Teacher & Worker Privacy Addendum

Sentinel Shield Safety Infrastructure

This Teacher & Worker Privacy Addendum (“Addendum”) applies specifically to individuals using Sentinel Shield in professional environments, including teachers, educational staff, healthcare workers, security personnel, administrative staff, support workers, and other protected workers (“Users”).

This Addendum supplements the Sentinel Shield Privacy Policy and forms part of the deployment terms between Sound Sentinel Corporation, deploying organizations, authorized service partners, and participating Users.

Where this Addendum provides stronger privacy, worker-rights, or data-use protections than the general Sentinel Shield Privacy Policy or any deployment document, this Addendum governs.

Sentinel Shield is designed as a worker-controlled emergency-response infrastructure. It exists to support Users during safety-related incidents. It is not a surveillance system, not an employee-monitoring system, not a productivity tool, and not a disciplinary mechanism.

1. Purpose and Scope

Sentinel Shield exists solely to support:

rapid assistance requests;
accurate emergency location context;
coordinated safety response;
responder notification;
incident acknowledgement;
and post-incident safety documentation where lawfully required.

Sentinel Shield may not be used for any purpose beyond worker safety, emergency response, safety documentation, lawful reporting, and system-readiness validation.

No feature of Sentinel Shield may be used for employee discipline, performance evaluation, attendance verification, productivity measurement, behavioural analysis, workplace surveillance, classroom observation, or labour-relations monitoring.

2. Dedicated Sentinel Shield Device

Where Sentinel Shield is deployed using a dedicated Sentinel Shield handheld device, the device is purpose-built solely for emergency assistance activation and safety-response communication.

The dedicated Sentinel Shield device:

contains no camera;
contains no microphone;
contains no GPS capability;
does not record audio;
does not record video;
does not capture images;
does not listen to conversations;
does not visually monitor Users;
and does not perform GPS-based location tracking.

The dedicated device is not a general-purpose employee device. It is not intended for email, web browsing, messaging, classroom observation, attendance tracking, productivity tracking, or employee performance assessment.

Users are not required to install Sentinel Shield on a personal mobile phone, use a personal Apple ID or Google account, provide access to personal contacts, personal files, personal photos, personal messages, or use a personal cellular or data plan.

The dedicated Sentinel Shield device is an emergency activation endpoint. It is not a worker-tracking device.

3. Privacy-by-Design Commitment

Sentinel Shield is designed to minimize privacy risk by limiting the type, amount, and purpose of data associated with each deployment.

The system is built around the following principles:

User-controlled activation;
no continuous worker monitoring;
no audio recording;
no video recording;
no GPS tracking;
no personal-device access;
no behavioural analytics;
no productivity measurement;
no disciplinary use;
and no secondary use of safety data.

Sentinel Shield is designed to support worker safety and emergency response, not employer surveillance or workplace control.

4. Absolute Prohibitions

Sentinel Shield data shall not be used for:

employee discipline or investigation;
performance management or evaluation;
attendance tracking;
timekeeping;
behavioural analysis or profiling;
productivity measurement;
classroom observation or monitoring;
retroactive movement reconstruction;
labour-relations disputes;
workplace surveillance;
HR decision-making;
or any non-safety employment purpose.

No internal policy, administrative practice, managerial discretion, or informal workplace procedure may override these prohibitions.

Disclosure required by law, court order, regulatory authority, insurance obligation, or mandatory safety investigation must be limited to the minimum information legally required and must not create a general right to use Sentinel Shield as an employee-monitoring tool.

5. User-Initiated Activation Only

Sentinel Shield does not generate an emergency alert unless the User manually initiates a help request through the dedicated device or another approved Sentinel Shield activation method.

No administrator, supervisor, employer, school official, system operator, or service partner may remotely activate an emergency request on a User’s behalf.

When not activated, Sentinel Shield does not:

monitor Users;
listen to Users;
watch Users;
record Users;
GPS-track Users;
analyze Users;
score Users;
evaluate Users;
or create behavioural data about Users.

Sentinel Shield exists in standby mode only to ensure that the emergency-response pathway is available when needed.

Limited technical-readiness checks may be used solely to confirm that the device, gateway, network connection, software version, and emergency-response pathway are operational.

Technical-readiness checks may not be used for attendance, discipline, productivity monitoring, performance review, behavioural analysis, worker profiling, classroom observation, or labour-relations purposes.

