Security and Privacy
How we think about smart home security. Principles and typical practices. Details depend on your hardware and constraints.
1. Local-first control by default
Devices and automations run on your network. No cloud required for core functionality. Where cloud is used (e.g., voice, weather), we call it out and minimize it.
2. Network segmentation guidance (IoT vs main)
We recommend separating smart home devices from your main LAN where possible. IoT VLANs, guest networks, or dedicated SSIDs reduce blast radius and make it easier to contain issues.
3. Least-privilege accounts and admin hygiene
Admin access is restricted. We use strong credentials, avoid shared logins, and document who has access. MFA where the platform supports it.
4. Vendor cloud minimization and explicit exceptions
We prefer local or self-hosted options. When a service must touch the cloud (firmware, integrations), we document it and keep the list short.
5. Data egress awareness (what leaves the network and why)
We review what data leaves your network: telemetry, voice, backups. You decide what is acceptable. We document the tradeoffs.
6. Incident recovery mindset (backup, restore, rollback)
Backups are configured and tested. We document restore and rollback so you can recover without us. Runbooks live in your repo.
What we don't do
We don't sell data.
We don't collect, resell, or share your data. Your system, your data.
We don't install firmware from unknown sources.
Firmware and integrations come from trusted sources. No random scripts or unvetted third-party code.
We don't require cloud accounts for core functionality.
Home Assistant and your automations work without a cloud subscription. Optional cloud features are your choice.
We don't retain access after handoff unless explicitly requested.
When the project is done, we hand you the keys. Ongoing access only if you ask for it (e.g., support retainer).