Privacy Policy

Effective Date: May 24, 2018

We at SmartThings Inc. (“SmartThings”) know you care about how your personal data is used and shared, and we take your privacy seriously. SmartThings is the data controller with respect to personal data collected in connection with our websites, products, services, mobile applications, IoT plug-ins and other software (collectively, the “Services”). Please read the following to learn more about our privacy practices that govern your use of the Services.

Remember that your use of SmartThings's Services is at all times subject to the Terms of Use, which incorporates this Privacy Policy. Any terms we use in this Policy without defining them have the definitions given to them in the Terms of Use.

What does this privacy policy cover?

This Privacy Policy covers our treatment of personal data that we gather when you are accessing or using our Services. We gather various types of personal data from our users, as explained in more detail below, and we use this personal data in connection with our Services, including for the following purposes:

  • to provide basic functionality of our services,
  • to personalize and improve our services,
  • to allow you to set up a user account and profile,
  • to allow you to post ratings and reviews of various products and services,
  • to contact you and allow other users to contact you,
  • to fulfil your requests for certain products and services, and
  • to analyse how you use the Services.

In certain cases, we may also share certain personal data with third parties, as described below.

SmartThings collects personal data about you for the purposes described above because we have a legitimate business interest in providing, improving and personalizing our Services, which is not overridden by your interests, rights and freedoms to protection of your personal data. We also may process personal data about you when necessary for SmartThings to perform a contract with you or because we are required to do so by law, or it is necessary for the establishment, exercise or defence of legal claims.

As noted in the Terms of Use, we do not knowingly collect or solicit personal data from anyone under the age of 13. If you are under 13, please do not attempt to register for the Services or send any personal data about yourself to us. If we learn that we have collected personal data from a child under age 13, we will respond as described in our Terms of Use, including to promptly delete the personal data. If you believe that a child under 13 may have provided us personal data, please contact us at support@smartthings.com.

Will SmartThings ever change this Privacy Policy?

We're constantly trying to improve our Services, so we may need to change this Privacy Policy from time to time as well, but we will alert you to changes by placing a notice on the Services and/or by sending you an email, unless we do not have your email address. Such notices will still govern your use of the Services, and you are responsible for reading and understanding them. Use of information we collect now is subject to the Privacy Policy in effect at the time such information is used.

What information does SmartThings collect?

Personal Data You Provide To Us

We receive and store any personal data you knowingly provide to us. For example, through the registration process and/or through your account settings, we may collect personal data such as your name, email address, shipping address, billing address, phone number, credit card details, location name, location including geo-fence, group and device names, device location names, device or group images, SmartApp names, SmartApp configuration details, and third-party account credentials (for example, when you use our IoT plug-in service, your log-in credentials for Facebook or other third party sites). If you provide your third-party account credentials to us, you understand some content and/or information in those accounts ("Third Party Account Information") may be transmitted into your account with us if you authorize such transmissions, and that Third Party Account Information transmitted to our Services is covered by this Privacy Policy; for example, avatars, profile information, images, friends and other authorized information. Certain information may be required to register with us or to take advantage of some of our features. We also may send you updates about our services, informational updates, surveys or promotional offers by email if you have given us consent to do so. If at any time you decide you do not want to receive promotional communications from us, you may unsubscribe by clicking “unsubscribe from this list” or “update subscription preferences” in each email that we send to you.

It is not mandatory to provide any of the personal data described above to SmartThings, but if you choose not to, you may not be able to receive any of the Services described below, access certain parts of our websites, or receive information from us that you have requested.

Personal Data Collected Automatically

Whenever you interact with our Services (whether via a mobile application, our IoT plug-ins, third party services, SmartApp, browser, or other application, connecting a physical device to our services, connecting a third party service to our services, or otherwise), we automatically receive and record information on our servers, logs and databases from your browser, application, services or device(s). In particular, our Services are designed to allow you to connect various physical devices (e.g., the SmartThings Hub, and associated SmartThings and third party sensors and other devices) to the Services. While connected to the Services, these devices automatically report information to our servers (including information that you may have provided when setting up or configuring that device), which may include personal data. For example, if you connect a temperature sensor to the Services, the temperature information from that sensor will be transmitted to the Services, along with any identifying information that you have chosen to associate with that sensor (e.g., the device name, group name, and location name that you have assigned to the sensor within the Services). The type of information that is collected from each device will vary depending on the device type.

In addition, if you connect any video or audio recording devices to the Services (e.g., video cameras), and you enable the streaming or recording features of those devices through the service, then video or audio data from those devices may be transmitted to, and stored on, the Services, subject to your configuration and settings. We may capture, process and analyse this video and audio information to provide the Services (e.g., to detect motion or other activity, to provide you with notifications, to provide access to stored audio/video clips, etc.), and as otherwise permitted by this Privacy Policy. Please note that if you choose not to enable video/audio storage or recording services through the Services for a particular device, then SmartThings does not store the video/audio information streamed from that device.

