Privacy Policy

1. Information We Collect

1.1 Account Information

When you create a DarkSmart account, we collect:

• Full name and email address
• Authentication credentials (hashed passwords, OAuth tokens)
• Account preferences and settings
• Profile information you choose to provide

1.2 Device and Smart Home Data

To provide smart home functionality, we collect:

• Device identifiers: Unique IDs for connected devices, MAC addresses, device firmware versions
• Device names and locations: Custom names you assign (e.g., "Living Room Light")
• Device state data: On/off status, brightness levels, temperature readings, sensor data
• Network information: Local IP addresses, connection status, signal strength
• Automation rules: Your custom flows, schedules, and automation configurations
• Usage patterns: Timestamps of device interactions and commands

1.3 Voice Assistant and Intent Data

When you connect DarkSmart to Google Home or other voice assistants:

• Google Home: Google processes your voice commands on their infrastructure. We only receive structured intent data (e.g., "turn on bedroom light"), never raw audio recordings or transcriptions of your voice.
• Account linking: OAuth2 tokens that allow secure communication between your DarkSmart account and the voice platform
• Command logs: Records of commands executed (without audio) for troubleshooting and service improvement

1.4 Technical and Diagnostic Data

• Connection logs (WebSocket, MQTT broker connections)
• Error reports and crash logs (anonymized where possible)
• API usage metrics and performance data
• Mobile app analytics (app version, device type, OS version)
• IP addresses and general location data (country/city level for service delivery)

1.5 Communications Data

• Support tickets and email correspondence
• Feedback and survey responses
• Subscription to marketing communications (opt-in only)

2. How We Use Your Information

We use the collected information for the following purposes:

2.1 Service Delivery

• Provide smart home device control and automation
• Enable integration with Google Home, MQTT brokers, and Matter devices
• Synchronize device state across web, mobile, and voice interfaces
• Process and execute automation rules and schedules

2.2 Account Management

• Create and maintain your account
• Authenticate and authorize access to your devices
• Process account deletion and data portability requests

2.3 Service Improvement

• Monitor system performance and reliability
• Diagnose technical issues and bugs
• Analyze usage patterns to improve features (using aggregated, anonymized data)
• Develop new features and integrations

2.4 Security and Fraud Prevention

• Detect and prevent unauthorized access
• Monitor for suspicious activity or abuse
• Maintain audit logs for security investigations

2.5 Communications

• Send service notifications (system status, firmware updates, security alerts)
• Respond to support requests and feedback
• Send marketing communications (only with your consent; easily unsubscribed)

2.6 Legal Compliance

• Comply with applicable laws and regulations
• Respond to lawful requests from authorities
• Enforce our Terms of Service

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), UK, and Algeria, we process your data based on:

• Contract Performance: Processing necessary to provide the DarkSmart service you've signed up for
• Legitimate Interests: Service improvement, security, and fraud prevention
• Consent: Marketing communications and optional analytics
• Legal Obligation: Compliance with applicable laws

4. How We Share Your Information

We do not sell, rent, or trade your personal information. We share data only in the following limited circumstances:

4.1 Third-Party Service Providers

We work with trusted partners who help us provide our services:

• Google Cloud Platform: Cloud hosting and infrastructure (data centers in EU/US)
• Firebase: Authentication, cloud functions, and real-time database
• MQTT Brokers: Cloud message routing for device communication
• Email Service Providers: Transactional and marketing emails
• Analytics Providers: Aggregated, anonymized usage statistics

All service providers are bound by data processing agreements and are prohibited from using your data for any purpose other than providing services to DarkSmart.

4.2 Voice Assistant Platforms

When you link your account:

• Google Home: Shares device list, state information, and fulfills commands. Governed by Google's Privacy Policy
• Other integrations: Similar limited data sharing as required for functionality

4.3 Legal Requirements

We may disclose information if required by:

• Legal process (court order, subpoena, warrant)
• Protection of rights and safety of DarkSmart, users, or the public
• Enforcement of our Terms of Service
• Investigation of fraud or security incidents

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the successor entity, subject to this Privacy Policy.

5. Data Storage, Security, and International Transfers

5.1 Where Your Data is Stored

• Primary storage: Google Cloud servers in the European Union (Belgium, Netherlands)
• Backup storage: Encrypted backups in EU and US regions
• Edge processing: Some device data processed locally on your network (MQTT/Matter bridges)

5.2 Security Measures

We implement industry-standard security practices:

• Encryption in transit: TLS 1.2+ for all web, API, and mobile app connections
• Encryption at rest: AES-256 encryption for stored data
• Authentication: OAuth2 for account linking, bcrypt for password hashing
• Access controls: Role-based access, principle of least privilege
• Monitoring: 24/7 automated security monitoring and intrusion detection
• Regular audits: Quarterly security assessments and penetration testing
• Secure development: Code reviews, dependency scanning, automated security testing

5.3 International Data Transfers

Your data may be transferred to and processed in countries outside your residence, including the EU and United States. We ensure adequate protection through:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Data Processing Agreements with all processors
• Compliance with GDPR for EU/Algeria users

5.4 Breach Notification

In the unlikely event of a data breach affecting your personal information, we will notify you and relevant authorities within 72 hours, as required by applicable law.

