If you use PHCA, you should know that I am very interested in preserving your privacy. Especially considering the nature of this app, and how people will have it integrated with their home security systems, privacy and security are very important. So, please keep in mind that if you use this app to send commands to your PowerHome installation, or if you receive data from your PowerHome installation, that communication path is direct between your phone and your PowerHome installation. It does not pass through any of my servers, and I don’t have a way of reading it or recording it. However, it is not inconceivable that someone could eavesdrop on that communication.
Promise #1: I promise that I will not, and cannot read, record, or do anything with commands that you send from your phone to your PowerHome installation.
If you use the push messaging system, Google Cloud Messaging (GCM), then you do pass your messages through a server that I control. Since the data is passed as an HTTP GET command, the data is recorded in the google app server logs. This is unavoidable. The logs are held on google’s servers, and I have the capability read the logs, as do certain personnel from google. If you are bothered by this, then please do not use the GCM service. I will never, ever share any of the information from these logs with anyone else with the exception of law enforcement personnel, as needed. I do protect my account which is used to access the logs to the very best of my ability, but we have all read reports where people do have their email accounts hacked into. Again, it is conceivable that someone could gain access to my account and read your logs. Again, if you are bothered by this, then please do not use the GCM service. All that being said, I think the security is adequate. I regularly send messages such as arm status, alarm reports, motion sensors, etc over GCM to my phone.
Promise #2: Even though I have access to your PHCA username and password, and the content of the GCM messages that you send to your phone, I will not do anything bad with that information. I will protect it the best I can, and I will not share it with anyone.
Finally, if you send me a troubleshooting report with the built-in troubleshooting report feature (on the “about” screen), or if PHCA crashes and you choose to send me a report, that report will certainly contain username and passwords for your PowerHome installation, and may even contain information from other applications, depending on what the developer of that application chooses to log to the system log. I don’t have any control over that, but you do have control and can choose to not send the crash report. However, the crash reports are very helpful to me with fixing the bugs that cause the crashes. I only read the parts of the report that help me with the error at hand. I honestly don’t care about the usernames and passwords, but they are included in the crash reports anyway. I’m not going to use that information for anything. I delete the entire report when I am done with it. In the past, users have given me permission to test certain bugs using their PowerHome server, with their username and password. This is entirely up to you. I will never connect to your servers with your permission. Period. It won’t happen. The bottom line is, if you do not want to share that information with me, then please do not send me any troubleshooting reports.
Promise #3: When you send me troubleshooting reports, I only read the parts that will help me with the current trouble at hand. I delete the reports after using them.
Promise #4: I will never connect to your PowerHome server (using your username and password, or otherwise) without you knowing first.
I think PHCA is a safe and secure application, but I am not a computer security expert. I’m not even a very good programmer, but I am trying. I do care about your privacy and security. While I may have access to some of your personal information as described above, I promise to be a gentleman and do the right thing with your data. I will use it the way I would hope anyone with access to that data would use it, even if it contained my data. If I need to deviate from any of the promises made here, I will notify you before I break the promise, or as soon as possible, as needed. If any of this concerns you, then please do not use the associated features or just do not use the app at all.