Skip to main content

Privacy Policy

Last updated: 2026-06-04

ScreenGuardian is built around one promise: camera frames stay on your device. This policy explains what that means in practice.

What stays on your device

ScreenGuardian uses camera frames locally in memory to estimate posture, screen distance, eye-break timing, and optional hand-to-face habits.

Camera frames are not sent anywhere. They pass through the app on your device for real-time feedback, and ScreenGuardian does not store them.

We do not receive:

  • Camera video or images
  • Raw camera frames
  • Microphone audio
  • Audio recordings
  • Posture records
  • Habit records
  • Your daily desk routine

The camera view is used only for the real-time feedback you see in the app, not to build a cloud profile. ScreenGuardian does not need microphone permission and does not listen to your room, calls, or conversations.

Face geometry, posture landmarks, and biometric privacy

To estimate posture and screen distance, ScreenGuardian uses Google's MediaPipe library on your device to detect face landmarks (eye, nose, ear positions), pose landmarks (shoulder positions), and optional hand landmarks. These measurements are sometimes legally categorised as "biometric identifiers" or "face geometry" data.

Specifically, and so this is unambiguous:

  • Processing is on-device only. Face / pose / hand landmarks exist as in-memory numbers (coordinate values) for the milliseconds it takes to evaluate one camera frame, then are discarded. They are never written to disk and never transmitted off the device.
  • No identification. ScreenGuardian does not use these landmarks to identify, authenticate, or distinguish you from another user. It uses them only to derive posture / distance / hand-to-face signals for the current session.
  • No template / database. We do not build a face template, an enrolment vector, a recognition database, or any persistent representation of your face or body. The next session starts from zero.
  • No sharing. Because the data does not leave your computer, it is not shared with us, with vendors, with advertisers, with law enforcement (we have nothing to share), or with anyone else.
  • Retention: zero. Landmark data is discarded immediately after the frame is processed.

ScreenGuardian is designed with biometric-privacy requirements in mind, including those of the Illinois Biometric Information Privacy Act (BIPA, 740 ILCS 14/) and the EU GDPR's special-category-data provisions (Article 9). Whether and how those laws apply to on-device, zero-retention landmark processing is a question for counsel; we describe what we actually do above so you can make an informed decision. When you accept the Terms of Service at first launch, you give your informed consent for ScreenGuardian to perform the local processing described in this section. You may withdraw that consent at any time by uninstalling the app; because no biometric data is stored, there is nothing further to delete on our side.

If you are in Illinois, Texas (CUBI), Washington (My Health My Data Act), or another jurisdiction with a biometric-data statute and you have questions about this section, email screenguardian.info@gmail.com.

What we may receive

We receive only the information needed to run the product and support account access:

  • Your email address if you create an account, sign in with Google, attach an invite, or contact support
  • Your access status
  • Basic access and device-link records used to decide whether the app may run
  • Download access logs needed to protect early-access and paid downloads
  • Basic website and service logs needed for security and reliability
  • Messages, screenshots, logs, and attachments you choose to send to support
  • Small optional crash reports if you turn Crash Reports on in the app

ScreenGuardian may also check for app updates and account access status. Those checks never include camera frames, images, posture events, habit events, or local chart history.

Optional crash reports are off unless you turn them on. If enabled, they are limited to technical details needed to reproduce failures, such as app version, operating system, runtime versions, camera backend/settings, sanitized exception details, and a short scrubbed error log tail. They do not include camera frames, screenshots, microphone audio, posture or distance history, habit records, chart history, typed content, or raw local files. You can turn them off in Settings.

Notification mode

Notification mode keeps the live camera view and real-time alerts running while pausing local stats, dashboard, goals progress, charts, and alert-history writes. It controls local storage inside the desktop app; it does not change the core camera-frame promise, because camera frames are never sent anywhere in either mode.

Accounts and invites

If you create a ScreenGuardian account, we use your email address to sign you in, attach early access or an explicit access grant, and keep your access available across releases. Invites are single-use and become linked to the account that attaches them.

