Privacy Policy - Airelay

1. Introduction

Airelay ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our smart lock management system and related services.

                Your Privacy Matters: We are committed to transparency about our data practices and protecting your personal information. This policy describes how we handle your data when you use our smart lock management services.
            

2. Information We Collect

2.1 Information You Provide

We collect information you provide directly to us, including:

Account Information: Email address, name, and contact details when you create an account
Device Information: Smart lock device IDs, names, and configuration settings
Access Codes: Temporary access codes generated for authorized users
Reservation Data: Guest information, check-in/check-out dates, and property details
Communication: Messages and support requests you send to us

2.2 Information We Collect Automatically

When you use our service, we automatically collect:

Device Status: Online/offline status, connectivity information, and device health data
Access Logs: Timestamps of lock/unlock events, access attempts, and user interactions
System Logs: Error messages, performance metrics, and system events
Usage Data: How you interact with our web interface and API endpoints
Technical Information: IP addresses, browser type, device type, and operating system

2.3 Information from Third Parties

We may receive information from:

Shelly Cloud: Device status and configuration data through their API
Email Services: Delivery status and bounce information for notifications
Analytics Services: Aggregated usage statistics and performance metrics

3. How We Use Your Information

We use the information we collect to:

Purpose	Information Used	Legal Basis
Provide smart lock management services	Device data, access codes, reservation info	Contract performance
Send notifications and alerts	Email address, device status, access logs	Legitimate interest
Monitor system performance	System logs, error messages, usage data	Legitimate interest
Provide customer support	Account info, communication history	Contract performance
Improve our services	Usage patterns, feedback, analytics	Legitimate interest
Ensure security and prevent fraud	Access logs, IP addresses, device status	Legitimate interest

4. Information Sharing and Disclosure

4.1 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

4.2 When We May Share Information

We may share your information in the following circumstances:

Service Providers: With trusted third-party service providers who help us operate our service (email delivery, hosting, analytics)
Legal Requirements: When required by law, court order, or government request
Safety and Security: To protect the safety and security of our users, properties, or the public
Business Transfers: In connection with a merger, acquisition, or sale of assets
With Your Consent: When you explicitly authorize us to share your information

Important: We may share aggregated, anonymized data that does not identify individual users for research, analytics, or business purposes.

5. Data Security

We implement appropriate technical and organizational measures to protect your information:

Encryption: Data is encrypted in transit and at rest using industry-standard protocols
Access Controls: Strict access controls and authentication mechanisms
Regular Audits: Security assessments and vulnerability testing
Employee Training: Regular security training for our team
Incident Response: Procedures for responding to security incidents

                Your Responsibility: You are responsible for maintaining the security of your account credentials and access codes. Never share your passwords or access codes with unauthorized individuals.
            

6. Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations:

6.1 Retention Periods

Account Information: Retained while your account is active and for 2 years after deactivation
Access Logs: Retained for 1 year for security and audit purposes
Device Status Data: Retained for 6 months for monitoring and troubleshooting
Reservation Data: Retained for 3 years for business records
System Logs: Retained for 90 days for technical support

6.2 Data Deletion

You may request deletion of your personal information by contacting us. We will delete your data within 30 days, except where retention is required by law or for legitimate business purposes.

7. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

7.1 Access and Portability

You can request access to your personal information and receive a copy in a portable format.

7.2 Correction and Updates

You can request correction of inaccurate or incomplete information.

7.3 Deletion

You can request deletion of your personal information, subject to legal and business requirements.

7.4 Restriction and Objection

You can request restriction of processing or object to certain uses of your information.

7.5 Withdrawal of Consent

Where processing is based on consent, you can withdraw consent at any time.

                Exercise Your Rights: To exercise any of these rights, please contact us using the information provided at the end of this policy.
            

8. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience:

8.1 Types of Cookies

Essential Cookies: Required for basic functionality and security
Performance Cookies: Help us understand how you use our service
Functional Cookies: Remember your preferences and settings

8.2 Cookie Management

You can control cookies through your browser settings. However, disabling certain cookies may affect service functionality.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers, including:

Standard contractual clauses approved by data protection authorities
Adequacy decisions for certain countries
Other appropriate safeguards as required by law

10. Children's Privacy

Our service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

Posting the updated policy on our website
Sending email notifications to registered users
Displaying prominent notices in our service

Your continued use of our service after changes become effective constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: compliance@airelay.app

Address: 11 Rue Fodéré 06300 Nice, France

Phone: +33 6 52 51 25 33

Data Protection Officer: compliance@airelay.app

13. Complaints

If you have concerns about our data practices, you may:

Contact us directly to resolve the issue
File a complaint with your local data protection authority
Seek legal remedies as provided by applicable law