Privacy Policy

Last Updated: April 2026

1. Introduction

Living Alone ("we," "us," "our," or "Company") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you purchase and use our Living Alone presence detection device.

Please read this Privacy Policy carefully. If you do not agree with our policies and practices, do not use our product.

2. Information We Collect

2.1 Device-Collected Data

The Living Alone device collects minimal data:

  • Activity Status: Whether motion/presence has been detected
  • Device Status: WiFi connection status, battery level, firmware version
  • Timestamps: When activity was last detected
  • Configuration Settings: User-set alert thresholds (1-24 hours)
  • Distress Voice Trigger Events: If you use the Living Alone distress voice sensor, a detection trigger event (device ID and detection timestamp) is transmitted when a distress phrase is recognized. No audio is ever recorded or transmitted — all voice processing occurs entirely on the device.

What we do NOT collect: Video, audio, images, personal conversations, voice biometrics, identifying information about who is in the home, or detailed activity patterns.

2.2 Purchase Information

When you purchase Living Alone, we collect:

  • Name and email address
  • Shipping address
  • Phone number (optional)
  • Payment information (processed by Stripe; we do not store credit card details)
  • Order history and purchase date

2.3 Notification Recipient Information

You provide email addresses, phone numbers, or Telegram chat identifiers of family members or emergency contacts who will receive notifications. We store this contact information solely to send alerts to authorized recipients you designate.

2.4 Support and Communication Data

If you contact our support team, we collect:

  • Communication content
  • Support tickets and resolutions
  • Device serial number and registration details
  • Warranty or return information

2.5 Technical Data

Our systems automatically collect:

  • Device IP address and WiFi SSID with password (IOT device only)
  • Device firmware version and hardware model
  • WiFi signal strength
  • Access logs (when device connects/disconnects)
  • Distress voice sensor trigger events (device ID and detection timestamp only; no audio data)

2.6 Web Application Data

Our web application (livingalone.theor.com) collects additional data for account management and service delivery:

  • Account Information: Email address, full name, password (hashed with bcrypt), preferred language
  • Authentication Data: Session tokens stored in HTTP-only cookies (auth_token cookie)
  • Monitor Configuration: Alert settings, monitor names, timeout thresholds, custom messages, device associations
  • Alert Recipients: Email addresses, phone numbers, and Telegram chat identifiers of notification recipients, verification status
  • Telegram Integration Data: Telegram bot configuration and chat identifiers used to deliver alerts via the Telegram messaging platform
  • Activity Logs: Login events, presence detection events, manual check-ins (90-day automatic retention)
  • SMS Data: SMS credit balance, usage history metadata (3-year retention for billing purposes)
  • Security Data: IP addresses for rate limiting (30-day retention), failed login attempts, authentication attempts

2.7 Cookie Usage

Authentication Cookie (Strictly Necessary):

  • Name: auth_token
  • Purpose: Maintains your logged-in session and authenticates API requests
  • Type: HTTP-only (not accessible to JavaScript, prevents XSS attacks)
  • Duration: 30 days or until logout
  • Security: Encrypted (HTTPS only), Secure flag enabled, SameSite=Strict policy

Important: This cookie is strictly necessary for authentication and does not require consent under ePrivacy regulations (ePrivacy Directive 2002/58/EC). We do NOT use cookies for tracking, behavioral analytics, or advertising purposes.

2.8 Distress Voice Sensor Data

Living Alone offers a distress voice sensor that enables voice-triggered alerts. We are committed to full transparency about how this device handles audio:

  • On-Device Processing Only: All voice detection and recognition runs entirely on the device's local processor. No audio is ever captured, streamed, or transmitted to our servers or any third party.
  • What Is Transmitted: When a distress phrase is detected, the device transmits only a trigger event containing the device identifier and the detection timestamp — no audio content of any kind.
  • No Audio Storage: We do not store, analyze, or retain any audio recordings, voice samples, or acoustic data.
  • No Biometric Data: We do not collect voice prints, speaker identification data, or any biometric identifiers derived from audio.
Privacy Assurance: The distress voice sensor is designed with privacy as a core principle. Your voice stays on your device — only the detection outcome (triggered / not triggered) is ever communicated to our systems.