6. Location Context: Zone-Based, Not Tracking

Sentinel Shield location context is limited to predefined safety-response areas such as:

room;
hallway;
wing;
floor;
entrance;
office;
gymnasium;
cafeteria;
playground;
parking area;
exterior zone;
or other configured workplace safety zone.

Sentinel Shield does not perform continuous location tracking.

Sentinel Shield does not create historical movement logs.

Sentinel Shield does not reconstruct a User’s path of travel.

Sentinel Shield does not generate location timelines for employee review, discipline, attendance, or performance assessment.

Location context is used only at the moment of a User-initiated help request, drill, test activation, or lawful safety-response event, and only for the purpose of routing assistance accurately.

Location data cannot be replayed, analyzed, or audited for non-emergency employment purposes.

7. No Audio, Video, GPS, or Personal Device Access

The dedicated Sentinel Shield device contains no camera, no microphone, and no GPS capability.

Because these capabilities are not present on the dedicated device, they cannot be enabled by an employer, administrator, supervisor, school official, service partner, or system operator.

Sentinel Shield does not access:

personal phones;
personal contacts;
personal messages;
personal photos;
personal files;
personal applications;
personal browsing history;
personal accounts;
or personal location services.

Sentinel Shield cannot be converted into an audio, video, GPS, or personal-device monitoring system through employer policy, administrative decision, or local deployment practice.

8. Configuration Limits

Deploying organizations may configure only safety-related settings required for emergency response and system readiness.

Permitted configuration may include:

authorized Users;
assigned devices;
assigned rooms or zones;
responder groups;
incident types;
notification pathways;
gateway assignments;
emergency escalation rules;
drill or test mode;
and system-readiness validation.

No administrator, supervisor, school official, employer, service partner, or system operator may configure Sentinel Shield to perform surveillance, audio recording, video recording, GPS tracking, attendance monitoring, productivity measurement, behavioural analysis, classroom observation, employee scoring, or employee performance assessment.

Configuration authority is limited to emergency-response readiness and may not alter the privacy protections contained in this Addendum.

9. Technical Readiness Data

Sentinel Shield may generate limited technical-readiness data to confirm that the system is operational.

Technical-readiness data may include:

device status;
battery status;
gateway connectivity;
software version;
activation readiness;
assigned zone confirmation;
network availability;
and system validation results.

Technical-readiness data is not incident data unless connected to a User-initiated alert, drill, test activation, or lawful safety-response event.

Technical-readiness data may not be used to monitor Users, evaluate Users, discipline Users, determine attendance, assess productivity, infer behaviour, reconstruct movement, or support labour-relations activity.

10. Incident Data

Incident data may be created only when a Sentinel Shield help request, drill, test activation, or authorized safety-response event occurs.

Incident data may include:

alert type;
date and time of activation;
assigned zone or location context;
device identifier;
User identifier, where applicable;
responder acknowledgements;
incident status;
cancellation or resolution status;
and safety-related incident notes.

Incident data exists only to support emergency response, safety documentation, lawful reporting, insurance documentation, and post-incident safety review.

Incident data may not be repurposed for discipline, performance assessment, attendance tracking, productivity review, classroom observation, behavioural analysis, or labour-relations disputes.

11. Drills, Tests, and False Alerts

Sentinel Shield may be used for authorized drills, test activations, and system validation exercises.

Drills and test activations must be clearly identified as non-emergency events wherever technically and operationally possible.

Data from drills, tests, and false alerts may be used only to confirm system readiness, improve emergency procedures, train authorized responders, and verify deployment functionality.

Drill, test, and false-alert data may not be used for employee discipline, performance review, attendance tracking, productivity assessment, behavioural analysis, or labour-relations purposes.

A mistaken activation or false alert shall not be treated as employee misconduct unless there is clear evidence of intentional misuse unrelated to safety.

12. Data Access Controls

Access to Sentinel Shield data is restricted to:

the User who initiated the request, where applicable;
designated emergency responders;
authorized safety administrators only for incident response;
authorized technical personnel only for system-readiness and support purposes;
legal, regulatory, insurance, or safety authorities where required by law;
and Sound Sentinel Corporation or authorized service partners only as necessary to provide, secure, support, or validate the Sentinel Shield system.

Employers may not browse, query, search, audit, export, or review Sentinel Shield data outside an active incident, drill, test activation, system-readiness requirement, lawful obligation, or approved safety review.

