Skip to main content
Back to SiteHomi

Privacy Policy

Last updated: February 2026

1. General

Homi ("the Service"), operated by Shay Namir, respects your privacy. This document explains what personal information we collect, how we use it, and your rights regarding that information. By using the Service, you agree to the practices described in this Privacy Policy.

2. Information We Collect

  • Phone Number & User ID: We store your WhatsApp phone number and user identifier (User ID) for authentication and to associate your account with your Smart Home system. This data is retained until you delete your account.
  • Access Token: We store an encrypted OAuth 2.0 access token for your Home Assistant server, used solely to execute the commands you request. Tokens are encrypted using AWS KMS and retained until you delete your account.
  • Message Content: Text messages you send to Homi are stored temporarily for up to 12 hours (43,200 seconds) to maintain conversation context. After 12 hours, message content is automatically and permanently deleted.
  • Conversation History: Short-term conversation history is retained for up to 30 minutes (1,800 seconds) to provide contextual understanding within a session. It is automatically deleted after this period.
  • OAuth Sessions: OAuth authorization session data is stored for up to 30 minutes (1,800 seconds) during the connection process and is automatically deleted upon expiry.
  • Message Deduplication Records: Technical records used to prevent duplicate message processing are retained for up to 24 hours (86,400 seconds) and then automatically deleted.

3. Use of Information

We use your information solely for:

  • User identification and authentication with your Smart Home system.
  • Processing natural language commands and translating them into Home Assistant actions.
  • Improving service quality, security, and resolving technical issues.
  • Preventing fraud, abuse, and unauthorized access to the Service.

4. Sharing Information with Third Parties

We do not sell your personal information. Information may pass through the following third-party providers solely for service operation:

  • Meta (WhatsApp): For receiving and sending messages (subject to Meta's Privacy Policy at https://www.whatsapp.com/legal/privacy-policy).
  • OpenAI / LLM Providers: For natural language processing. Text is sent as anonymously as possible, without personal identifying information. We do not share your phone number, user ID, or Home Assistant credentials with AI providers.
  • Cloud Infrastructure Providers (Vercel/Cloudflare/AWS): For server hosting, content delivery, and protection against cyber attacks. These providers process data on our behalf and are bound by data processing agreements.

5. Data Retention

We retain your personal information only as long as necessary to provide the Service:

  • Phone Number & User ID: Retained until account deletion.
  • Access Tokens: Retained until account deletion (stored in encrypted form).
  • Message Content: Automatically deleted after 12 hours (43,200 seconds).
  • Conversation History: Automatically deleted after 30 minutes (1,800 seconds).
  • OAuth Sessions: Automatically deleted after 30 minutes (1,800 seconds).
  • Message Deduplication Records: Automatically deleted after 24 hours (86,400 seconds).

Upon account deletion, all your personal data is permanently removed from our systems within 30 days. You can delete your account at any time by sending the "Delete account" command through WhatsApp.

6. Your Rights

You have the following rights regarding your personal information:

  • Right to Access: Request a copy of the personal information we hold about you.
  • Right to Correction: Request correction of inaccurate or incomplete personal information.
  • Right to Deletion: Request deletion of your account and all associated personal data (via WhatsApp "Delete account" command or by contacting us).
  • Right to Data Portability: Request a copy of your data in a portable format.
  • Right to Opt-Out: Opt out of certain data processing where applicable.
  • Right to Withdraw Consent: Withdraw consent for data processing at any time (which may affect your ability to use the Service).

To exercise any of these rights, contact us at: talktohomi1@gmail.com. We will respond within 30 days.

7. California Residents - Your Privacy Rights (CCPA)

If you are a California resident, you have the following additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: You can request information about what personal information we collect, use, disclose, and sell about you in the past 12 months.
  • Right to Delete: You can request deletion of your personal information, subject to certain exceptions.
  • Right to Opt-Out of Sale: You have the right to opt out of the sale of your personal information. We do not sell your personal information.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. We will not deny you goods or services, charge you different prices, or provide a different level of service.

To exercise your California privacy rights, contact us at: talktohomi1@gmail.com. We will respond within 45 days as required by the CCPA.

8. Children's Privacy (COPPA)

We do not knowingly collect, use, or disclose personal information from children under 13 years of age without verifiable parental consent, as required by the Children's Online Privacy Protection Act (COPPA). If you are a parent or guardian and believe your child under 13 has provided personal information to us without your consent, please contact us immediately at talktohomi1@gmail.com. We will promptly investigate and delete such information from our systems.

9. Data Breach Notification

In the event of a data breach that may compromise your personal information, we will notify affected users and relevant regulatory authorities as required by applicable law. We aim to provide notification within 72 hours of becoming aware of a breach that poses a risk to your rights and freedoms. Notifications will be sent to the contact information associated with your account or, if unavailable, through other appropriate means.

10. International Data Transfers

Your personal information may be transferred to and processed in countries other than your country of residence, including the United States, where data protection laws may differ from those in your country. By using the Service, you consent to such international transfers. We ensure that appropriate safeguards are in place to protect your personal information in accordance with applicable law, including through contractual protections with our service providers.

11. Cookies and Tracking

Our website may use cookies and similar tracking technologies (such as local storage and session storage) to provide and improve our Service, analyze usage patterns, and enhance user experience. You can control or disable cookies through your browser settings; however, some features of the Service may not function properly if cookies are disabled. We do not use tracking technologies for advertising or cross-site tracking purposes.

12. We Do Not Sell Your Information

We do not sell, rent, trade, or otherwise transfer your personal information to third parties for their own marketing or commercial purposes. We only share information with service providers as described in Section 4 of this Privacy Policy, and solely for the purpose of operating the Service on your behalf. Any such sharing is governed by data processing agreements that require these providers to maintain the confidentiality and security of your information.

13. Information Security

We implement industry-standard security measures to protect your personal information: all communications are encrypted using SSL/TLS; access tokens are encrypted at rest using AWS KMS; we only accept HTTPS connections (not HTTP); we only connect to publicly accessible URLs (not local network addresses); and our infrastructure is protected against cyber attacks through our cloud providers. While we take these precautions, no method of transmission over the internet is 100% secure.

14. Contact and Data Deletion

To delete your account, send the "Delete account" command through WhatsApp at any time. This action is irreversible and will permanently delete your Home Assistant connection, settings, conversation history, phone number, and access tokens. For any other questions, to exercise your privacy rights, or for general inquiries, contact us at: talktohomi1@gmail.com. We will respond within 30 days.

Terms of Service