mhome.ai logo
mhome ai
GitHub

Privacy Policy

Effective Date: 2026-03-15

MHOME AI, INC. ("Company", "we", "our", or "us") is committed to protecting your privacy. This Privacy Policy describes our data practices. Depending on where you live, certain processing activities may be based on contract necessity, legitimate interests, legal obligations, or your consent, as applicable.

1. Deployment Modes

Our Services may be offered in different deployment modes, and the way information is stored, processed, and made visible to us may differ depending on the mode you choose.

  • Cloud-Hosted Mode: If you choose a cloud-hosted deployment, service data may be stored and processed in cloud infrastructure operated by or on behalf of MHOME AI.
  • Local Hub Mode: If you choose a local hub deployment, the substantial majority of automation data, device data, and runtime data remains on the user's local hub device and is not ordinarily visible to MHOME AI's cloud systems.
  • Cloud Exceptions for Local Hub Mode: Even in local hub mode, certain limited categories of information may still be stored or processed in our cloud systems, including account registration information, household / space metadata (such as space identity and member information), and billing, subscription, usage, and token consumption records.
  • Additional Cloud-Supported Functions: Local hub mode may also rely on limited cloud-supported control-plane or service-delivery functions, such as software or integration package delivery, licensing, service updates, and other limited operational metadata reasonably necessary to operate, secure, update, support, or bill for the Services.
  • Agent-Related Cloud Functions: Certain agent-related features are expected to rely on cloud services on a continuing basis, including agent capabilities and related conversation record storage. In general, these agent features are intended for the broader product experience rather than for fully local-only deployment.
  • Developer-Oriented Local Agent Option: For developer-oriented local deployments, users may be able to configure their own API keys, tokens, or equivalent credentials in order to use locally configured agent functionality. This local agent path is intended for a different audience and setup model than the standard cloud-supported agent experience.

2. Information We Collect

We may collect the following types of personal and non-personal information when you use our Services:

a. Personal Information You Provide

Account Details: Your name, email address, and account authentication credentials when you register an account.

Contact Information: Information you share with us when communicating (e.g., customer support inquiries).

Voluntary Submissions: Additional information you provide, such as responses to surveys, feedback, or participation in promotional offers.

Location Data: The locations you enter in the Services (e.g., addresses or geographical locations used for specific features).

b. Information We Automatically Collect

When you use the Services, we automatically collect certain data, including:

  • features or functionalities accessed;
  • data integration or capability usage;
  • automation usage;
  • adoption of premade automations;
  • error logs or crash reports;
  • user preferences and settings;
  • basic technical information such as device type, operating system, app version, and service performance metrics.

c. Automation-Related Information

When using the automation features of our Services, we may collect:

  • Automation Logs: data related to the execution of automations, such as timestamps, conditions met, and actions triggered;
  • Customization Details: rules, conditions, or preferences you configure for automations within the Services;
  • Temporary Debugging Data: where needed, we may temporarily collect additional diagnostics when investigating a problem you report or authorize us to diagnose.

d. Information from Third Parties

We may also collect and store certain information from third-party integration providers as part of the necessary functionality of our Services.

Third-Party Integrations: When you connect third-party integrations to our Services (e.g., smart home devices, data APIs, or identity providers), we may store only the data required to identify and manage these integrations. This may include:

  • identification data;
  • source provider information;
  • user data from third-party integrations, such as device state data used by automations.

We aim to limit stored third-party data to what is reasonably necessary to operate the integration, support configured automations, maintain account linkage, provide troubleshooting, and secure the Services. In local hub mode, the substantial majority of runtime integration data is intended to remain on the user's local hub rather than in our cloud systems.

3. Device Permissions and Device Data

Depending on the product features you choose to enable, the Services may request access to certain device capabilities or data on your phone, desktop, or other devices.

We only access these categories when relevant to a feature you enable, your device or operating system permits such access, and you have granted the necessary permissions.

  • Notification Access: to support notification-related features or user-configured automations.
  • Call or SMS-Related Signals: only for features that explicitly rely on such device events, if enabled by you and permitted by your platform.
  • Device/System Information: to support compatibility, diagnostics, and configured functionality.
  • Local File Access: to support user-initiated file actions or integrations.

We do not claim access to every category of device data on every platform. Availability and scope depend on the feature set you use, your device settings, and the permissions you grant.

4. How We Use Your Information

We use your information solely for the necessary functionalities of our Services, including:

  • operating, maintaining, and improving the Services;
  • executing automations and providing a seamless user experience;
  • sending important service-related communications, such as updates, system notifications, or account alerts;
  • providing customer support and responding to inquiries;
  • ensuring the security of the Services and preventing unauthorized use or fraud;
  • complying with legal obligations or enforcing our Terms.

