Privacy Policy

Last updated: March 23, 2026

Our Commitment to Privacy

HARelay is built with privacy as a core principle. We collect only the minimum data necessary to provide our service, and we never sell or share your personal information with third parties for marketing purposes.

1. Information We Collect

Account Information

When you create an account, we collect:

  • Your name (for account identification)
  • Your email address (for account access and important notifications)
  • Password (stored securely using bcrypt hashing)

Connection Data

To provide the tunnel service, we store:

  • Your unique subdomain
  • Connection tokens (hashed, never stored in plain text)
  • Connection status and last connection timestamp

Traffic Data

Important: We do NOT store, log, or inspect the content of your Home Assistant traffic. The tunnel simply forwards encrypted data between your devices and your Home Assistant instance. We cannot see your dashboards, automation data, or any other Home Assistant content.

2. How We Use Your Information

We use your information solely to:

  • Provide and maintain the HARelay service
  • Authenticate your connections
  • Send important service notifications (security alerts, maintenance notices)
  • Respond to your support requests

We do NOT use your data for advertising, profiling, or any purpose other than providing the tunnel service.

3. Data Security

We implement industry-standard security measures:

  • All connections are encrypted using TLS (HTTPS/WSS)
  • Passwords are hashed using bcrypt with strong salting
  • Connection tokens are hashed and never stored in plain text
  • Database access is restricted and monitored
  • Regular security updates and maintenance

4. Data Retention

We retain your account data as long as your account is active. If you delete your account:

  • Your account information is permanently deleted
  • Your connection data and subdomain are released
  • This process is immediate and irreversible

5. Third-Party Services

HARelay uses minimal third-party services:

  • Hosting Provider: Our servers are hosted on secure infrastructure in Germany with appropriate data protection agreements in place.
  • Email Service: We may use email providers to send transactional emails (account verification, password reset).

We do not integrate any advertising networks, analytics trackers, or social media pixels.

6. Your Rights

You have the right to:

  • Access: View the personal data we hold about you
  • Correction: Update your account information at any time
  • Deletion: Delete your account and all associated data
  • Export: Request a copy of your data

To exercise these rights, you can use the settings in your dashboard or contact us directly.

7. Cookies

We use only essential cookies required for the service to function:

  • Session Cookie: Keeps you logged in during your session
  • CSRF Token: Protects against cross-site request forgery attacks

We do not use tracking cookies, advertising cookies, or any non-essential cookies.

8. Children's Privacy

HARelay is not intended for use by children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us.

9. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any significant changes by email or through a notice on our website. Your continued use of the service after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this privacy policy or our data practices, please contact us through the information provided in our imprint.