How Guard-e-Loo Works

A privacy-first approach to protecting public facilities

Privacy comes first

Guard-e-Loo is designed around one clear principle: protect the privacy of facility users at all times.

By default, cameras are off.

Most of the time, the system relies on simple sensors, such as PIR motion sensors, to detect activity and monitor whether attention may be needed. It does not routinely capture images of people using the facility.

What happens in normal use

In day-to-day operation, the system quietly watches for patterns of use using sensors rather than cameras.

This means:

  • Sensors are on: PIR sensors do the routine monitoring
  • Cameras are off by default: image capture is not the normal operating mode
  • No continuous video is recorded: the system is not filming people using the facility
  • No routine images are taken of people: day-to-day monitoring is sensor-led

This is the standard operating position.

Routine images are empty-room images only

Where routine image capture is used, it is limited to images of an empty room only.

These images are intended to help staff check the condition of the facility, for example to spot damage, mess, or maintenance issues, without photographing people using the space.

This is a key part of Guard-e-Loo's privacy promise.

Entry and exit images are not routine

Guard-e-Loo is being designed so that any capture of entry or exit images of individuals is not part of normal operation.

This would only happen in limited circumstances where there is a suspected incident and there is a clear need to support investigation or safeguarding.

In other words:

  • Not captured routinely: entry and exit images are not part of normal use
  • Only for suspected incidents: they are intended for exceptional circumstances
  • Treated as highly sensitive: any such images require much stronger safeguards

Planned protection for incident-related images

This part of the system is still to be built.

When implemented, any entry or exit images taken in relation to a suspected incident are intended to be encrypted on the camera itself before they leave the device.

The design goal is that:

  • Protection starts at capture: images are encrypted on the camera itself
  • No plain access by default: sensitive images cannot be casually viewed
  • The decryption key is stored offsite: access is separated from the device and site
  • The key is password protected: technical access controls remain in place
  • Multiple authorised people must approve access: no single person can unlock sensitive images alone

This is intended to prevent casual access and support a controlled, accountable authorisation process.

Human oversight is essential

Guard-e-Loo is designed to support responsible human decision-making, not replace it.

The system can help flag that something may need attention, but any access to sensitive incident-related material should happen only through a formal and accountable process.

In simple terms

Guard-e-Loo mainly uses sensors, not cameras.

The default position is:

  • Sensors on
  • Cameras off
  • Empty-room images only for routine checks

If a suspected incident requires entry or exit images, those images are intended to be encrypted on the camera itself and only unlocked through multi-person authorisation.

Want to Learn More?

Contact us for a detailed briefing on Guard-e-Loo's privacy-first approach.

Get In Touch