3. How We Use Your Information

3.1 Primary Uses

We use collected data to:

  • Send presence/inactivity notifications to designated recipients
  • Deliver transactional emails (purchase confirmations, warranty info)
  • Maintain device registration and warranty
  • Provide technical support
  • Debug device malfunctions
  • Monitor and improve system reliability

3.2 Secondary Uses

With your consent, we may use data to:

  • Send product updates and security information
  • Offer new features or products
  • Conduct anonymized analytics on device performance
  • Improve product design and user experience

3.3 What We Do NOT Do

We do NOT:

  • Sell your personal data to third parties
  • Share activity data with marketing companies
  • Use data for behavioral advertising or profiling
  • Store video, audio recordings, or voice data from the distress voice sensor
  • Track movement patterns or habits
  • Share data with law enforcement (except legal requirement)

4. Information Sharing and Disclosure

4.1 Notification Recipients

Email addresses you provide receive notifications about device status. These recipients may be family members, friends, or emergency contacts. You are responsible for ensuring these people have consented to receive such notifications.

4.2 Third-Party Service Providers

We use limited third-party services for:

  • Email Delivery: Third-party email service providers send notifications
  • SMS Delivery: Third-party SMS service providers send notifications
  • Telegram Delivery: Telegram's messaging platform is used to deliver alerts to recipients who have configured Telegram as a notification channel. Alert delivery is subject to Telegram's own privacy policy and terms of service.
  • Payment Processing: Stripe handles payment processing (PCI-DSS compliant)
  • Hosting: Cloud infrastructure providers host our servers
  • Analytics: De-identified performance metrics

All third parties are contractually obligated to maintain data confidentiality and use information only as necessary.

4.3 Legal Requirements

We may disclose information if required by law, court order, or government request. We will notify you of such requests when legally permitted to do so.

4.4 No Sale of Personal Data

We do not sell, rent, trade, or share your personal information with unaffiliated third parties for their marketing purposes.

5. Data Security

5.1 Security Measures

We implement industry-standard security practices:

  • AES-256 encryption for data in transit (HTTPS/TLS)
  • Regular security audits and updates
  • Limited access to personal data (need-to-know basis)
  • Device-level authentication

5.2 Data Breach Protocol

If a data breach occurs, we will:

  • Notify affected users within 30 days
  • Provide information about what data was compromised
  • Offer appropriate remediation measures
  • Cooperate with regulatory authorities
Note: While we implement reasonable security measures, no data transmission over the internet is 100% secure. You use our services at your own risk.

5.3 Device Security

Your device uses:

  • WiFi encryption (WPA2/WPA3 recommended)
  • Firmware integrity verification
  • Automatic security updates

6. Data Retention

6.1 Retention Periods

We retain data as follows:

  • Email and SMS Activity Logs: Last 90 days (older data deleted automatically)
  • Notification History: Last 6 months
  • Account Information: For duration of device use
  • Support Records: 1 year after resolution
  • Payment Information: Retain indefinitely for purchase transaction through Stripe

6.2 Data Deletion

You can request data deletion by contacting support@theor.com. We will delete personal information within 30 days, except where legally required to retain.

6.3 Automatic Purging

Old activity logs are automatically deleted to minimize stored data and protect privacy.

7. Your Rights and Choices

7.1 Access Your Data

You have the right to know what personal information we hold. Request a copy by emailing support@theor.com with "Data Access Request" in the subject line.

7.2 Correct or Update Data

You can update account information, notification recipients, or settings directly through the web application.

7.3 Delete Your Data

You can request deletion of your account and associated data. Some data may be retained for legal/warranty purposes.

7.4 Opt-Out of Communications

You can opt-out of non-essential emails (product updates, marketing) by clicking unsubscribe or emailing support@theor.com.

7.5 Restrict Processing

You can request limitations on how we use your data, though this may affect device functionality.

7.6 Data Portability

You can request your data in a portable format. We will provide this within 30 days in standard formats.

8. GDPR Compliance (EU Residents)

8.1 Legal Basis for Processing

We process personal data on the following legal bases:

  • Contractual Necessity: To deliver the device and services you purchased
  • Legitimate Interest: To maintain device functionality, security, and support
  • Consent: For marketing communications (you can withdraw anytime)
  • Legal Obligation: To comply with tax and record-keeping laws

8.2 Your GDPR Rights

EU residents have additional rights under GDPR:

  • Right to access (Article 15)
  • Right to rectification (Article 16)
  • Right to erasure/"right to be forgotten" (Article 17)
  • Right to restrict processing (Article 18)
  • Right to data portability (Article 20)
  • Right to object to processing (Article 21)

8.3 Data Protection Officer

For privacy concerns, contact: support@theor.com

8.4 Complaints

You have the right to lodge a complaint with your local data protection authority.

9. CCPA Compliance (California Residents)

9.1 Covered Information

Under CCPA, California residents can request:

  • What personal information is collected
  • The purposes of collection
  • Whether it's sold or shared
  • How it's deleted or corrected

9.2 Your CCPA Rights

  • Right to know (Section 1798.100)
  • Right to delete (Section 1798.105)
  • Right to opt-out of sales (Section 1798.120)
  • Right to non-discrimination (Section 1798.125)

9.3 Do Not Sell My Personal Information

Living Alone does not sell your personal information. This right is provided for transparency.

