Privacy policy
This won't take long.
Website
We've modified the Microweber CMS to be as privacy friendly as possible, so it does not use cookies, there is no third party tracking. The content management system does have a built-in feature that records how many people visited the website, and stores the IP address and the referer, meaning it stores the website that you came from if you clicked on a link to get here. Getting it to stop recording IP addresses is on the TODO-list, since we really don't want to have them, and don't use them for anything.
If you email us or add your email to the mailing list, then we will store your email address and whatever you type in the email.
Candle Controller
To make it abundantly clear: Candle stores your smart home data in your home and not on a webserver (a.k.a. cloud).
We build on the WebThings Gateway Raspberry Pi disk image as the basis for the Candle Controller. It's basically a standard Webthings Gateway installation with some minor changes. The most relevant change is that we disabled the "tunneling" feature to protect privacy, and to not place a burden on the Webthings infrastructure.
The Raspberry Pi operating system reaches out to time servers to get the latest time on each reboot. We're created an option to disable this, but then you will have to set the time manually.
Candle has an feature to be able to update itself to a newer version. If an update is performed the system will need to reach out to Candle and other servers to download the latest versions of Linux and other programs.
We've tried to limit this, but the interface may contain links to other websites. You probably expect that these links are only opened if you click on them, but if your browser is set-up to pre-fetch other websites, then they may be opened even if you don't click on any of them!
Addons
There are so many addons, created by a community. Candle cannot be responsible for what these addons do, as we did not make them. We do try to do a "best effort" suggestion about the degree to which addons may harm your privacy. In general it's not recommended to use addons that needs to connect to cloud servers to function.
Most of the addons created by/with Candle do not use a cloud connection. Some notable exceptions:
Candle Store
If you use the store or update tabs, then a connection to the Candle webserver will be made to load a list of all the latest addons.
All Candle addons host their source code on Github, a popular platform to host programming code. If you install or update an addon, it will download from the Github server. Which means Github knows you contacted their servers. For more details you should check out their privacy policy.
Internet Radio
To allow you to search for internet radio stations this addon connects to RadioBrowser.info. It hosts a community curated list of stations. If you listen to a radio station the addon also has to connect to that specific radio station's server. The URL is shown in the interface. You may want to check out the privacy policy of that radio station. Still, in general an internet radio station can collect much less information about your music listening habits than something like Spotify.
Web Interface
This addon uses the Candle webserver as a "proxy" to pass encrypted messages between your Candle controller and your browser (for example on your laptop or mobile phone). The content of the messages is encrypted, so Candle cannot know what you are doing. The messages do come with meta-data though, and that can technically already reveal things about how you use your home. For example, your ip address, and when you're awake. Candle doesn't use this information for anything, and we try to delete it as quickly as possible.
Voco
Voco's voice control operates 100% locally. The new completely optional Chat feature allows you to also chat with voco using text messages. If you enable it, Voco will need to connect to the Matrix messenger network. More details about this can be found in the Voco addon itself.
Candle Manager
The Candle Manager add-on uses the Arduino Command Line Interface (CLI), a bit of software that forms the heart of the Candle manager. It uploads to Arduino code to the Arduino once you connect it via USB. When you first install the add-on, we ask the CLI to download all the required Arduino software libraries from Arduino servers. For more details you should check out their privacy policy.
Zigbee2MQTT
The Zigbee2MQTT addon will need to download the latest version of Zigbee2MQTT from Github when you install it from scratch, or when you use the update feature (on the advanced tab). Also, your Zigbee devices may ask Zigbee2MQTT if there are any firmware updates available. Zigbee2MQTT is setup in such a way that is will at most actually do this check once every two days. For example, if you own an IKEA lightbulb, the addon might contact IKEA's servers to ask if there are security updates once every 2 days.
This is not an exhaustive list
Know your rights
As a European you have the right to have your data removed or modified. If you would like us to delete your email address, don't hesitate to ask us. You'll have to send an email (oh the irony), but that will then also be removed.