All access to incident data should be role-based, limited, logged, and auditable.

Unauthorized access, browsing, exporting, sharing, or secondary use of Sentinel Shield data constitutes a breach of deployment terms.

13. Retention Limits

Incident data and technical-readiness data shall be retained only as long as necessary for safety, legal, regulatory, insurance, operational, or contractual purposes.

Deploying organizations must define retention limits before activation of Sentinel Shield.

Retention limits should address, where applicable:

emergency incident records;
medical incident records;
violent incident records;
drill records;
test activation records;
false-alert records;
cancelled alerts;
technical-readiness records;
and records subject to legal, insurance, or regulatory hold.

Once the applicable retention period expires, data must be deleted, anonymized, or securely archived in accordance with the Sentinel Shield Privacy Policy, deployment agreement, and applicable law.

There is no indefinite storage of Sentinel Shield data for general employment, administrative, or workplace-monitoring purposes.

14. No Secondary Use or Function Creep

Data collected, generated, or processed through Sentinel Shield may not be:

repurposed;
mined for insights;
integrated into HR systems;
integrated into attendance systems;
integrated into productivity tools;
combined with classroom observation tools;
combined with workplace monitoring systems;
used to create employee profiles;
used to score workers;
or used to support non-safety employment decisions.

If a proposed use is not expressly permitted in this Addendum, it is not permitted.

Any new feature, integration, or deployment change that alters data collection, location handling, device permissions, reporting capability, retention, access, or administrative visibility requires prior written review and updated notice.

Where applicable, such changes must also be reviewed with worker representatives, unions, privacy officers, safety committees, or other required stakeholders before implementation.

15. Union and Worker Representation Rights

Where applicable, unions, worker representatives, joint health and safety committees, privacy officers, or other authorized representatives have the right to review Sentinel Shield deployment terms before or during implementation.

Privacy and data-use language may be incorporated into memoranda of understanding, collective bargaining agreements, workplace safety policies, pilot agreements, or deployment agreements.

Sentinel Shield deployment does not waive, replace, diminish, or override existing labour rights, privacy rights, occupational health and safety rights, collective agreement rights, or statutory protections.

Sentinel Shield is designed to support worker authority, not replace it.

16. Employer and Deploying Organization Obligations

Deploying organizations are responsible for ensuring that Sentinel Shield is used only in accordance with this Addendum, the Sentinel Shield Privacy Policy, the deployment agreement, and applicable law.

Deploying organizations must:

train authorized administrators and responders;
prevent unauthorized access;
prevent secondary use;
respect retention limits;
disclose approved use cases to Users;
avoid surveillance-based interpretations of Sentinel Shield data;
and ensure that local workplace practices do not conflict with this Addendum.

Deploying organizations may not create local policies, informal practices, or administrative procedures that weaken the protections contained in this Addendum.

17. Sound Sentinel Corporation Accountability

Sound Sentinel Corporation shall contractually bind deploying organizations and authorized service partners to the privacy, worker-protection, and data-use restrictions contained in this Addendum.

Sound Sentinel Corporation may investigate substantiated misuse, require corrective action, restrict administrative access, suspend service, or terminate deployment where misuse of Sentinel Shield data is identified.

Misuse of Sentinel Shield data constitutes a breach of deployment terms.

Sound Sentinel Corporation retains the right to enforce this Addendum to protect Users, preserve system integrity, and prevent Sentinel Shield from being converted into a surveillance or employee-monitoring tool.

18. Legal, Regulatory, and Safety Disclosures

Sentinel Shield data may be disclosed where required by law, court order, regulatory process, insurance obligation, occupational health and safety requirement, emergency response requirement, or lawful investigation.

Such disclosure must be limited to the minimum information reasonably required for the lawful purpose.

Legal or regulatory disclosure does not permit the deploying organization to use Sentinel Shield as a general employee-monitoring, disciplinary, attendance, productivity, or labour-relations tool.

19. Plain-Language Commitment

You are not being watched.

You are not being listened to.

You are not being GPS-tracked.

You are not being scored.

You are not being monitored.

You are not being evaluated.

You are being backed — only when you ask for help.

Sentinel Shield exists for one purpose: to help protect workers during emergencies.

20. Effective Date

This Addendum is effective as of 24 October 2025 and applies to all Sentinel Shield deployments thereafter, unless replaced by a later version providing equal or stronger User privacy protections.

SSC - Sentinel Shield