9.4 Requests

Submit CCPA requests to: support@theor.com with "CCPA Request" in subject line.

10. Children's Privacy

Living Alone is not directed to individuals under 18 years of age. We do not knowingly collect data from children.

10.1 Age Verification and Disclaimer

Age Representation: By using Living Alone services (purchasing devices or creating an account), you represent and warrant that you are at least 18 years of age or the age of majority in your jurisdiction.
  • We do not verify age during registration or purchase
  • You are responsible for ensuring you meet minimum age requirements
  • We are not liable for minors who misrepresent their age
  • Parents/guardians are responsible for monitoring minors' access to our services

10.2 Discovery of Underage Users

If we discover we have collected data from a minor without verified parental consent, we will:

  • Delete the account and associated data immediately
  • Terminate access to services
  • Notify the account email address of the deletion

Parents or guardians concerned about data collection should contact support@theor.com immediately.

11. Tracking Technologies

11.1 Website Tracking

Our web application uses minimal analytics:

  • No third-party cookies
  • No behavioral tracking
  • No user profiling

12. Third-Party Links

Our website may contain links to third-party sites. This Privacy Policy applies only to Living Alone. We are not responsible for third-party privacy practices. Review their privacy policies separately.

13. International Data Transfers

Server Location: Your data is stored on servers located in Singapore. By using Living Alone services (both hardware devices and web application), you consent to the transfer of your data to Singapore, where data protection laws may differ from your country of residence (particularly for EU and US users).

13.1 Data Transfer Safeguards

We implement the following safeguards for international data transfers to ensure your data remains protected:

  • Encryption: Data in transit uses TLS encryption
  • Access Controls: Strict authentication requirements and role-based access control (RBAC)
  • Security Monitoring: Regular security audits, intrusion detection, and compliance reviews
  • Data Minimization: Automatic deletion of old data (90-day retention for activity logs, 6-month retention for alerts)

13.2 Legal Basis for International Data Transfers

For all international users, data transfers to Singapore are based on:

  • Contractual Necessity: Transfer is necessary to fulfill our contract with you and deliver the Living Alone services you purchased
  • Explicit Consent: You provide consent to Singapore data storage when accepting our Terms of Service during registration and account creation
  • Legitimate Business Interest: Operating a centralized infrastructure in Singapore enables us to maintain service quality, security, and support for all users globally

14. Notification Recipient Privacy

Important: Family members and emergency contacts you designate as notification recipients will receive emails or sms from Living Alone. You are responsible for their privacy and consent.

Consider:

  • Only add recipients who have explicitly consented
  • Inform them they will receive alerts
  • Update the list if recipients change
  • Recipients may view inactivity information
  • We recommend keeping recipient list limited to trusted individuals

14.1 Disclaimer of Liability for Recipient Consent

Legal Disclaimer: You represent and warrant that you have obtained all necessary consents from notification recipients before adding their contact information to Living Alone. We are not responsible for:
  • Your failure to obtain proper consent from notification recipients
  • Privacy complaints from recipients you added without authorization
  • Violations of anti-spam laws (CAN-SPAM, GDPR, CASL) resulting from unauthorized recipient additions
  • Any disputes, claims, or legal actions between you and notification recipients
  • Damages arising from unauthorized disclosure of personal information to recipients

By adding a notification recipient, you agree to indemnify and hold Living Alone harmless from any claims related to your addition of that recipient's contact information.

15. Monitoring and Surveillance Disclosure

If you install Living Alone to monitor someone who is not your dependent (adult, not under your guardianship), you must:

  • Obtain their explicit written consent
  • Disclose the device's presence and function
  • Comply with all local monitoring/privacy laws
  • Ensure they understand they are being monitored

Unauthorized monitoring may violate wiretapping laws, privacy statutes, and rental/employment agreements.

16. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of material changes by email or through the device interface. Continued use after changes constitutes acceptance.

17. Contact Us

Privacy Inquiries

If you have questions about this Privacy Policy or our privacy practices:

📧 Email: support@theor.com
🏠 Company: Living Alone

Data Subject Rights Requests

To exercise GDPR, CCPA, or other privacy rights, submit a formal request to support@theor.com with:

  • Your full name and email
  • Device serial number (if applicable)
  • Specific request (access, delete, correct, export)
  • Proof of purchase (order number)

We will respond within 30 days.

Summary: Living Alone prioritizes your privacy. We collect minimal data, use it only for device functionality and notifications, encrypt everything in transit, and never sell your information. You have control over your data and can request access, deletion, or corrections at any time.