← Back to home
Legal

Privacy policy.

A privacy-first product should have a privacy policy you can actually read. This one is written in plain English. If anything here is unclear, email privacy@homi.prizmox.com and we'll clarify — and update this document.

Last updated: 2026-04-23

1.

The short version

HOMI is built so your smart-home data stays in your home. Your HOMI device doesn't send telemetry about your automations, sensor readings, voice commands, or device activity to us — not in v1, not ever. The only data we hold about you lives on our website backend, not on your hub.

From our website, we collect the minimum needed to reserve your preorder and ship your unit: an email address, a shipping address (only if you complete a preorder), and basic anonymous analytics. That's it.

2.

What we collect

When you join the waitlist

  • Your email address.
  • The UTM parameters from the ad or link you clicked (so we can tell which ad variant is working — it's not tied to your identity).
  • A server-side timestamp.

When you preorder

  • Your name and shipping address.
  • Your billing address, via Stripe. We don't store your card number — Stripe does.
  • Your order history.

When you use our website

  • Anonymous analytics (page views, scroll depth, click events) via a privacy-respecting analytics provider. IP addresses are truncated; no cross-site tracking.
  • Session recordings may be used to debug the purchase funnel. No input field values are captured. You can opt out in your browser's Do Not Track header, which we honor.

When you use your HOMI device

We do not collect anything. Your HOMI runs locally. It checks for software updates from Home Assistant's public update server — this is part of the upstream open-source project, not run by us. It does not phone home to Prizmox.

If you voluntarily enable third-party cloud integrations inside Home Assistant (e.g. the Google Calendar integration or the Nabu Casa optional cloud), those integrations connect from your HOMI directly to those services. Prizmox is not in the middle and does not see that traffic.

3.

What we do not collect

  • Your home's sensor data, device state, or automation logs.
  • Your voice recordings, transcriptions, or wake-word events.
  • Camera footage, motion events, or presence data.
  • Your location, your Wi-Fi network, or your household members.
  • Any content you store on your HOMI.

These things live on your hub, on your network. They don't come to us, and we don't want them to.

4.

Who we share data with

We share the minimum necessary with service providers that help us run the business:

  • Stripe for payment processing.
  • Our email service provider (transactional email only — order confirmations, shipping notices, occasional product updates you can unsubscribe from).
  • Our fulfillment partner (shipping address, order contents).
  • Our analytics provider (anonymous, aggregated metrics only).

We don't sell your data. We don't share it with advertisers. We don't participate in data broker networks. We don't fund any business activity through your personal information.

5.

How long we keep data

  • Waitlist emails: until you unsubscribe, or until 24 months of inactivity, whichever comes first.
  • Order records: 7 years, to meet tax and warranty obligations.
  • Analytics: 14 months, then automatically purged.
  • Session recordings: 30 days maximum.
6.

Your rights

Depending on where you live, you have some or all of the following rights. We honor them regardless of jurisdiction — you don't have to cite a specific law.

  • Access — see what we hold about you.
  • Deletion — tell us to erase your data (subject to legal record-keeping obligations for completed orders).
  • Correction — fix anything inaccurate.
  • Export — receive your data in a portable format.
  • Unsubscribe — from any marketing email, with one click.

For any of these, email privacy@homi.prizmox.com. We respond within 30 days.

7.

Cookies

We use a small number of first-party cookies for basic site functionality (e.g. remembering your preferred language if that ever becomes a thing) and for anonymous analytics. We do not use third-party advertising cookies on our website.

When you arrive from an ad (Meta, Google, Reddit), our analytics system records the UTM parameters from the URL so we can evaluate ad performance. We do not install Meta or Google retargeting pixels that follow you around the web.

8.

Security

We encrypt data in transit (TLS) and at rest. We use industry-standard password hashing. We keep our dependencies updated. We undergo reasonable periodic security review. If a breach occurs that affects you, we will notify you within 72 hours of confirmation.

9.

Children

HOMI is not marketed to children and we do not knowingly collect data from anyone under 16. If you believe a child has provided personal information to us, contact privacy@homi.prizmox.com and we will delete it.

10.

Changes to this policy

If we change this policy in a way that affects what we collect or how we use it, we will tell you by email (if we have your email) and post the change here with an updated date. We will not retroactively reduce your privacy for existing data.

11.

Contact

For privacy questions, data-subject requests, or anything else related to this policy:

privacy@homi.prizmox.com

If you're not satisfied with our response, you may contact your local data-protection authority. We'd rather you email us first — we read every one.