Point review at the critical building blocks
A separate core shows which parts matter for security and privacy. They do not disappear inside the full product.
Security Core
The security core behind Timmy
With Timmy, trust should be reviewable. Pairing, signaling, and backend boundaries therefore live in a separate public core.
- Pairing and signaling can be followed openly
- Security-critical core separated from the app surface
- Guides translate technical details into parent questions
What is visible here
The architecture behind the security promise
1
Follow the pairing logic
The core shows ECDH pairing, key derivation, and document boundaries where they can be checked.
2
See signaling boundaries
Firestore and backend contracts sit where privacy and review need them.
3
Connect parent questions with guides
If you care more about daily use, the guides continue with pairing, privacy, and app permissions.
Read next
For the parent view on the same topics, continue in the guides: secure pairing, privacy, and app permissions.
Pairing Signaling Backend boundaries open to review
This page is the technical sister of the guides. The guides explain parent questions around pairing, privacy, and network architecture. Here, the focus is on the places in the system where those questions are decided.
The path stays calm: first orientation, then the reviewable areas, then repository details.
Why separate it?
Because trust depends on a few critical places
Not every line in a baby monitor matters equally. The decisive parts are the ones that pair devices, move signaling through backend paths, and define which data can ever reach a server.
Keep product surface and security logic separate
The app surface can change while the reviewable security boundaries stay stable and readable.
Make the architecture easier to understand
A public core needs clear contracts and documentation that make sense even without reading the whole app.
What lives in the core?
The building blocks behind every connection
The core bundles the parts that decide whether a session can be trusted. The rest of the product logic stays separate.
Firestore and backend boundaries
Which documents exist, which data may enter them, and when sessions are cleaned up belongs in the reviewable core.
Contracts between client and server
Signaling is a defined contract. It creates concrete privacy and security boundaries.
ECDH pairing and key derivation
The core shows how a short code becomes real session security through ECDH and key derivation.
Security architecture as a public document
The core also includes the architecture explanation. That is what makes review and discussion concrete.
Repository & guides
From public core to parent perspective
Technical review paths only help if parents can understand the consequences. That is why this page links the repository to matching guide topics.
Public Git repository
baby-monitor-timmy-core is open to inspect
The repository contains the security-relevant building blocks: pairing, signaling, backend boundaries, and the security architecture documentation. The app surface stays separate, so the part that matters most for trust can be reviewed directly.
Open repository on GitHub →Secure baby monitor pairing
Why a short code alone is not enough and what good pairing needs.
Understand secure pairing →Privacy in baby monitor apps
The starting point for practical parent criteria: data flow, storage, and third parties.
Understand secure pairing →See Timmy in the real app flow
Back to the app surface: the homepage shows how this architecture feels in daily use.
Watch interactive demo →