Security First

Your smart home is personal. HARelay is designed from the ground up to keep your Home Assistant secure and your data private.

Our Security Promise

HARelay doesn't log or store your Home Assistant traffic. We relay requests between you and your home, but we never record your dashboards, automations, device states, or credentials.

How We Keep You Safe

Multiple layers of security protect your smart home

No Open Ports

Your Home Assistant stays completely behind your firewall. No port forwarding, no exposed services. The connection is initiated outbound from your network, keeping your home invisible to the internet.

Encrypted Connections

All connections use TLS encryption (the same encryption banks use). Your data travels securely between your device and Home Assistant. Traffic passes through our servers but is never logged or stored.

No Traffic Logging

We don't log or permanently store your Home Assistant traffic. Requests pass through briefly during processing, then are immediately discarded. No history, no records.

Your Credentials Stay Yours

We never see your Home Assistant password. You log in directly to your Home Assistant through the tunnel. Your HA credentials are never shared with or stored by HARelay.

Private Subdomains

Each user gets a unique, random subdomain. There's no directory or list of users. Your subdomain is virtually impossible to guess, with billions of possible combinations.

You're in Control

Disconnect anytime by simply stopping the app (formerly add-on). Regenerate your connection token if you suspect it's compromised. Delete your account and all data is permanently removed.

Why This Architecture Is Secure

Understanding the security benefits of our approach

Traditional: Port Forwarding

  • Opens your network to the entire internet
  • Vulnerable to port scanning and attacks
  • Requires SSL certificate management
  • Your IP address is publicly visible
  • If compromised, attacker is inside your network

HARelay: Outbound Tunnel

  • No ports open on your network
  • Invisible to port scanners and bots
  • SSL handled automatically (free, always valid)
  • Your home IP stays private
  • Works behind CGNAT and strict firewalls

What HARelay Can See

Complete transparency about our access

What We Can See

  • - Your email address (for account login)
  • - Your subdomain and connection status
  • - Data transfer amounts (not content)
  • - When your connection was last active

What We Cannot See

  • - Your Home Assistant login credentials
  • - Your dashboards, automations, or scripts
  • - Your device states or sensor data
  • - Your camera feeds or media
  • - Traffic content (passes through but is never logged)
  • - Your home IP address (not logged or stored)
A+
SSL Labs Rating
Click to verify →

Enterprise-Grade Encryption

  • TLS 1.3 with forward secrecy
  • HSTS enforced
  • Modern cipher suites only
  • Servers located in Germany (GDPR)

Additional Protections

Two-Factor Authentication

Optional 2FA for your HARelay account adds an extra layer of protection.

Token Regeneration

Instantly invalidate old connections by regenerating your connection token.

No Search Engine Indexing

All subdomains are marked as noindex. Your connection won't appear in search results.

Secure Token Storage

Connection tokens are hashed using bcrypt. Even we can't see your actual token.

Frequently Asked Questions

Can HARelay access my Home Assistant?

HARelay acts as a relay, forwarding traffic between your devices and your Home Assistant. While traffic passes through our servers, we don't log, store, or analyze it. We never see your HA login credentials (those go directly to your HA). We have no way to control your devices or access your automations.

What happens if HARelay gets hacked?

In that unlikely scenario: We don't store traffic logs, so there's no historical data to steal. Your HA login credentials are never stored by HARelay - they go directly to your Home Assistant. Your home network has no open ports, so there's no direct path in. You can immediately disconnect by stopping the app.

Is this more secure than port forwarding?

Yes, significantly. Port forwarding exposes your home network directly to the internet, making it visible to attackers and vulnerable to exploits. With HARelay, your network stays completely closed. The only connection is outbound, initiated by you.

What if I want to disconnect immediately?

Simply stop the HARelay app in Home Assistant. The tunnel closes instantly and no one can access your HA through HARelay until you start it again. You can also regenerate your connection token to invalidate any existing credentials.

Where are your servers located?

All our servers are located in Germany and subject to strict EU data protection laws (GDPR). Your data never leaves the European Union, ensuring the highest standards of privacy protection.

Ready to get started?

Create your free account and connect your Home Assistant in minutes.

Create Free Account