habitátech
Login

Privacy Policy — HabitaTech Europe

Last updated: 2026-04-30

This Privacy Policy explains how HabitaTech processes personal data through https://habitatech.io, customer communications, quotes, support, installations, remote-access services, and optional managed services.

1. Controller

Controller: Mx-Technologies S.à r.l.-S, in formation
Trade name: HabitaTech
Address: 8 rue des Fraises, L-7312 Mullendorf, Grand Duchy of Luxembourg
Email: contact@habitatech.io

Until incorporation is completed, the website is operated as a pre-launch project by Jorge Ramón Ramírez Sáenz.

2. Summary

HabitaTech does not sell personal data.

HabitaTech does not use Google Analytics, Meta Pixel, advertising cookies, behavioural advertising, newsletter tracking, or third-party marketing tools.

HabitaTech uses personal data only to respond to enquiries, prepare quotes, deliver smart-home services, operate the website, provide support, secure the system, perform backups, manage subscriptions, and comply with legal obligations.

3. Data we collect from leads

When a person uses the website, contact form, configurator, WhatsApp link, or email, HabitaTech may collect:

  • name, if provided;
  • email address;
  • phone number, if provided;
  • market and language preference;
  • property type;
  • selected features or smart-home requirements;
  • form answers;
  • IP address;
  • user agent;
  • timestamp;
  • messages and attachments sent by the user.

4. Data we collect from customers

For customers, HabitaTech may also process:

  • customer name and contact details;
  • billing information;
  • payment status;
  • property addresses;
  • property names;
  • device inventory;
  • Home Assistant configuration;
  • service tier;
  • support tickets;
  • task photos and comments;
  • contact details for handymen, cleaners, technicians, or property managers;
  • PMS credentials or API tokens, encrypted at rest where technically possible;
  • PMS reservation timing and occupancy state;
  • anonymous reservation IDs where guest names are not needed;
  • diagnostic events, logs, battery warnings, hub-offline alerts, and system-health data.

5. Photos and task verification

Customers, handymen, cleaners, or technicians may upload photos of properties, locks, electrical panels, devices, task results, or maintenance issues through signed URLs or the customer portal.

For Tier 2 Managed customers, task photos and comments may be processed by AI verification tools, including Anthropic Claude, to assist with task verification.

AI task verification is an aid only and may be wrong. HabitaTech may use the result to support workflow decisions but does not guarantee that every issue will be detected.

6. Camera footage and doorbell recordings

HabitaTech does not collect, store, transmit, or access camera footage by default.

Frigate or similar video systems run locally on the customer's mini PC where enabled. Recordings, if any, are stored on customer-controlled local hardware.

The customer is the controller of camera and doorbell recordings and is responsible for lawful basis, guest notices, staff notices, signage, camera placement, retention, and compliance with privacy and surveillance laws.

HabitaTech accesses live cameras only with explicit customer authorisation for a specific support incident.

7. Purposes and legal bases

HabitaTech processes personal data for the following purposes:

Purpose Legal basis
Responding to enquiries and preparing quotes Pre-contractual steps
Creating and managing customer accounts Contract
Delivering smart-home services Contract
Hardware procurement and project coordination Contract
Remote access, monitoring, backups, and alerts Contract / legitimate interests
PMS integrations and task automation Contract / customer authorisation
AI task verification for Tier 2 Contract / legitimate interests
Website security, logs, abuse prevention Legitimate interests
Accounting, invoices, legal records Legal obligation
Optional marketing, if ever introduced Consent or legitimate interests, depending on context

8. Processors and subprocessors

HabitaTech may use the following providers:

  • Hetzner Online GmbH — VPS hosting, Germany;
  • Cloudflare Inc. — DNS, proxy, TLS, security, WAF;
  • Purelymail LLC — transactional email;
  • Anthropic Inc. — Claude Haiku or similar AI task photo verification, Tier 2 only;
  • Meta Platforms Ireland — WhatsApp Business API transactional notifications;
  • GitHub Inc. — deployment pipeline metadata only, no intentional customer data;
  • Stripe — payments, when enabled;
  • AWS S3 or S3-compatible storage — encrypted backups, planned / in development.

PMS platforms such as Hostaway, Guesty, Cloudbeds, and Lodgify are customer-authorised third-party integrations. The customer provides or authorises the credentials. HabitaTech uses those integrations on the customer's behalf to provide the requested service.

9. International transfers

Some providers may process data outside the European Economic Area, including in the United States.

Where required, HabitaTech relies on appropriate safeguards such as standard contractual clauses, adequacy decisions, data-processing agreements, provider security measures, or other lawful transfer mechanisms.

10. Security measures

HabitaTech uses reasonable technical and organisational measures, including:

  • HTTPS/TLS;
  • Cloudflare proxy and security controls;
  • server isolation;
  • access controls;
  • encryption at rest where technically supported;
  • encrypted PMS credentials where possible;
  • limited internal access;
  • role-based access when future staff are added;
  • server logs retained for limited periods;
  • backups with limited retention.

No system is perfectly secure. Customers are responsible for their own account security, local network security, passwords, and physical security.

11. Retention periods

Data category Retention
Leads that do not convert 12 months, then deleted or anonymised
Customer account data Contract lifetime + 30 days, unless law requires longer
Server logs 30 days
Cloud backups 7 days by default unless extended retention is purchased
Task photos Contract lifetime + 30 days
Accounting and invoice records As required by applicable law
Security records As long as needed to investigate abuse, fraud, or security incidents

After cancellation, cloud data is normally deleted within 30 days. Local data on the customer's mini PC remains with the customer.

12. Customer deletion requests

Customers may request deletion by email:

contact@habitatech.io

Deletion may be limited where HabitaTech must retain data for accounting, legal, security, dispute, fraud-prevention, or compliance reasons.

13. Your rights

Depending on the situation and applicable law, you may have the right to:

  • access your personal data;
  • correct inaccurate data;
  • request deletion;
  • restrict processing;
  • object to processing;
  • receive data portability;
  • withdraw consent where processing is based on consent;
  • lodge a complaint with a supervisory authority.

In Luxembourg, the relevant data-protection authority is the Commission nationale pour la protection des données (CNPD).

14. Children

HabitaTech services are not directed to children. Customers should not submit children's personal data unless necessary for the agreed service and legally authorised.

15. Changes

HabitaTech may update this Privacy Policy as services, processors, or legal requirements change.

Material changes will be published on this page and, where appropriate, notified to customers.