In local hub mode, cloud-side use of your information is generally limited to account, household / space management, billing, subscription, usage, token accounting, software or integration package delivery, licensing, service updates, and other limited control-plane or operational functions.

This may also include cloud-supported agent functionality and storage of agent-related conversation records for agent features that are designed to rely on cloud services.

For developer-oriented local agent setups, where a user provides their own API key, token, or equivalent credential, agent-related processing may follow a different local deployment path.

We do not use personal information for advertising, profiling for unrelated commercial purposes, or unrelated data monetization. We process personal information only as reasonably necessary to provide, operate, secure, maintain, support, bill for, and improve the Services and the functionality requested by the user.

5. How We Share Your Information

We do not sell your personal information. However, we may share your data as necessary for the operation of our Services in the following circumstances:

a. Service Providers

Third-party vendors who assist with the operation of our Services, such as payment processors, cloud storage providers, email services, or similar providers. These providers are only given access to the minimum data necessary to perform their tasks on our behalf and are contractually obligated to protect your information.

b. Third-Party Integrations

When you connect third-party integrations (e.g., smart home devices or APIs) to our Services, we use data from these integrations as part of executing required automations. In some cases, information from one integration may need to be sent to another integration to provide the functionality you have configured.

For example, if an automation you configure involves sending a temperature reading from one provider to trigger an action with another provider, the data will be shared as required to fulfill the automation.

This sharing is strictly limited to the purpose of executing automations you configure and does not extend beyond what is necessary for the function.

In local hub mode, such automation-related data exchanges may occur locally through the user's hub rather than through our cloud systems, depending on the architecture of the enabled feature.

c. Legal Compliance

We may disclose your information to comply with applicable laws, regulations, or legal processes, or to protect the rights, safety, and property of our users, our company, or others.

d. Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity as part of the transaction. In such cases, we will notify you before your data becomes subject to a different privacy policy, where required by law.

6. Your Privacy Choices

You have options to manage how your information is used:

  • Access and Update: You can review or update your personal information by accessing your account settings.
  • Data Deletion: You can request that we delete your personal information, subject to applicable laws.
  • Third-Party Integrations: You can disconnect third-party integrations through your settings at any time.
  • Cookies: We do not use cookies or similar technologies for third-party advertising, behavioral advertising, or cross-context behavioral tracking. We use cookies, local storage, and similar technologies only where reasonably necessary to operate the Services, maintain sessions, remember preferences, support security, measure service performance, and provide user-requested functionality.

For more information or to exercise these rights, contact us at yw@mhome.ai.

We may take reasonable steps to verify your identity before fulfilling certain requests, and we may retain limited information where necessary to comply with law, prevent fraud, resolve disputes, or enforce our agreements.

7. Security of Your Information

We take reasonable measures to protect your information from unauthorized access, disclosure, or misuse. However, no method of transmission or storage is completely secure. By using our Services, you acknowledge and accept these risks.

We use reasonable administrative, technical, and organizational measures designed to protect information against unauthorized access, loss, misuse, or alteration. However, we cannot guarantee absolute security.

8. Retention of Your Information

We retain your personal information only for as long as necessary to fulfill the purposes described in this Privacy Policy or as required by applicable law. Once no longer needed, we securely delete or anonymize the data.

Retention periods may vary depending on the type of data. For example, account records may be retained while your account is active; automation logs and diagnostics may be retained for shorter operational periods; and certain records may be retained longer where required for security, fraud prevention, backups, dispute resolution, or legal compliance.

9. International Users

Our Services are operated from the United States. If you access the Services from outside the United States, your information may be transferred to, processed in, or stored in the United States or other jurisdictions that may have different data protection laws. Where required by applicable law, we will use appropriate safeguards for cross-border transfers.

10. California Residents

If you are a California resident, you may have rights under California privacy laws, including:

  • the right to know what personal information we collect and how we use it;
  • the right to request deletion of your personal information;
  • the right to opt out of the "sale" of personal information, if applicable;
  • the right not to be discriminated against for exercising applicable privacy rights.

To exercise these rights, please contact us at yw@mhome.ai.

11. Residents of the European Economic Area / United Kingdom

If you are located within the EEA or UK, you may have rights under applicable data protection laws, including:

  • the right to access, correct, or delete your personal data;
  • the right to restrict or oppose data processing;
  • the right to withdraw consent for processing, where applicable;
  • the right to data portability;
  • the right to lodge a complaint with your local supervisory authority.

For inquiries or to exercise these rights, contact us at yw@mhome.ai.

12. Children's Privacy

The Services are not directed to children under 13, and we do not knowingly collect personal information from children under 13 except as permitted by applicable law. If you believe a child has provided us personal information in violation of applicable law, please contact us so we can investigate and take appropriate action.

13. Contact Us

MHOME AI, INC.
Incorporated in Delaware; principal place of business in California
Email: yw@mhome.ai