6. Data Retention

We retain your information only as long as necessary for the purposes described above:

After the retention period, data is securely deleted using industry-standard data destruction methods.

7. Your Privacy Rights

You have the following rights regarding your personal information:

7.1 Right to Access

You can request a copy of all personal data we hold about you. Access your data through the DarkSmart mobile app settings or email imedimami@gmail.com.

7.2 Right to Rectification

Update incorrect or incomplete information through your account settings or by contacting us.

7.3 Right to Erasure ("Right to be Forgotten")

Delete your account and all associated data through the app (Settings → Account → Delete Account) or by emailing us. Full deletion is completed within 30 days.

7.4 Right to Data Portability

Export your data in JSON format through the mobile app or request a complete export via email.

7.5 Right to Restriction of Processing

Request that we limit how we process your data in certain circumstances.

7.6 Right to Object

Object to processing based on legitimate interests or for direct marketing purposes.

7.7 Right to Withdraw Consent

Withdraw consent for marketing or optional analytics at any time through app settings.

7.8 Right to Lodge a Complaint

If you're in the EU/EEA, you can file a complaint with your local data protection authority.

8. Cookies and Tracking Technologies

DarkSmart uses cookies and similar technologies on our website and mobile apps:

8.1 Essential Cookies

• Authentication and session management
• Security features and fraud prevention
• Load balancing and performance

These cannot be disabled as they're required for the service to function.

8.2 Performance and Analytics Cookies

• Aggregated usage statistics (Google Analytics with IP anonymization)
• Error tracking and crash reporting
• A/B testing for feature improvements

You can opt out through app settings or browser cookie preferences.

8.3 Marketing Cookies (Opt-in Only)

• Email campaign tracking
• Social media integration

Only used with your explicit consent.

Managing Cookie Preferences

Control cookies through your browser settings or the cookie banner on first visit to our website. Mobile app tracking can be disabled in Settings → Privacy → Analytics.

9. Children's Privacy

DarkSmart is not intended for use by individuals under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such data, please contact us immediately at imedimami@gmail.com, and we will promptly delete it.

Parents and guardians are responsible for supervising children's access to smart home devices and services.

10. Google Home Integration - Specific Disclosures

This section provides additional detail required by Google Home developer policies:

Audio Data Handling

• Does DarkSmart store audio recordings? No. We never receive or store your voice recordings.
• What does Google share with us? Only structured command data (e.g., device ID, action type, parameters).
• Can DarkSmart access my Google account data? Only the minimum required for authentication (account linking via OAuth2). We cannot access your Gmail, Google Drive, or other Google services.
• Google's role: Google processes all voice data on their servers. Review Google's Privacy Policy for details on their data handling.

Account Linking and Permissions

When you link DarkSmart to Google Home, you grant us permission to:

• Read your device list and state information
• Execute commands on your behalf (turn devices on/off, adjust settings)
• Sync device state changes back to Google Home

You can revoke this access anytime through the Google Home app or your DarkSmart account settings.

Data Shared with Google

We share the following information with Google to enable voice control:

• List of your connected devices (names, types, capabilities)
• Real-time device states (on/off, brightness, temperature, etc.)
• Command execution results (success/failure status)

11. Third-Party Links and Services

DarkSmart may contain links to third-party websites, services, or integrations (e.g., device manufacturer websites, voice assistant platforms, MQTT broker providers). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last Updated" date at the top of this policy
• Notify you via email (to your registered email address)
• Display a prominent notice in the DarkSmart app and website
• For significant changes, request your consent where required by law

Your continued use of DarkSmart services after changes take effect constitutes acceptance of the updated policy. We encourage you to review this policy periodically.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or how we handle your personal information, please contact us:

For data protection inquiries from EU/EEA residents, you may also contact your local data protection authority.

14. Governing Law and Jurisdiction

This Privacy Policy is governed by the laws of Algeria and the European Union's General Data Protection Regulation (GDPR) where applicable. Any disputes arising from this policy will be subject to the exclusive jurisdiction of the courts in Algiers, Algeria, except where mandatory consumer protection laws require otherwise.

15. Accessibility

We are committed to making this Privacy Policy accessible to all users. If you have difficulty accessing this document or need it in an alternative format, please contact us at imedimami@gmail.com.