GPO Home Mobile Application Privacy Policy

Privacy Policy for GPO Home Mobile Application

Last Updated: February 2, 2025

Effective Date: February 2, 2025

1. Introduction

Welcome to GPO Home. This Privacy Policy explains how GPO OÜ ("GPO", "we", "us", or "our") collects, uses, discloses, and safeguards your information when you use our GPO Home mobile application (the "App") available on iOS and Android platforms.

GPO OÜ is a company registered in Estonia, with its headquarters located at Peterburi tee 38/9, Tallinn, Estonia.

Please read this Privacy Policy carefully. By downloading, installing, or using the App, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the App.

2. Information We Collect

2.1 Information You Provide Directly

Account Information:

  • Email address (when registering an account)
  • Password (encrypted)
  • Name and profile information (when using social login via Google, Apple ID, or Facebook)

Device Setup Information:

  • Names you assign to your devices, rooms, and buildings
  • Location labels and organization of your heating system
  • Custom heating schedules and preferences
  • Temperature settings and preferences

Note: You can use the App without creating an account. However, an account is required for cloud synchronization, multi-device access, and device sharing features.

2.2 Information Collected Automatically

Device and Sensor Data:

  • Temperature readings (ambient and surface)
  • Humidity readings (where applicable)
  • Energy consumption statistics
  • Device status (on/off, heating mode, timer status)
  • Firmware version information
  • Device serial numbers and identifiers

Usage Data:

  • App interaction patterns
  • Features used and frequency of use
  • Schedule configurations
  • Error logs and diagnostic data

Technical Data:

  • Device type and operating system version
  • App version
  • IP address (for cloud connectivity)
  • Bluetooth and WiFi connection data
  • Time zone and language preferences

2.3 Information from Third Parties

Social Login Providers:
When you choose to sign in using Google, Apple ID, or Facebook, we receive:

  • Your name
  • Email address
  • Profile picture (optional)

We do not receive or store your social media passwords.

Electricity Price Data:
We may integrate with Nord Pool and other electricity market data providers to offer price-based heating optimization. This data is publicly available and does not contain personal information.

3. How We Use Your Information

We use the collected information for the following purposes:

3.1 Core App Functionality

  • Enable remote control of your GPO heating devices
  • Provide real-time temperature monitoring and adjustment
  • Execute and manage heating schedules
  • Display energy consumption statistics
  • Enable device sharing between users
  • Synchronize settings across multiple devices

3.2 Service Improvement

  • Analyze usage patterns to improve app functionality
  • Identify and fix bugs and technical issues
  • Develop new features based on user needs
  • Optimize heating algorithms and energy efficiency recommendations

3.3 Communication

  • Send critical notifications about your devices (e.g., overheating alerts, connection issues)
  • Provide customer support
  • Send firmware update notifications
  • Inform you about important changes to our services or policies

3.4 Security

  • Verify your identity and prevent unauthorized access
  • Detect and prevent fraud or abuse
  • Monitor for security threats

4. Data Storage and Security

4.1 Data Storage Location

Your data is stored on secure servers located within the European Union, in compliance with EU data protection regulations.

4.2 Data Retention

  • Account Data: Retained while your account is active and for up to 3 years after account deletion for legal compliance purposes.
  • Device Data: Temperature and energy consumption data is retained for up to 2 years to provide historical statistics and analytics.
  • Usage Logs: Retained for up to 1 year for troubleshooting and service improvement.

4.3 Security Measures

We implement appropriate technical and organizational security measures, including:

  • Encryption of data in transit (TLS/SSL)
  • Encryption of sensitive data at rest
  • Secure authentication mechanisms
  • Regular security audits
  • Access controls and authentication for our staff
  • Secure firmware update mechanisms (OTA)

5. Data Sharing and Disclosure

5.1 We Do NOT Sell Your Personal Data

GPO does not sell, rent, or trade your personal information to third parties for marketing purposes.

5.2 Sharing with Your Consent

You may choose to share access to your devices with other users (family members, property managers, etc.). Shared users will be able to view and control the devices you grant them access to.

5.3 Service Providers

We may share data with trusted third-party service providers who assist us in:

  • Cloud hosting and infrastructure
  • Analytics and app performance monitoring
  • Customer support services

All service providers are contractually obligated to protect your data and use it only for the specified purposes.

5.4 Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or if we believe disclosure is necessary to:

  • Comply with legal obligations
  • Protect our rights or property
  • Prevent fraud or security threats
  • Protect the safety of our users or the public

5.5 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity. We will notify you of any such change.

6. Your Rights and Choices

Under the General Data Protection Regulation (GDPR) and applicable data protection laws, you have the following rights:

6.1 Right to Access

You can request a copy of the personal data we hold about you.

6.2 Right to Rectification

You can update or correct your personal information through the App settings or by contacting us.

6.3 Right to Erasure

You can request deletion of your account and associated personal data. Note that some data may be retained for legal compliance.

6.4 Right to Data Portability

You can request your data in a structured, machine-readable format.

6.5 Right to Restrict Processing

You can request that we limit how we use your data in certain circumstances.

6.6 Right to Object

You can object to processing of your data for certain purposes.

6.7 Right to Withdraw Consent

Where processing is based on consent, you can withdraw your consent at any time.

6.8 How to Exercise Your Rights

To exercise any of these rights, please contact us at:

We will respond to your request within 30 days.

7. Bluetooth and Local Communication

7.1 Bluetooth Low Energy (BLE)

The App uses Bluetooth Low Energy to communicate directly with GPO devices when you are in proximity. This enables:

  • Initial device setup and configuration
  • Local control without internet connection
  • Faster response times for adjustments

7.2 Local Data

When using Bluetooth only (without cloud account), your device settings are stored locally on your phone and on the device itself. This data is not transmitted to our servers.

8. Children's Privacy

The GPO Home App is not intended for use by children under the age of 16. We do not knowingly collect personal information from children under 16. If you believe we have inadvertently collected such information, please contact us immediately.

9. Third-Party Links and Services

The App may contain links to third-party websites or services (e.g., our online store, support pages). This Privacy Policy does not apply to those third-party services. We encourage you to review their privacy policies.

10. International Data Transfers

If you are accessing the App from outside the European Union, please note that your data may be transferred to, stored, and processed in Estonia and other EU countries. By using the App, you consent to such transfers.

For transfers outside the EU/EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the new Privacy Policy in the App
  • Sending you a notification through the App
  • Updating the "Last Updated" date at the top of this policy

We encourage you to review this Privacy Policy periodically.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

GPO OÜ

Data Protection Officer:
For GDPR-related inquiries, you may contact our Data Protection Officer at dpo@gpo-tech.com.

13. Supervisory Authority

If you are located in the European Union and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection supervisory authority.

For Estonia:
Andmekaitse Inspektsioon (Data Protection Inspectorate)

14. Summary of Data Practices

Data Type Purpose Retention Shared
Email, Name Account management While account active + 3 years No
Temperature data Display, analytics 2 years With shared users only
Energy consumption Statistics, optimization 2 years With shared users only
Device identifiers Device management While device registered No
Usage logs Troubleshooting 1 year No
IP address Security, connectivity Session-based No

15. App Store Specific Disclosures

Apple App Store

In accordance with Apple's App Privacy requirements:

  • Data Used to Track You: None
  • Data Linked to You: Email, name (if account created), usage data
  • Data Not Linked to You: Diagnostics, crash reports

Google Play Store

In accordance with Google Play's Data Safety requirements:

  • Data Shared: None sold to third parties
  • Data Collected: Account info, device data, app activity
  • Security Practices: Data encrypted in transit, data deletion available