This Privacy Policy explains how the Manor application ("Manor", "we", "our", "the App") collects, uses, stores, and protects information when you use connected home features including real‑time camera viewing, water meter digit recognition, and LG appliance integration.
1. Scope
This policy covers the public marketing website (mymanor.click) and the authenticated Manor application (web / iOS) that you access after signing in with your Manor account (AWS Cognito). It does not cover third‑party manufacturer apps (e.g., LG ThinQ) or your underlying hardware devices.
2. Guiding Principles
Data Minimization: We only process the data required for core functionality.
User Control: You control connected devices and can disable integrations.
No Advertising Sales: We do not sell or rent your personal data or share it for third‑party advertising or profiling.
Security by Design: Encryption in transit (HTTPS/TLS) and at rest (AWS-managed encryption for S3, CloudWatch, and Cognito).
Transparency: Clear explanation of each data category and purpose.
3. Data We Collect
3.1 Account Information (Linked to You)
Email Address: Required to create and authenticate your account.
Name / Display Name: Optional (if you supply one).
Authentication Identifiers: Cognito user ID, session tokens (managed securely).
3.2 Home Device & Sensor Operational Data (Generally Not Linked Beyond Account Context)
Camera Stream Metadata: Camera type (e.g., Casa Camera, Dome Camera), stream start/stop events, playback state, error codes, performance metrics (buffering, stall counts). We do not transmit or store raw video frames or audio unless a recording feature (if added later) is explicitly enabled by you.
Water Meter Readings: Recognized digit values, derived consumption deltas, confidence scores. Source images are processed transiently then discarded; only numeric readings and model confidence metrics are retained.
LG Appliance Status: Basic cycle state (e.g., idle, running, complete), device capability indicators, error codes. We do not collect full telemetry logs beyond what is required to show current status and issue commands you initiate.
Diagnostics: Frontend telemetry is always enabled for reliability. We no longer rely on query parameters to toggle logging.
Public Website Analytics: The marketing site (mymanor.click) uses Google Analytics 4 with IP anonymization enabled to understand aggregate traffic patterns and page performance. Advertising features, remarketing audiences, and cross-site tracking are disabled.
3.4 Support / Direct Communication
Emails or messages you send to our support address may be retained to diagnose problems and improve stability.
3.5 Data We Do Not Collect
No precise geolocation
No contact lists / address book
No health, financial, biometric, or marketing profiling data
No third‑party advertising identifiers for ad targeting
4. Legal Bases (Where Applicable)
For jurisdictions requiring disclosure (e.g., GDPR), processing is based on: (a) performance of a contract (core app functions), (b) legitimate interests (stability, security), and (c) consent (debug logging you deliberately enable, optional integrations you configure).
5. How We Use the Data
Provide Core Features: Real-time camera viewing, water meter reading, appliance monitoring/control.
Reliability & Performance: Monitor stream stability to improve buffering/stall handling.
Troubleshooting: Temporary debug logging when explicitly enabled.
Product Improvement: Aggregate, non-identifying analytics (e.g., average stream start latency).
Website Experience: Measure anonymized visit trends on the public marketing pages to improve layout and content.
6. Real-Time Camera Streams
Camera video/audio data is rendered directly to your session. We do not persist or transmit the visual feed to persistent storage by default. Diagnostic events (e.g., "STREAM_START_REQUESTED", buffering counts, error codes) may be logged separately without frame content. If a future feature adds recording or snapshots, it will be clearly opt‑in with separate retention controls and an updated policy.
7. Water Meter Processing
A still image is ingested from your device, digits are recognized locally or on a secured backend process, then the raw image is discarded. Only numeric reading, delta, confidence, and limited model performance metadata are stored to present historical usage charts. We do not attempt to infer unrelated personal information from these images.
8. LG Appliance Integration
We use appliance APIs to show cycle state and allow commands you initiate. Access tokens are stored securely and refreshed as needed. We do not collect or store sensitive manufacturer account credentials beyond the tokens strictly required for API calls. You may revoke the integration at any time to discontinue data flow.
9. Logging & Metrics (CloudWatch)
Default Mode: Minimal operational events.
Debug/Error Modes: Adjusted via in-app controls or console helpers; no query parameters are required.
Cost & Privacy Control: Logging categories are scoped to technical troubleshooting and exclude camera frame content or personally identifying text outside account ID context.
10. On-Device & Ephemeral Processing
Where feasible, certain performance calculations and UI state derivations are performed locally in the client session and not transmitted.
11. Storage, Retention & Deletion
Account Data: Retained while your account is active. Deleted upon verified deletion request after a short safety window (typically 7–14 days).
Water Meter Readings & Appliance States: Retained to present historical usage for up to 12 months; you may request purge.
Diagnostics Logs: Routine logs rotated and purged automatically (30–90 days).
Debug Sessions: Elevated debug logs follow shorter retention (7–14 days) or manual purge after incident resolution.
Your Deletion Requests: Email us (see Contact) and we will confirm identity and remove associated data unless retention is legally required.
12. Data Sharing & Disclosure
No Sale or Rental: We do not sell personal data.
Service Providers: AWS (hosting, storage, logging). Providers are under contractual obligations for security and confidentiality.
Legal Compliance: Disclosures only if required by applicable law or to defend rights and safety.
13. Security
Encryption in transit (TLS) and at rest (AWS-managed keys / KMS).
Principle of least privilege for backend IAM roles.
Monitoring of anomalous authentication attempts.
Segregated environments for development vs. production.
No system is 100% secure; we continuously improve defenses and encourage responsible disclosure of vulnerabilities to our security contact.
14. Children's Privacy
The App is not directed to children under 13 (or equivalent age of digital consent). We do not knowingly collect personal information from children. If you believe a child provided personal information, contact us for removal.
15. International Data Transfers
Data is primarily processed in AWS regions we configure (currently US East). If transferred to another region, we apply equivalent safeguards.
16. Your Rights
Access: Request a copy of your stored data.
Correction: Fix inaccurate account details.
Deletion: Request account/data deletion (subject to lawful exceptions).
Restriction / Objection: Where applicable law provides.
To exercise rights, contact us (see below). We may request identity verification.
Data Not Linked / Aggregated: Camera stream performance metrics, appliance cycle state summaries, water meter numeric readings (when presented in aggregate charts), anonymized usage timing.
No Tracking: We do not use your data to track you across apps or websites owned by other companies.
18. Changes to This Policy
We may update this policy to reflect new features (e.g., optional recording) or legal requirements. Material changes will include a new "Last Updated" date and reasonable notice within the app or website.