Other information collected automatically through the foregoing means may include your IP address, location details, "cookie" information, mobile device, operating system, the type of browser, demographic information, application and/or device(s) you're using to access our Services, click-through paths, the identity of the page or feature you are requesting or interacting with, time on page of feature, and other indicators of how you are interacting with the Services. "Cookies" are identifiers we transfer to your device that allow us to recognize your browser, application or device and tell us how and when various pages and features in our Services are visited or used and by how many people. In addition, our third party partners, including advertising partners (discussed below), may also use web beacons, or transmit cookies to and read cookies from your browser, application or device when you visit or use our Services (including, without limitation, to collect information in connection with the Google Trusted Stores program or Google Demographics and Interests). Also, if you click on a link to a third party website or service, such third party may also transmit cookies to you. Again, this Privacy Policy does not cover the use of cookies by any third parties. Also, please note that our systems do not currently recognize or respond to browser "Do Not Track" signals. To learn about what other options you have, scroll down to - What choices do I have?

Will SmartThings share any of the personal data it receives?

We share your personal data with third parties as described in this section:

Aggregated personal data that's no longer personally identifiable. We may anonymize your personal data so that you cannot be individually identified, and provide that information to our partners such as Samsung or use that information for marketing or promotional items (“aggregate information”). We may also provide aggregate information to our partners, who may use such information to understand how often and in what ways people use our Services. However, except as described below, we do not disclose aggregate information to a partner in a manner that would identify you personally, as an individual.

Partners, Affiliated Businesses and Third Party Websites We Do Not Control: In certain situations, partners, businesses or third party websites we're affiliated with ("Affiliated Businesses") may sell items or provide services to you through the Services (either alone or jointly with us), including reselling or providing SmartThings devices free of charge, providing third party devices, or delivering unique or custom SmartApps. You can recognize when an Affiliated Business is associated with such a transaction or service based on the presence of their brand or a transaction you are conducting directly with that Affiliated Business. We will share your personal data with that Affiliated Business only to the extent that it is related to such transaction or service, and to the extent that you have explicitly accepted incremental terms with that Affiliated Business whereby you acknowledge and authorize us to share your personal data. These incremental terms may be presented as part of promotional offers (either on the Affiliated Businesses' site or on SmartThings-branded properties including our commerce site at shop.smartthings.com, or within customized setup steps that appear in the Services). We have no control over the policies and practices of Affiliated Businesses as to privacy or anything else, so if you choose to take part in any transaction or service relating to an Affiliated Business, please review all such business' or websites' policies. If you decide you no longer want to share personal data with an Affiliated Business, you may no longer be entitled to receive certain benefits from the Affiliated Business or have access to the Services without establishing a new account or relationship with SmartThings.

Agents: We employ other companies and people to perform tasks on our behalf and need to share your personal data with them to provide our products or services to you. When we disclose your personal data to third parties who perform services on our behalf, we ensure that such service providers use personal data only in accordance with our instructions, and we do not authorise them to use or disclose personal data except as necessary to perform services on our behalf or to comply with applicable legal obligations.

User Profiles and Submissions Any content you upload to your public user profile, along with any personal data or content that you voluntarily disclose online in a manner other users can view (on discussion boards, in messages and chat areas, etc.) becomes publicly available, and can be collected and used by others. Your user name may also be displayed to other users if and when you send messages or comments or upload content through the Services and other users can contact you through messages and comments. Additionally, if you sign into the Services through a third party social networking site or service, your list of "friends" from that site or service may be automatically imported to the Services, and such "friends,"" if they are also registered users of the Services, may be able to access certain non-public information you have entered in your Services user profile. Again, we do not control the policies and practices of any other third party site or service.

Business Transfers: In the event that we sell or transfer all or a portion of our assets, we may disclose personal data to third parties in connection with such sale or transfer. Also, if we go out of business, enter bankruptcy, or go through some other change of control, personal data may be one of the assets transferred to or acquired by a third party.

Protection of SmartThings and Others: We may also disclose personal data about you if necessary (i) to comply with law or a court order or a request from a law enforcement agency; (ii) to enforce or apply our conditions of use and other agreements; (iii) to protect the rights, property, or safety of SmartThings, our employees, our users, or others; or (iv) in connection with an investigation of suspected or actual fraudulent or other illegal activity.

Is Personal Data about me secure?

Your account is protected by a password or a PIN number for your privacy and security. If you access your account via a third party site or service, you may have additional or different sign-on protections via that third party site or service. You must prevent unauthorized access to your account and personal data by selecting and protecting your password, PIN number and/or other sign-on mechanism appropriately and limiting access to your computer or device and browser or application by signing off after you have finished accessing your account.

We endeavour to protect the privacy of your account and other personal data we hold in our records, but we cannot guarantee complete security. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time.

The Services may contain links to other sites or applications. We are not responsible for the privacy policies and/or practices on other sites. When following a link to another site you should read that site’s privacy policy.

