Privacy Policy

1. Introduction

StrangerAIert ("we", "our", "the service") provides a daily visit-report dashboard for Ring cameras. It uses face recognition to group visits by person and to filter out routine appearances from family and trusted people, so users can focus on visits that may need attention.

StrangerAIert is not a real-time alerting service. Motion events are received from Ring as they occur, but face recognition runs as a scheduled batch (once per hour) and push notifications are delivered only at three scheduled times each day (08:00, 18:00, 23:00 in the user's local time zone). Each push contains category counts for the previous time window; full visitor details are shown only on the dashboard.

This Privacy Policy explains what data we collect, how we use it, and the controls you have over it. StrangerAIert is an independent Ring partner application and is not affiliated with or endorsed by Ring or Amazon.

2. Information We Collect

We collect the following categories of information, all tied directly to operating the service for you:

• Account credentials. Email address (obtained from Ring after you grant OAuth authorization) and a password you create for StrangerAIert. The password is stored only as a PBKDF2-HMAC-SHA256 hash with 310,000 iterations — the plain password is never persisted.
• Ring OAuth tokens. Access and refresh tokens received from Ring after you approve StrangerAIert during the in-app linking flow. We never receive or store your Ring password.
• Ring device metadata. Device IDs, device names, online status, and basic capability information obtained from the Ring partner API.
• Motion event metadata. Timestamps, camera identifier, and event type for each motion event Ring delivers via webhook.
• Camera media around motion events. Short video segments (typically a few seconds before and after a motion event) retrieved via Ring's WHEP live-stream API and/or cloud-clip download API, used for face/person detection and event display.
• Face data derived from your cameras. Cropped face images detected in your own camera footage, plus a numeric vector (face "embedding") computed from each image. These are stored under your account only and are used to recognize whether the same person appears again across visits.
• Person labels you create. Names or tags you assign to detected people (e.g. "family", "neighbor"), and the registration/exclusion status of each person.
• Session and usage information. Login session cookies, IP address and basic browser information used only to maintain your sign-in and protect against abuse.

3. How We Use Your Information (Purposes of Processing)

• To ingest and store motion events delivered by Ring webhook, including short camera clips for the period around each event.
• To run face detection (YOLOv8), face embedding (ArcFace and AdaFace models) and identity clustering (HDBSCAN) on a scheduled batch basis (once per hour), so that visits of the same person across different events can be grouped together within your account.
• To compose your daily visit report — three time-windowed reports per day (overnight, daytime, evening) — and to send a push notification at the three scheduled times (08:00, 18:00, 23:00 in your local time zone) summarizing the visitor counts for the previous window.
• To filter people you have registered as Familiar from the report's visible list, and to always feature people you have added to your Watchlist.
• To automatically demote people you have repeatedly ignored (no detail card opened across multiple visit days) into the report's "Show more" bucket, and to suggest registration for frequently appearing unregistered visitors.
• To keep your Ring connection active by refreshing OAuth tokens before expiry.
• To respond to your support requests and protect the service from abuse.

We do not use your data to train shared machine-learning models across users, and we do not use it for advertising or profiling beyond the operation of StrangerAIert for you.

4. AI / ML Model Training and Data Usage

This section directly addresses common questions about how we use your data in connection with AI models.

• We do not use your data to train shared AI models. The face-detection, face-embedding, and clustering models StrangerAIert runs (YOLOv8, ArcFace, AdaFace, HDBSCAN) are pre-trained models from public research; we run them as inference only on your camera footage. We do not fine-tune these models with your videos, your face embeddings, your registrations, or any data derived from your account, and we do not aggregate user data to train any new model.
• Your face embeddings are used only for clustering within your account. Embeddings are stored only to recognize whether the same person reappears across your camera feeds. They are never combined with another user's data, never sold, never shared with model vendors.
• No automatic training opt-in. Because we do not train models on customer data by default, there is no separate opt-in or opt-out required for model training. Should we ever consider using customer data for training in the future, we will require explicit opt-in consent before doing so and would disclose the change in this Privacy Policy.
• If you opt out (or delete data), service impact is limited to your account only. Because we do not use your data for training, opting out of any future model-training program will not reduce the quality of recognition for other users, and will not change the level of service you receive — clustering, daily reports, and registrations continue to work as described in this Policy.

5. Human Review of Customer Data

This section directly addresses when, if ever, a human at StrangerAIert may view your camera videos, images, or face data.

• Default — no human review. Routine operation of StrangerAIert (motion ingestion, hourly batch analysis, daily report generation, scheduled push notifications) is fully automated. No StrangerAIert employee or contractor views your videos, images, or face data as part of normal service.
• Exception — explicit user-initiated support. If you submit a support request that requires us to look at a specific event or person (for example, "this person is being misidentified as someone else"), our support staff may, with your written permission and only for the items you reference, access the specific event clip or face crops needed to diagnose the issue. We do not retain or copy this data after the support case is closed.
• Exception — security incidents and abuse investigation. If we have a good-faith reason to believe the service is being used to violate these terms or applicable law (for example, attempted access to another user's account), an authorized employee may review the minimum data necessary to investigate. Such access is logged.
• Exception — legal compulsion. Where required by valid legal process (see Section 8 — Data Sharing and Disclosure), authorized personnel may access specific data to respond.
• No human review for model improvement. We do not sample or review customer videos, face crops, or embeddings to improve, label, audit, or evaluate AI models.

6. How You Can Control and Review Your Data

You retain full control over what is stored about you. From the in-app Settings tab you can:

• Review your data. The dashboard exposes every motion event, every recognized visitor, every face crop, and every source video clip associated with your account. There is no internal data set kept separately — what you see on the dashboard is the full record.
• Delete specific people. Use the Remove control on any visitor's detail page to delete that person's face crops, embeddings, and clustering record from your account.
• Delete all event data while keeping the account active. Settings → Account and data → Delete data. This wipes your full event history, face data, video clips, and registrations while leaving your sign-in available.
• Delete the entire account. Settings → Account and data → Delete account. This permanently deletes your StrangerAIert account, all face data, all motion event records, all video clips, all camera group settings, and your active Ring OAuth tokens.
• Disconnect Ring. Revoking the Ring link (either from Ring or from StrangerAIert Settings) stops future event ingestion and deletes the stored OAuth tokens.
• Per-camera analysis on/off. Settings → Cameras lets you toggle whether each individual Ring camera's footage is analyzed by StrangerAIert.
• Push notification opt-out. Settings → Notifications lets you toggle the three scheduled summary pushes off entirely while continuing to use the dashboard.

7. Data Subject Access Requests (DSAR) and Privacy Rights

You have the right to:

• Access the information StrangerAIert holds about you. Most of this is directly visible in the in-app Settings and dashboard. If you want a packaged export of your records, see the email-based DSAR procedure below.
• Correct or update labels, registrations, and account information through the in-app interface.
• Delete individual people, individual events, all of your data, or your entire account — all available in Settings → Account and data (see Section 6).
• Object to processing by disconnecting Ring or deleting your account; this stops all further processing of your data by StrangerAIert.
• Restrict processing by disabling specific cameras (Settings → Cameras) or notifications (Settings → Notifications).
• Receive a portable export of your event log and registered people upon request, in a machine-readable format (JSON).
• Lodge a complaint with your local data protection authority where you have such rights.

To submit a DSAR / access / deletion request that cannot be completed in-app: email support@aikey.ai with the subject line "Privacy Request — [access | deletion | export | correction]" from the email associated with your StrangerAIert account. We respond within 30 days. If we need to verify your identity, we will reply from the same address to confirm.

8. Available Opt-Out Mechanisms

• Opt out of scheduled summary push notifications — Settings → Notifications, toggle off. The dashboard remains available; only the push goes away.
• Opt out of analyzing a specific camera — Settings → Cameras, toggle that camera's "Recognition" switch off. Ring events for that camera are no longer ingested or analyzed.
• Opt out of having a specific person tracked — open that person's detail page and tap Remove. Their face data, embeddings, and recognition history are deleted from your account.
• Opt out of all StrangerAIert processing — disconnect Ring (Settings → Account and data, or from the Ring app). All future events stop.
• Opt out of all data storage — delete your data (Settings → Account and data → Delete data) or delete your account entirely.
• Opt out of AI model training — not required, because we do not use customer data for training (see Section 4).

None of these opt-outs requires us to contact you, and none requires special review on our side. They all take effect immediately in-app.

9. Data Sharing and Sub-processors

We do not sell your personal information. We share information only as follows:

• Ring (Amazon). When you use StrangerAIert, your authenticated API calls (live stream, clip download, device list) go to Ring's API. Ring's own privacy practices apply to anything you do directly on Ring's platform.
• Infrastructure sub-processors. StrangerAIert relies on the following sub-processors strictly to operate the service:
  • Amazon Web Services (AWS) — compute, storage (Amazon S3 for face/video assets, Amazon RDS / PostgreSQL for relational data), networking, and content delivery in the us-west-1 region. AWS processes data only as our infrastructure provider under its Data Processing Addendum.
  • Amazon Simple Email Service (SES) — sending of transactional emails such as password reset links. Only the recipient email address and the email content (no face data) are sent through SES.
  • Let's Encrypt — TLS certificate authority for HTTPS. No customer data is sent to the certificate authority.
• Legal compliance. We may disclose information when required by law, subpoena, or court order, or to protect rights, property, or safety.

We do not share your data with advertisers, brokers, analytics platforms, or AI model vendors.

10. Data Retention

Different types of data are retained for different periods. We are explicit about which data is kept indefinitely (for service integrity and improvement) and which is rotated out.

Kept indefinitely

• Person tracker metadata (visit history, categories, names you assigned, registration state) is kept while your account is active. This is the source of truth for what appears on your dashboard.
• Face crops + face embeddings of people you have registered (Familiar or Watchlist): kept while you keep that person registered, so recognition still works the next time they appear in front of a camera. Removed as soon as you delete the person from the People tab.

Rotated out

• Motion video clips in cloud storage (AWS S3): kept for 90 days, then deleted by a daily automated cleanup. The matching visit row in the database is marked anonymized at the same time (S3 URL set to NULL). You can also request earlier deletion at any time — see Section 7.
• Local webhook clip cache (the per-event mp4 + extracted face crops cached on our server for fast re-analysis): kept on the application server for 90 days, then deleted.
• Webhook event audit log (the record of when each Ring camera reported motion to StrangerAIert): kept for 90 days, then auto-pruned. Ring itself removes motion video after about the same window, so older audit lines cannot be used to re-pull video and are removed to limit retention.
• Face crops + embeddings of unregistered people inactive for 90+ days: if someone walked past a camera once or twice and stops appearing, we trim down to roughly one representative face per viewing angle (so we keep three samples — front, half-profile, profile — rather than dozens). Their visit metadata stays in the person tracker, and recognition still works the next time they appear (the kept samples are used to re-identify them, so they do not show up as "first-time").
• Application + access logs: rotated at 10 MB each, 5 generations kept (~50 MB rolling). Older logs auto-deleted.
• Browser session cookie: 30 days of inactivity, then expires; you stay logged in if you visit at least once every 30 days.

Removed on user action

• Account information (email, password hash, time zone, country): removed when you delete your account (Section 7). You can delete your account at any time.
• Ring OAuth tokens: deleted as soon as you revoke the link in Ring or in StrangerAIert Settings.
• Push subscription endpoints: deleted when you disable notifications in Settings or close the account.

11. Data Storage and Security

• Passwords are hashed with PBKDF2-HMAC-SHA256 (310,000 iterations) and a per-user salt.
• OAuth tokens are stored on the server and used only to make authorized Ring API calls.
• HTTPS is used for all web traffic between your device and StrangerAIert.
• Face embeddings, event metadata, and media derived from your cameras are scoped to your account. Other StrangerAIert users cannot access your data.
• We follow least-privilege access controls for any administrative access to operational systems.

12. Changes to AI Capabilities

This section directly addresses how we inform you about changes to the AI features (such as new detection capabilities, accuracy improvements, or new model versions) that affect your data processing.

• In-app release notes. When we deploy a meaningful change to the face recognition pipeline, detection thresholds, classification rules, or the categories shown in the daily report, we publish a short release note that is visible the next time you open the dashboard.
• Privacy Policy updates. If a new AI capability changes what data is processed, how it is processed, or how long it is retained, we update this Privacy Policy and update the "Last updated" date at the top of this page. Material changes that meaningfully reduce your privacy posture are highlighted in an in-app banner the next time you sign in.
• Accuracy and limitations disclosure. The signup consent screen contains an "AI Limitations and Accuracy Notice" describing the probabilistic nature of face recognition and the conditions under which accuracy can decrease (low light, profile views, occlusion, distant or motion-blurred faces). When we materially change accuracy claims or add a new capability that has different accuracy characteristics, we update that notice.
• Opt-in for net-new capabilities. If we introduce an AI capability that processes a category of data we did not previously process (for example, audio analysis or a new biometric modality), we require explicit user opt-in before enabling it for your account.

13. Camera Surveillance and the People in Your Footage

Some of the visitors and family members captured by your cameras may not be StrangerAIert users. StrangerAIert never contacts them directly. However, you are responsible for complying with the laws of your jurisdiction regarding video and biometric surveillance, including notice requirements. See the Terms of Service for additional detail.

14. Third-Party Services and Ring

StrangerAIert integrates with Ring (Amazon). When you choose to link your Ring account, you are also subject to Ring's privacy policy. Disconnecting in either system stops future data flow. The technical sub-processors used to operate StrangerAIert itself are listed in Section 9 (Data Sharing and Sub-processors).

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the new version on this page with an updated "Last updated" date. Material changes that reduce your privacy rights will be announced more prominently (for example, an in-app notice).

16. Contact Us

For privacy questions or to exercise your rights, contact us at support@aikey.ai.