Fine print · N° 001
A short version, in plain English. The full policy follows below and is updated when anything material changes.
We collect what we need to keep you safe, nothing else. Your patrol log, your panic-switch settings, your circle's contact details, and your address are stored encrypted, in Australia, and visible only to you and the residents you authorise. We do not sell, share, or analyse this information for advertising. Ever.
Account: your name, email, phone number, billing details. Property: your address, gate code if you share it, medical notes if you share them. Circle: the names and numbers of the people you nominate. Patrol log: timestamp, GPS ping, operator ID, and optional photographs per pass.
You. The contacts you add. Vigil Guard members on your street at the moment a panic alert is active. The operator on duty for your suburb on the nights you've scheduled patrols, once that pillar is licensed. We never hand your data to triple zero. You call 000 yourself. Nobody else.
Patrol logs are kept for 12 months by default and you can delete them earlier from inside the app. Account records are kept for the life of the membership plus 24 months for tax and dispute resolution. Panic-alert records are kept for 7 years as required by Australian emergency-services law.
You create an account with your email and a password. You can delete your account and all the data we hold on you at any time, from inside the app: Account, then Delete account. Deletion is permanent and removes your profile, membership, contacts, reports and settings. You can also email privacy@vigilguard.com.au to request it.
We use your location only when a feature needs it: during a panic alert and a Guardian Walk, so help reaches where you are; and to sort nearby reported crime by distance. We never use your location for advertising and we never sell it. You control the permission on your device and can turn it off at any time.
Reports you post to the Lookout feed (a short note, a category, an approximate location, an optional photo) are visible to other members near you. We ask you to report behaviour, never a person's appearance. Every report can be reported by others and its author blocked; reports that draw enough complaints are hidden automatically, and we remove content and remove members who abuse the feed. Report coordinates are rounded before they are shown to neighbours.
Membership is processed by Stripe. We do not see or store your full card number; Stripe handles it under its own security and privacy terms. We keep a record that you are a member and what plan you hold.
Email privacy@vigilguard.com.au with any question or request. We respond within five business days.
In a life-threatening emergency, always call 000. Vigil Guard does not replace emergency services.
Last updated · 2026-06-02. This is a launch-phase policy and will be reviewed by counsel before the first paying member is onboarded.
Draft, pending lawyer review.
Sentry (Pillar IV, in design · founding-cohort closed beta) watches the member's own security cameras with AI. Because we are processing video of identifiable people, the rules below are stricter than the rest of this policy. They apply only to members who have explicitly enrolled a camera in Sentry. This section is a draft and will be finalised after counsel review before the first Sentry beta camera goes live.
Sentry analyses nothing unless the member has explicitly enrolled a specific camera in the Sentry programme. No background scans, no auto-discovery, no analysis of footage from cameras the member has not nominated. Enrolment is per-camera and can be revoked at any time from the app.
Before Sentry analyses a member's first clip, the member draws the regions the AI must not analyse: the public footpath, the neighbour's yard, anywhere outside their boundary. Masks are applied to every frame before it ever reaches the AI. Masked regions are not transmitted, not stored, and not seen by any model.
Clips are stored at rest in the AWS Sydney region. They never leave Australia, except for the millisecond-long round trip to Anthropic's API for analysis. Only the AI's text summary of each clip is retained, never the raw frames sent for analysis.
The AI that reads enrolled Sentry footage is Anthropic's Claude. Anthropic's enterprise terms forbid training on customer data. The member's footage trains nothing, and is not retained by Anthropic after the analysis call returns.
Default retention for Sentry clips and their AI summaries is 30 days. The member can set this between 7 and 90 days. After retention expires, clips and summaries are hard-deleted from primary storage and from backups. The member can also delete any individual clip from the app immediately.
Every clip Sentry analysed, every tier it assigned, every member alert it fired, and every Tier III dispatch it proposed or placed, all of it is written to an append-only audit log. The member can request a full copy of their own audit log at any time.
Email privacy@vigilguard.com.au and we erase every Sentry clip, summary, and audit record we hold on the member within 72 hours of the request, including from backups, and we send the audit trail of the erasure back as proof.
Section drafted · 2026-05-15. Pending counsel review before the first Sentry beta camera goes live.