Effective Date: June 1, 2026 | Version: 1.0
1. Introduction
Gated Home (“we,” “us,” or “our”) operates the Gated Home mobile application and related services (“Service”). This Privacy Policy explains how we collect, use, store, and protect your personal information in accordance with the Trinidad and Tobago Data Protection Act, 2011 (Chapter 22:04) (“the Act”).
We are committed to protecting your privacy and handling your data transparently. This policy applies to all users of the Service, including residents, guests, and community administrators.
Data Controller:
Gated Home
Email: privacy@gatedhome.app
2. Information We Collect
2.1 Information You Provide Directly
| Data | When Collected | Purpose |
|---|---|---|
| Name (first, last) | Account registration | Identity, display in community |
| Email address | Account registration | Authentication, notifications, account recovery |
| Password | Account registration | Authentication (stored as bcrypt hash, never plaintext) |
| Mobile phone number | When you choose to add it | Gate call feature, SMS notifications |
| Guest information | When you add a guest | Guest gate access management |
| Vehicle information | When you register a vehicle | Automated gate access via ALPR |
| Payment information | When you subscribe | Subscription billing (processed by Stripe — we do not store card numbers) |
2.2 Information Collected Automatically
| Data | When Collected | Purpose |
|---|---|---|
| Device token (FCM) | App installation with notification permission | Push notifications |
| Device platform (iOS/Android) | App usage | Platform-specific functionality |
| IP address | API requests | Security, rate limiting, fraud prevention |
| Gate activity logs | Each gate interaction | Audit trail, security monitoring |
| BLE proximity data (RSSI) | Gate access via Bluetooth | Proximity verification for security |
| GPS location | When “Approaching Home” is enabled | Automatic gate opening based on geofence |
2.3 Information from Third Parties
| Source | Data | Purpose |
|---|---|---|
| Community administrator | Your invitation (email, role, home number) | Onboarding you to a community |
| Stripe | Subscription status, payment confirmations | Billing management |
| Amazon / Google | User ID, authorization tokens | Voice-controlled gate access |
3. How We Use Your Information
| Purpose | Legal Basis |
|---|---|
| Providing gate access control | Contractual necessity |
| Authenticating your identity | Contractual necessity |
| Sending gate activity notifications | Contractual necessity / Legitimate interest |
| Processing payments | Contractual necessity |
| Guest access management | Consent (separate) |
| ALPR vehicle matching | Explicit consent (separate) |
| Geofence-based gate opening | Explicit consent (separate) |
| Phone number sharing | Explicit consent (separate) |
| Security monitoring and fraud prevention | Legitimate interest |
We do NOT use your information for:
- Advertising or marketing profiling
- Selling to third parties
- Tracking your movements beyond gate access
- Building behavioural profiles
- Automated decision-making that produces legal effects
4. How We Share Your Information
4.1 Within Your Community
| Data | Visibility | Notes |
|---|---|---|
| Your name | Community members | Displayed in the community resident list |
| Gate activity (your opens/closes) | Community administrators | Security audit log |
| Your phone number | Only you | Never shared with other residents or administrators |
| Your guest list | Only you | Other residents and administrators cannot see your guests |
| Your vehicles | Only you | Plate data is never visible to other residents or administrators |
4.2 With Third-Party Service Providers
| Provider | Purpose | Location |
|---|---|---|
| Stripe | Payment processing | United States |
| Twilio | SMS notifications, gate calls | United States |
| Amazon Web Services (AWS) | Cloud infrastructure, storage | United States |
| Firebase Cloud Messaging | Push notifications | United States |
| Amazon Alexa | Voice control integration | United States |
| Google Home | Voice control integration | United States |
4.3 Cross-Border Data Transfer
Your data is processed and stored on servers located in the United States (AWS us-east-1). Under Section 6(l) of the Act, we ensure comparable safeguards exist through contractual agreements, technical safeguards (encryption), and AWS compliance certifications (SOC 2, ISO 27001).
4.4 We Will NOT Share Your Data With:
- Law enforcement without a valid court order (Section 42(c) of the Act)
- Other Gated Home communities (your data is isolated per community)
- Advertisers or data brokers
- Any party not listed above without your explicit consent
5. Data Retention
| Data Type | Retention Period |
|---|---|
| Account information (name, email) | Until you delete your account |
| Gate activity logs | Community-configured (default: 7 days, max: 90 days) |
| Guest records | Until you delete the guest |
| Vehicle records (ALPR) | Until you delete the vehicle |
| ALPR snapshots | 7 days |
| Device tokens | Until you log out or uninstall |
| Payment records | As required by tax law (7 years) |
| Consent records | Indefinitely (legal requirement) |
| Waypoint check-ins | 30 days |
6. Data Security
We implement the following safeguards:
- Encryption at rest: All databases encrypted (AES-256). Passwords hashed with bcrypt. Licence plates hashed with HMAC-SHA256.
- Encryption in transit: All API communication uses HTTPS (TLS 1.2+). MQTT uses TLS.
- Access control: Role-based access. Multi-tenant isolation between communities. No employee access to production data without audit.
- Infrastructure: AWS with VPC isolation. Automated security patching. Regular dependency audits.
7. Your Rights
Under the Trinidad and Tobago Data Protection Act, you have the following rights:
7.1 Right of Access (Section 75)
Request a copy of all personal information we hold about you. We will respond within 30 days. Email privacy@gatedhome.app with the subject “Data Access Request.”
7.2 Right to Correction (Section 57)
Correct inaccurate personal information at any time via the app (profile settings, vehicle details, guest information).
7.3 Right to Deletion
Delete your account and all associated data at any time. Use the in-app “Delete Account” feature or email privacy@gatedhome.app.
7.4 Right to Withdraw Consent
Where we process your data based on consent (ALPR, phone sharing, geofencing), you may withdraw at any time. Withdrawal takes effect immediately and does not affect prior processing.
7.5 Right to Challenge Compliance (Section 6(k))
Challenge our compliance with the Act. We will respond within 30 days. Email privacy@gatedhome.app with the subject “Compliance Challenge.”
8. Children’s Privacy
The Service is not intended for individuals under 18. We do not knowingly collect personal information from children.
9. Cookies and Tracking
The Gated Home mobile application does not use cookies, advertising trackers, analytics SDKs, or fingerprinting technologies.
10. Data Breach Notification
In the event of a data breach that poses a risk to your rights, we will notify affected individuals within 72 hours and report to the Information Commissioner if significant.
11. Changes to This Policy
Material changes will be communicated via the app. If a change affects how we use data you’ve already provided, we will ask for your renewed consent.
12. Automated Decision-Making
The ALPR system makes automated decisions about gate access based on licence plate matching. This only applies to users who have explicitly consented, can be overridden via manual access, and can be disabled by removing your vehicle registration.
13. Contact Us
For privacy-related questions, requests, or complaints:
- Email: privacy@gatedhome.app
- Response time: Within 30 days for formal requests
If unsatisfied with our response, contact the Office of the Information Commissioner of Trinidad and Tobago:
- Website: oic.gov.tt
- Email: commissioner@oic.gov.tt
Last updated: June 2026