If you sign in with Google, Google tells us the basic profile information needed to create or locate your ScreenGuardian account, such as your email address. We do not request access to your Google Drive, Gmail, Calendar, contacts, or other Google product data.

The desktop app may cache your last valid access status so eligible users can keep using ScreenGuardian during temporary network outages. Cached access is bounded by the last successful verification and by the access expiry date when one exists; it is used only to decide whether the app should run. It does not send camera frames, posture records, habit records, or local chart history.

Account and marketing email

We send transactional email — sign-in links, password resets, security notices, account or access updates, and notice of material changes to these policies — because it is necessary to operate the account you asked for. These are not optional, since they are part of providing the service.

We only send marketing email (occasional product news — new features and important changes) if you explicitly opt in. The marketing checkbox at signup is unchecked by default and is never a condition of creating an account. You can unsubscribe at any time from the link in any marketing email, or by emailing screenguardian.info@gmail.com — unsubscribing from marketing does not affect the transactional email needed to run your account.

Downloads

Downloads are available to accounts with active early access, an explicit access grant, or paid access. When you request a download, we may record the account, platform, timestamp, and a basic security log entry so we can prevent abuse and investigate distribution issues.

Payments

ScreenGuardian is free while early access is active on your account. When paid plans launch, continued use will require an active plan or explicit access grant. Payment details will be handled by a secure checkout provider. We will not store your full card number.

Website cookies and local storage

The website uses only strictly necessary browser storage. When you sign in, your browser keeps your login session in its local storage so you stay signed in between pages — this is required for the account area to work. Cloudflare, which serves the site, may set its own essential security cookies (for example, to mitigate abuse). That is the extent of it.

We do not set advertising cookies, tracking pixels, behavioral analytics cookies, or any cross-site identifiers. Because the site uses only storage that is strictly necessary to deliver the service you asked for, we do not show a cookie consent banner — under ePrivacy/PECR and equivalent rules, strictly necessary storage is exempt from consent. If we ever introduce non-essential or analytics cookies, we will ask for your consent first.

Cloudflare may provide basic, aggregated, cookieless website analytics and security logs for page views, performance, abuse prevention, and reliability. Those website logs are separate from the desktop app and do not include camera frames, posture records, habit records, chart history, microphone audio, or desktop activity.

You can clear this storage at any time through your browser settings; doing so will sign you out.

Service providers we use

To run the account, website, and downloads, ScreenGuardian relies on a small number of service providers (sub-processors) that handle limited data on our behalf. None of them ever receives camera frames, face/pose/hand landmarks, or your posture/habit history — that data never leaves your device.

  • Supabase — account database, sign-in, and the small server-side functions for entitlement, device linking, downloads, and feedback. Sees your account email, access state, device links, download events, and any feedback you send.
  • Cloudflare — hosts the website and delivers it from the edge. Sees standard request metadata and provides aggregated, non-tracking analytics and security logs.
  • GitHub — hosts the public installer downloads.
  • Email/payment providers — when configured, an email provider sends sign-in and account email, and (for future paid plans) a secure checkout provider handles billing; we do not store your full card number.

A consolidated map of what each provider sees, with retention and legal basis, is maintained in docs/DATA_INVENTORY.md.

Withdrawing your consent

You can withdraw your consent to ScreenGuardian's processing of camera frames, face / pose / hand landmarks, and any other data, at any time. There is no penalty, no friction, and no waiting period:

  • Quit the app (Cmd-Q on macOS, Alt-F4 on Windows, or the tray menu's Quit item). Camera capture and landmark detection stop immediately. Nothing further happens until you open ScreenGuardian again.
  • Pause monitoring (in the app or tray menu). Turns the camera off and stops landmark detection until you start monitoring again, without quitting the app.
  • Mute alerts (the tray menu's Mute alerts submenu). Silences reminders for the duration you choose while camera capture and detection continue.
  • Erase local data (in-app → the gear icon → Privacy & Security → Erase all data). Wipes the local SQLite database, calibration, settings, and alert history.
  • Uninstall ScreenGuardian. Removes the application. Local data left in ~/Library/Application Support/ScreenGuardian (macOS) or %APPDATA%\ScreenGuardian (Windows) can be deleted manually if you want a complete wipe.
  • Delete your account (on the website at /account → Security → Delete my account). Permanently removes your account, every device link, and the data tied to it. Cannot be undone.

