sub-processors)

We use the following third-party services to operate Puffin Guard. Each processes data in accordance with their own privacy policies and under contractual obligations to us:

Provider Purpose Data Region
Railway (Google Cloud Platform) Application hosting and database US
Amazon Web Services (AWS S3) Object storage for device firmware and audio files US (us-east-1)
Stripe Payment processing and subscription billing US / Global
Telnyx SMS delivery and voice call delivery for alerts US / Global
Resend Transactional email delivery (via SMTP) US
OpenAI Text-to-speech audio generation for voice call notifications US
Cloudflare DNS, DDoS protection, web security Global (edge network)
Google Analytics / GTM Website analytics and marketing measurement US / Global
Proton Mail Email hosting for [email protected] Switzerland / Germany

5. International Data Transfers

Our primary hosting infrastructure is in the United States (AWS us-east-1). Some service providers process data in other jurisdictions. By using the Service, you consent to the transfer of your information to these locations. We require our service providers to maintain appropriate security standards.

If we expand to serve customers in the EU/UK, we will implement appropriate data transfer mechanisms (such as Standard Contractual Clauses) as required by applicable law.

6. Data Storage and Security

We implement appropriate technical and organisational measures to protect your data, including:

  • All communication between the Device and our servers is encrypted using HTTPS/TLS
  • Each Device authenticates with unique credentials when communicating with our servers
  • Firmware updates are delivered encrypted to prevent tampering
  • All web traffic is encrypted in transit (TLS 1.2+)
  • Sensitive data is encrypted at rest
  • Passwords are stored using one-way hashing (bcrypt). We cannot see your password
  • Role-based access controls limit internal access to your data
  • Rate limiting protects sensitive endpoints against automated attacks

No method of transmission or storage is 100% secure. We cannot guarantee absolute security, but we continuously work to protect your information.

7. Data Retention

  • Account data: retained while your account is active.
  • Device check-in records: retained for up to 12 months for service operation, then automatically archived or deleted.
  • Voice call records: call metadata (duration, cost, status) retained for 12 months. Pre-generated audio files are automatically deleted after 7 days.
  • SMS records: delivery metadata retained for 12 months.
  • Account deletion: if you close your account, we will delete your personal data within 30 days, except where we are required by law to retain it.

8. Your Rights

Under the Australian Privacy Principles, you have the right to:

  • Access the personal information we hold about you
  • Correct any inaccurate or incomplete information
  • Delete your account and associated data

To exercise these rights, contact us at [email protected].

9. Cookies & Analytics

We use essential cookies to maintain your login session and remember preferences. We use Google Analytics (via Google Tag Manager) to understand how visitors use our website. Analytics data is aggregated and does not identify individual users.

You can control cookie preferences in your browser settings.

10. Automated Communications

By using the Service, you consent to receiving automated communications from Puffin Guard, including:

  • Automated phone calls and SMS messages for check-in reminders and alerts
  • Email notifications about your account, device status, and billing

Alert communications are integral to the Service and cannot be opted out of while the Service is active. You may cancel your account at any time to stop all communications.

11. Automated Decision-Making

We do not make decisions based solely on automated processing that produce legal or similarly significant effects on individuals. The automated alerts sent by the Service (e.g., absence notifications) are operational communications, not automated decisions about individuals.

12. Third-Party Services

Your use of third-party services connected to Puffin Guard (e.g., your WiFi network, email provider, mobile carrier) is governed by those providers' own terms and privacy policies. We are not responsible for their practices.

13. Children's Privacy

The Service is not directed at children under 18. We do not knowingly collect personal information from children.

14. Data Breaches

If we become aware of a data breach that is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required by the Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988.

15. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified by email at least 30 days before taking effect. Continued use after the effective date constitutes acceptance.

16. Complaints

If you have concerns about our handling of your personal information, you may lodge a complaint with us. If you are not satisfied with our response, you can contact the Office of the Australian Information Commissioner (OAIC).

17. Contact

If you have questions or concerns about this Privacy Policy, please contact us:

Puffin Guard (a service of New Venture Capital Pty. Ltd.)
Email: [email protected]

A private safety net they'll accept Get Started