Last updated 03/30, 2020
Zero Information Leak
The Libre Home system is designed for the best interest of our users. The entire system can be configured in a way to achieve zero information leak to any third-party while still be perfectly functional, although it may take a little more work from users and users may lose some features provided by some third-party IoT apps.
In this document, we give our users detailed information about how any piece of data is used in our business so that users can make decisions in their best interest.
For each device we manufactured, we keep the following data of the device.
- MAC address
- Serial number
- X25519 public key, the private key is discarded
- Manufacture time and QA data
We don't track device sales to individual users unless a user initiates a return request while the device is still under warranty.
Libre Bridge Data
Libre Bridge is our online service. The sole purpose of this service is to help users to communicate with Hub over the Internet using their mobile devices (e.g. Smartphones or Pads).
Libre Bridge only keeps anonymous data below,
Authentication Keys - Hubs or Mobile Clients (e.g. Smartphones) need to first authenticate themselves to use our service.
There are two types of keys,
- Hub Key - Generated during the manufacturing process.
- Mobile Client Key - Managed by Hub Admins.
- Hub IP/Port - for each unique Hub MAC.
Data Anonymity and Privacy
All data are anonymous. We don't implement any user tracking and we don't share any data with third parties.
Note a user's communication with Hub is always end-to-end encrypted with a different key, which we don't possess.
Even in Bridge mode, the communication will be encrypted twice so that our service will help deliver the messages without understanding them.
Hub with Static IP
For Hubs with static IP address. Users don't need to use our service to locate and connect to Hub at all.
However, the Hub still needs to periodically check firmware updates. It can be blocked but the practice is not recommended.
We observe and log every connection to our services and every action performed. We may implement algorithms to identify and mitigate and potential abuse and hacking activity.
We keep the log for up to 5 years.
Mobile (Android/iOS) App
Depending on the connection mode, Mobile App may connect to Hub through Libre Home secure tunnel (Bridge Mode), or a direct TCP connection to the user's broadband router (NAT mode).
Mobile App accesses devices following access permission and access control set forth by Hub's administrator.
Mobile App shares no information with any third-party.
Third-Party Libre IoT Apps
If a third-party IoT app requires exchanging data with any third-party to function correctly, our policy requires the developer to disclose in detail what data are shared and exactly how data are used.
The data sharing commonly requires TCP/UDP access permission, which is off by default, it has to be turned on explicitly by users on a per-task basis.
Even if our database is compromised. The worst case is our service is disrupted. User's Hub is still secure and still, no one can make unauthorized access.
We strongly encourage our users to participate in the open discussion of any privacy-related questions and concerns. There is a dedicated section on our forum for that purpose, https://forum.librehome.com/c/privacy/7.