GDPR Article 7(3) requires that withdrawal be as easy as giving consent; for ScreenGuardian it is easier, because consent is a single checkbox at first launch and withdrawal can be a single key press (Cmd-Q) — followed optionally by uninstall + erase if you want a clean wipe.

Data deletion and export

You can delete local ScreenGuardian data from inside the app.

To delete your account and the data tied to it, sign in at https://screenguardianapp.com/account, open the Security section, and use Delete my account. Deletion is immediate and final; we can't restore an account afterwards.

To download a copy of what we hold about your account, use Download my data in the same section. The export is a JSON file with your profile, beta redemptions, subscription history, linked devices, and an index of feedback reports.

If you'd rather have us handle either request manually, email screenguardian.info@gmail.com.

Some records may be retained where required for security, fraud prevention, legal compliance, or support history.

California residents

ScreenGuardian does not sell or share personal information for cross-context behavioral advertising. We do not run ad networks, advertising pixels, or behavioral product analytics on the website or in the desktop app.

If you are a California resident and want to exercise your rights under the CCPA / CPRA — to know what we hold about you, to correct it, or to delete it — email screenguardian.info@gmail.com. We respond to verified requests within 45 days.

EEA / UK residents

If you are in the European Economic Area or the United Kingdom, ScreenGuardian processes account and access data on the legal bases of contract (to provide the service you signed up for) and legitimate interest (to keep the service secure and reliable). The local processing of camera frames for face / pose / hand landmark detection involves data that may qualify as a special category under GDPR Article 9; the legal basis for that processing is your explicit consent given when you accept the Terms of Service on first launch, and you can withdraw that consent at any time by uninstalling the app. You can email screenguardian.info@gmail.com to exercise your rights over account information: the right of access, rectification, erasure (the "right to be forgotten"), restriction of processing, data portability (a copy in a common machine-readable format), and the right to object. Account erasure is also self-service from Account → Security → Your data. Where our processing relies on consent, you can withdraw that consent at any time without affecting processing already carried out. You also have the right to lodge a complaint with your local supervisory authority.

International data transfers

ScreenGuardian is operated from the United States, and the limited account and access data we hold is stored there. If you use ScreenGuardian from the European Economic Area, the United Kingdom, or elsewhere outside the US, that data is transferred to and processed in the US by our service providers:

  • Supabase stores account data in AWS West US (Oregon). Transfers are covered by Supabase's Data Processing Agreement, which incorporates the EU Standard Contractual Clauses (Commission Decision (EU) 2021/914, Module Two) as the GDPR Article 46 safeguard. UK transfers are covered by the UK Addendum to those clauses.
  • Cloudflare serves the website from its global edge. Its Data Processing Agreement incorporates the Standard Contractual Clauses, and Cloudflare is certified under the EU-U.S. Data Privacy Framework (and its UK extension).

The on-device camera analysis is never transferred anywhere — face, pose, and hand landmarks are processed in memory on your computer and are not sent to us or to any provider, so no special-category data crosses a border.

You can request a copy of the safeguards we rely on by emailing screenguardian.info@gmail.com.

Children

ScreenGuardian is intended for general audiences aged 13 and up. We do not knowingly collect data from children under 13.

Changes to this policy

The "Last updated" date at the top of this page reflects the current version. Minor edits (clarifications, typo fixes) update that date only. For material changes — for example a new category of data, a new way we use it, or a new service provider — we will give notice by email to the address on your account and post a notice on the website before the change takes effect, so you have a chance to review it. Material changes affecting how we process the on-device camera analysis will be highlighted specifically.

Contact

Questions: screenguardian.info@gmail.com
Security disclosures: see Security Policy.