Privacy Policy

Effective Date: March 27, 2026

AegisProtect ("we", "our", "us") operates the AegisProtect home security platform, including the AegisProtect mobile application, web portal, hub devices, and integrations with third-party voice assistant services (Google Home and Amazon Alexa). This Privacy Policy explains how we collect, use, and protect your information.

1. Information We Collect

Account Information: When you create an account, we collect your name, email address, and phone number.

Security System Data: We collect data from your AegisProtect hub and connected sensors, including arm/disarm events, alarm events, sensor states (door open/closed, motion detected), and device connectivity status.

Voice Assistant Data: When you link AegisProtect with Google Home or Amazon Alexa, we store an authentication token that identifies your account. We also store a hashed voice PIN (we never store the actual PIN). Voice commands are processed by Google or Amazon — we receive only the resulting action request (e.g., "arm the system"), not audio recordings.

Usage Data: We collect logs of actions taken through the platform, including arm/disarm commands, alarm acknowledgments, and device provisioning events. These logs include timestamps and user identifiers but do not include voice recordings or PIN values.

2. How We Use Your Information

• To operate and secure your security system
• To authenticate your identity when you issue commands (including via voice assistants)
• To send you notifications about security events (alarms, system status changes)
• To process payments and manage your subscription
• To improve the reliability and performance of our platform

3. Voice Assistant Integration

When you link your AegisProtect account with Google Home or Amazon Alexa:

• We use OAuth 2.0 (via Amazon Cognito) to securely authenticate your account. We do not receive or store your Google or Amazon password.
• Google and Amazon may send us your arm/disarm/query requests. We process these requests and return results. We do not receive voice audio.
• We store a 4-digit voice PIN in hashed form (PBKDF2-SHA256) for disarm verification. The actual PIN is never stored or logged.
• We push security system state updates (armed/disarmed, alarm status) to Google Home and Amazon Alexa so your voice assistant stays in sync.
• You can unlink AegisProtect from your voice assistant at any time through the Google Home or Alexa app. Unlinking deletes your integration data from our systems.

4. Data Sharing

We do not sell your personal information. We share data only in these circumstances:

• Voice Assistant Platforms: We share security system state (armed/disarmed, sensor status) with Google and Amazon when you have linked your account, so your voice assistant can report accurate status.
• Service Providers: We use Amazon Web Services (AWS) to host our platform. Your data is stored in AWS data centers in the United States (us-east-2 region).
• Legal Requirements: We may disclose information if required by law or to protect the safety of our users.

5. Data Security

We protect your data using:

• TLS encryption for all data in transit
• AWS KMS encryption for sensitive data at rest
• Cryptographic signing of all arm/disarm commands (ECDSA with KMS)
• Rate-limited PIN validation (lockout after 5 failed attempts per platform, 8 across all platforms)
• Role-based access control — only site owners with arm/disarm permission can use voice control

6. Data Retention

We retain your account and security event data for as long as your account is active. Voice command audit logs are retained for 90 days. When you delete your account, we delete all associated data, including voice integration tokens and PIN hashes.

7. Your Rights

You can:

• Access your account data through the AegisProtect mobile app
• Unlink voice assistants at any time through the Google Home or Alexa app
• Delete your account by contacting support@aegisprotect.io
• Request a copy of your data by contacting privacy@aegisprotect.io

8. Children's Privacy

AegisProtect is not intended for use by children under 18. We do not knowingly collect information from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the AegisProtect app.

10. Contact Us

If you have questions about this Privacy Policy, contact us at:

AegisProtect
Email: privacy@aegisprotect.io
Web: aegisprotect.io