Data protection homee
Your data belongs to you – especially as sensitive data as that from your Smart Home, this is also very important to us, and that is why we have set data protection as the center of our system architecture.
Our principle: We do not process or save anything that is not necessary for the functioning of your system. If processing or storage is necessary, this should not be attributable to you or your homee.
Here you will find everything you need to know about data protection if you use one of our homees.
Represented by the CEOs:
Mario Weißensteiner, Waldemar Wunder.
Each homee works independently, which means that all data is saved locally on your homee. No one except you has access to this data, unless someone gives it directly (by login) or indirectly (by activating a feature that requires access).
We can theoretically read all communication that takes place between the app and the core. If you don’t want to use the proxy server, you can also run your homee in stand-alone mode.
As soon as you have connected a homee to the Internet, it updates its time. This is important for different features (time Homeegrams, position of the sun, etc.) and security-related aspects (validity of SSL certificates, etc.). homee uses for this NTP (http://www.ntp.org) (industry standard). You can use your homee in stand-alone mode to prevent your homee from getting the correct time at NTP. Then you can transfer the time of your device to homee using the app.
Location (Brain Cube)
If you don’t want homee to use this interface, you can switch off the automatic location detection in the privacy settings.
If you create a geofence in the app for presence detection, entering and leaving the area will be reported to your homee, even if the app is in the background. The location is only stored on the device to enable the geofence function and is not transmitted at any time.
If you don’t want your homee to get the weather data, you can simply turn off the weather feature in the privacy settings.
In the Homeegrams we offer the possibility to send webhooks. Please be aware that depending on where you send it to, data may be stored there.
Push notifications / Email notifications
Since we forward all messages to the respective (iOS/Android/Mail) notification services, we can theoretically see the complete message content. Including homee ID and IP address. However, we have reduced the logging to the bare minimum and only store the homee ID to which the message is sent for 3 months. The content of the messages is not stored by us at any point.
Third party web services
Devices that you connect to homee via one of the radio cubes all communicate locally with your homee.
When connecting other devices (e.g. Netatmo devices), your homee may not be communicating directly with the device, but with a web service behind the respective device. If this is the case, you give homee access data to these services when adding them. If the service makes it possible (a good person should), it will not save the access data, but only an access token generated with it. With this you can withdraw access at any time from the respective service homee.
Voice assistants (Amazon Alexa, Google Assistant)
If you link one of the voice assistants to your homee, the other side (Amazon, Google) will have access to an access token to your homee. That means there is complete access to your homee. You can revoke this access in the homee app at any time by deactivating the respective service. In order to be able to connect homee and the voice assistants, data is stored in different places. When linking (oAuth) your homee ID and an access token with a short validity of one hour are stored on a server provided by us.
In order to be able to further develop homee in a targeted manner, homee (if you have activated homee beta or activated homee analytics) sends analysis data to a server provided by us. This data is anonymized and cannot be traced back to your homee. We are not interested in that at all. We only collect the following statistics:
- Total number of users and distribution among the roles (chief homee, homee and minor homee).
- Number of end devices logged on to homee (smartphone, tablet and WebClients).
- Number of programs
- Number and type of triggers
- Number and type condition
- Number and type of actions
- Number of groups
- Number of devices broken down by wireless technology
- Amazon Alexa linked
- Time zone in which homee is located
We store this data for a period of 3 months and then delete it.
If there is an update, your homee receives the download link and then downloads the update. We host the updates at Amazon (AWS – https://aws.amazon.com/de/). [You can find their data protection declaration here] (https://aws.amazon.com/de/privacy/). Since the currently installed homee version is also sent during the update check, we collect statistics here on how many homees are running on which version.
In order to be able to solve a problem on your homee, it is sometimes necessary to have direct access to your homee. Of course, we cannot and do not want to activate this remotely – you have to do this yourself in the homee apps when requested. As soon as we have received the access data from you, we of course have full access to your homee (SSH). We then use it to find and solve the existing problem. If you no longer want us to have access to your homee, you can withdraw it from us at any time by switching off the support access.
If you use one of the homee apps, we collect some statistics about it. These cannot be attributed to you or your homee. For us it is important, for example, which version of the respective operating system you are using or whether your device is a smartphone, tablet or desktop computer (browser). We use this data to be able to better decide which operating systems etc. we still have to support, since they are still being used significantly.
We collect the following statistics:
- End device: manufacturer, model, operating system, language, country.
- App: version number, name, environment (beta/stable)
- Number of connected homee Cubes in the app.
- App settings: Dashboard welcome text active yes/no, dark mode
- App events: opening of certain screens
If you don’t want your homee app to send this data, you can switch off the Analytics app in the data protection settings.
App Crash Reporting
When your homee app crashes, it sends us a crash report so we can investigate the reason for the crash. We can only see in which function the crash happened, what kind of device you are using and which version of the homee app you have. This data cannot be traced back to you or your homee.
If you do not want your homee app to send this data, you can disable app crash reporting in the privacy settings.
Data is only passed on to third parties within the framework of legal requirements. We pass this on if, for example, this is necessary for contractual purposes in accordance with Art. 6 Para. 1 lit. b) DS-GVO, we are obliged to do so due to legal requirements in accordance with Art. 6 Para. 1 lit. c) DS-GVO or we have a legitimate interest in the economic and effective operation of our business operations in accordance with Art. 6 Para. 1 lit. f) DS-GVO. This includes the transfer of this data to companies affiliated with us.
Within the scope of a data protection-related commissioned processing pursuant to Art. 28 DS-GVO, we use service providers for the operation and maintenance of our information technology systems, who may obtain knowledge of your personal data in this context. We have therefore taken appropriate legal, technical and organizational measures with the service providers to ensure the protection of your personal data in accordance with legal requirements. Your personal data will not be transferred to a third country or to an international organization.
If we process personal data of you, you are a data subject within the meaning of the General Data Protection Regulation (GDPR) and have the following rights: right to information (Art. 15 GDPR), right to rectification (Art. 16 GDPR), right to erasure (Art. 17 GDPR), right to restriction of processing (Art. 18 GDPR), right to data portability (Art. 20 GDPR) and right to object to processing (Art. 21 GDPR). Furthermore, you have the right to complain to a data protection supervisory authority. In the case of a request for information that is not made in writing, we ask for your understanding that we may then require evidence from you that proves that you are the person you claim to be.
You can contact our data protection officer by e-mail at firstname.lastname@example.org or via our postal address with the addition of “The Data Protection Officer”.
We are happy to delete data that can be traced back to you or your homee on request. Just send an email with the subject “Deletion request” to email@example.com
Have fun using your homee
Your homee team