Privacy Policy
Pi House Smart Home Integration — operated by Cane Bay Computers.
Effective 2026-05-16.
Pi House is a personal home-automation integration that lets the operator
control devices in their own home (thermostats, alarm, vacuum, TV, computers,
game consoles, refrigerator door state, and Google Home / Nest speakers)
via Google Assistant. This policy describes what data flows through the
integration and how it is handled.
What data we process
-
OAuth credentials. When you link the integration in the
Google Home app, Google issues an authentication token that is
stored on the integration server so Google's cloud can dispatch your
voice commands to it. No other identifying information is collected
during account linking.
-
Voice command intents. When you give a voice command
that targets a device managed by this integration, Google forwards the
command intent (e.g. "set thermostat to 70 °F") to the integration
server. The intent is acted on immediately and is not retained beyond
the lifetime of the request.
-
Device state. The integration reads the current state
of devices in your home (temperature, lock state, vacuum phase, etc.) to
answer queries. State is fetched on demand and cached briefly in memory;
it is not exported to any third party or persisted to long-term storage.
-
Operational logs. The integration server keeps short
rolling access logs (HTTP path, status code, timestamp) for security
monitoring and debugging. Logs do not include voice command transcripts
or device-state values.
What we do not collect
- We do not collect names, phone numbers, addresses, payment information, or any other personal profile data.
- We do not record or store voice audio. Google Assistant handles voice transcription and only sends the resulting intent to the integration.
- We do not sell, share, or monetize data with any third party.
- We do not use the integration to track users or build advertising profiles.
Third-party services
The integration depends on three external services to function:
- Google Home / Cloud-to-Cloud Smart Home. Routes your voice commands from your speakers to the integration server. Google's own privacy practices apply to that leg of the journey.
- Resideo Total Connect 2. Used to read alarm panel status and arm/disarm the alarm. Subject to Resideo's privacy policy.
- LG ThinQ. Used to read the refrigerator's door state. Subject to LG's privacy policy.
The integration does not initiate connections to any other service.
Data retention
OAuth tokens are retained until you unlink the integration in the
Google Home app, at which point Google revokes them and the
integration server purges its cached copy. Operational logs are retained
for up to 30 days. No other data is retained.
Your rights
Because the integration is operated for a single household and does not
build a user profile, the only data tied to you is the OAuth token issued
by Google. You can revoke access at any time by removing the integration
in the Google Home app (Settings → Linked services → Pi House →
Unlink). That immediately invalidates the token on the server side.
Children
The integration is not directed at children under 13 and does not knowingly
collect data from children.
Security
All public-facing traffic uses HTTPS with a current TLS certificate.
OAuth tokens are stored on the integration server's disk with restricted
filesystem permissions. The server is firewalled to permit only the
necessary inbound port. Failed authentication attempts are rate-limited
via fail2ban.
Changes to this policy
Material changes will be reflected in the "Effective" date at the top of
this page. Continued use of the integration after a change constitutes
acceptance of the updated policy.
Contact
Questions about this policy can be sent to
canebaycomputers@gmail.com.