International Transfers of Your Personal Data

Due to the global nature of our operations, we may transfer your personal data to the U.S. and to other countries whose data protection laws may not be as extensive as those in the EU. Access to your personal data will be limited to individuals who need to know the personal data for the purposes described in this Privacy Policy.

When SmartThings transfers personal data outside of the European Economic Area (“EEA”), whether within our group of companies or to a third party, SmartThings only transfers such personal data: (i) to a country that the European Commission considers to have adequate data protection laws; (ii) to a company that has a current and valid U.S.-EU Privacy Shield certification in relation to the category of personal data being transferred; or (iii) where we have put in place an appropriate data transfer mechanism, such as EU Standard Contractual Clauses, to ensure that your personal data is adequately protected. You may obtain a copy of the relevant data transfer mechanisms that we have put in place by contacting us as stated below.

How long will SmartThings keep my Personal Data?

We will hold your personal data on our systems for as long as is necessary for the relevant activity unless a longer retention period is required or permitted by law.

Generally, if you sign up for our email newsletters or other marketing communications, we will keep your personal data until you ask us to delete your information (if you unsubscribe, we may retain some of your personal data to help ensure that you are not contacted again). We will not keep your personal data in identifiable form for any longer than we need the data to fulfil the purpose for which it was collected for. For further information about deleting your personal data held by SmartThings, please see below.

What Personal Data can I access?

What Personal Data can I access? Through your account and Service settings, you may be able to access, and, in some cases, edit or delete the following personal data you’ve provided to us, which may include:

• name and password/PIN number • shipping address • billing address • credit card information • email address • location, group and device information • user profile information • SmartApp information

The information you can view, update, and delete may change as the Services change. If you have any questions about viewing or updating personal data we have on file about you, please contact us at support@smartthings.com.

What choices do I have?

Communications. If you have consented to receiving promotional communications from us and at any time decide you no longer want to receive promotional communications, you can indicate your preference by clicking 'unsubscribe from this list' or 'update subscription preferences' at the bottom of the email you received.

Services. You can always opt not to disclose information to us, but keep in mind some information may be needed to register with us or to take advantage of some of our special features or the Services in any form.

Your rights. If you are located in the EEA or Switzerland, you may have the following rights in relation to personal data that we hold about you:

  • To request confirmation of whether we process personal data relating to you, and if so, to request a copy of that personal data;
  • To request that we rectify or update your personal data that is inaccurate, incomplete or outdated.
  • To request that we erase your personal data in certain circumstances, such as where we collected personal data on the basis of your consent and you withdraw your consent;
  • To request that we restrict the use of your personal data in certain circumstances, such as while we consider another request that you have submitted, for example a request that we update your personal data;
  • Where you have given us consent to process your personal data, to withdraw your consent; and
  • To request that we provide a copy of your personal data to you in a structured, commonly used and machine readable format in certain circumstances.

You may contact us by e-mail or as described below to exercise your rights described above. If you consider that we have processed your personal data in violation of applicable law and failed to remedy such violation to your reasonable satisfaction, you may also lodge a complaint with the data protection supervisory authority in your country.

What if I have questions about this policy?

If you have any questions or concerns regarding our Privacy Policy, please let us know by contacting us using any of the methods below:

By phone at 1-800-726-7864 By email at support@smartthings.com In writing at 665 Clyde Avenue, Mountain View, California 94043 and we will try to resolve your concerns.

What if I logged in with my Samsung account?

If you have accessed the Services via your account with Samsung Electronics Co., Ltd. (“Samsung”), your use of the Services and any information collected by the Services shall be further subject to this Privacy Policy. In the event of any express conflict between the terms and conditions of this Privacy Policy and the then-current Samsung Privacy Policy, the terms and conditions of this Privacy Policy shall govern solely with respect to that conflict.

SmartThings takes the security of our systems seriously, and we value our relationship with our customers and the security community. The responsible disclosure of security vulnerabilities helps us ensure the security and privacy of our users.

Guidelines

We require that all researchers:

  • Avoid privacy violations, degradation of user experience, disruption to production systems, and destruction of data during security testing;
  • Perform research only within the scope set out below; and
  • Use the identified communication channels to report vulnerability information to us; and

In the interest of the safety of our users, staff, the Internet at large and you as a security researcher, the following test types are excluded from scope:

  • Findings from physical testing such as office access (e.g. open doors, tailgating)
  • Findings derived primarily from social engineering (e.g. phishing, vishing)
  • Denial of Service (DoS/DDoS) vulnerabilities

Things we do not want to receive and will not consider:

  • Personally identifiable information (PII)
  • Credit card holder data
  • Out of scope issues

If you follow these guidelines when reporting an issue to us, we commit to:

  • Not pursue or support any legal action related to your research;
  • Work with you to understand and resolve the issue quickly;

Scope & Reporting a Security Vulnerability

SmartThings has partnered with BugCrowd to help security researchers and our users test for, and alert our security team to, discovered vulnerabilities. The BugCrowd platform allows us to host, triage, and respond to reports in an efficient and effective manner, helping SmartThings continuously improve the security of our products.

To get started: