Roost Privacy Policy

Roost Privacy Policy

This Privacy Policy adheres to the Privacy Shield Principles

 

Last updated December 1, 2022

 

1        Introduction

Roost, Inc. (“Roost” or “we” or “us” or “our”) offers the smart devices and services described in this Privacy Policy and is committed to protecting your privacy. This Privacy Policy applies to all the product solutions, websites, mobile apps and any other services offered or powered by Roost, except where otherwise noted. We refer to those product solutions, websites, mobile apps and other services collectively as the “Services” in this policy.

By using any portion of our Services, you agree to the ROOST MONITORING & SERVICE AGREEMENT TERMS AND CONDITIONS and the conditions of this Privacy Policy. Please read them carefully.

2        Information we collect

2.1       Who are “you”?

We refer to “you” a lot in this Privacy Policy. To better understand what information is most relevant to you, please see the following definitions.

Account holder

You opened an account using a Roost mobile app or an insurance company’s white-label Roost app, which you downloaded on your smartphone, or through another third-party provider’s platform, but you have not purchased or installed a Roost device yet.

Roost registered user

You opened an account using a Roost mobile app or an insurance company’s white-label Roost app, which you downloaded on your smartphone, or through another third-party provider’s platform. You have also purchased or installed one or more Roost devices using your smartphone and a Wi-Fi network you control, or a cellular network, and/or you logged in on a third-party program provider’s application that works with Roost devices.

Monitor

You were requested by someone that you know to be a monitor for their active Roost devices. You agreed, and then opened an account using the Roost or insurance co-branded mobile app which you downloaded on your smartphone or using a third-party provider’s platform. You may or may not have installed your own Roost devices using your own smartphone.

Emergency contact

You have been designated as an emergency contact by a Roost Registered User, which Roost, an insurance company, or another third-party provider may communicate with where necessary, including in emergencies when the Roost Registered User is not reachable.

Website visitor

You visited one of our websites because you are curious about Roost.

Referral user

A Roost Registered User has referred you to Roost to use the Roost Services.

2.2       Information we collect about you

“Personal Data” means information about someone that allows the person to be identified, either directly or indirectly. This information may include, for example, your name, address, mobile number, e-mail address, as well as any other information that could identify you.

“Additional Data” means device collected data such as temperature, humidity, garage door status, door and/or window status, battery levels, wireless signal strength, cellular connectivity, and the alerts generated by a device.

We collect the following Personal Data and Additional Data (collectively referred to as “your information”) from users of Roost Services or from a third-party, as described below:

Information to set up a Roost Account

You need a Roost account before you can use Roost Services. When you register for an account, we may collect your smartphone number, and in some cases your email address and your name directly from you, from an insurance company or from another third-party program provider. We or a third-party program provider will then provide you with an SMS access number during set up.

If a friend or family member asks you to be a Monitor for their Roost account, Roost or the user’s third-party program provider will automatically send you an invitation via SMS text. We may use and store this Personal Data for the sole purpose of sending these invitation texts, providing the Services and tracking the success of our referral program, if applicable.

Information to purchase a Roost Device

If you purchase a Roost device on our website, we require you to provide your billing details, including your name, billing address, shipping address, email address and financial information corresponding to your selected method of payment (e.g. a credit card number and expiration date). This information is provided to a trusted third-party (for example, Shopify, WooCommerce or Stripe) who processes your payment. Roost does not view or retain any of your personal financial information. We do retain your name, billing address, shipping address, email address and smartphone number.

Device and smartphone data

We collect information from the Roost device and, if you use the Roost mobile app, from the smartphone you used to install your Roost device.

Data about the device may include the device’s installation address and name (which you provide in the Roost mobile app or a third-party providers’ platform), your Emergency Contact’s information (name, phone number), the system’s personal identification number and Additional Data, such as temperature, humidity, batteries level, wireless signal strength and alerts.  Our servers keep log files that record these data each time your device accesses those servers and updates this information.

Information we collect about your smartphone, if applicable, includes its make and model and its operating system version.

Wireless network data

When you install a Roost device, you connect the device to a cellular network or to your wireless network. With your permission, if you use the Roost mobile app, we store your wireless network name and password in the app so you can easily set up another Roost device. Your wireless network name and password are also stored in the internal flash memory of the installed Roost device so that it can connect to the Roost cloud. We also store your network name (SSID) in the Roost cloud.

Cellular networks don’t require passwords, but they use SIM cards to provide the necessary security information to the cellular network.  Roost stores the SIM card information of your cellular-based Roost devices.  Roost does not collect, use or store the SIM card information of your smartphone.

Customer support data

If you contact us for support regarding the Roost products or Services, we may collect your name, e-mail address, phone number and any communications or correspondence that you send us. Additionally, we may ask for your smartphone operating system and version, and shipping address if we need to send a replacement device.

Website referral information

If you arrive at a Roost website from an external source (such as a link on another website or in an email), we record information about the source that referred you to us.

Website usage information

To help improve the usability of our websites, we collect usage information about you whenever you interact with our websites and Services as further described in Section 5 of this Privacy Policy. For example, this may include information like which Roost webpages you visit, what you click on, and when you perform those actions..

Roost services provided to you through a third-party program provider

It is very common for Roost to provide its products and Services to or through a third-party program provider, and for this third-party to provide the Roost products and Services to its own customers. If Roost devices or Services are provided to you through a third-party provider’s platform, this third-party may provide your information to Roost, as long as you also give the third-party permission to share this information with us.

3        How we use the information we collect

We process your information with your consent or, where permitted by law, in order to fulfill our contractual responsibility to deliver the Roost Services to you. We may also process your information for other purposes permitted by law, including responses to subpoenas, warrants and other valid legal process or for security purposes.

Contact information

We use your name and shipping address information, so we can ship you Roost devices.  We may use your email address or smartphone number to send you installation reminders and updates on products and services, provide customer support, and/or to respond to your inquiries.

If you purchase products and Service directly from us rather than through a third-party provider, we might also send you user surveys and marketing information now and then, as well as newsletters, and general updates to your account. You can opt out of Roost marketing communications at any time by clicking on the “unsubscribe” link in them, or by changing your account settings in the Roost app on your smartphone.

Home Wi-Fi information

If you use the Roost mobile app, we store your home Wi-Fi name and password in the flash memory of your smartphone. This allows you to easily add new Roost devices to the same Wi-Fi network.

Device identification to send you alerts

We or the third-party provider you sign up with, will store the device’s name, device type, and installation location so you can identify the device’s data and alerts during use.

During set up, we or the third-party provider, will ask you to identify the type of device (such as a Water Leak and Freeze Detector), a name for it (such as, Downstairs Bathroom), and location (such as, Under sink). You can change the device information anytime in the Roost or white-label insurance app, or by contacting the third-party provider you sign up with.

Alerts

We, or the third-party provider you sign up with, may use the device MAC ID, your name and your smartphone number to send you alerts and to contact you when an event requires action, if you have subscribed to the home monitoring services. We, or the third-party, may use the name and smartphone numbers of each of your invited Monitors and designated Emergency Contacts to do the same. Where this information is collected by Roost, it will be stored in the Roost cloud.

We use your smartphone number as your unique user ID in our system.  You use this number to set up Roost devices, and we use it to send device information to you. The Roost Services do not work without matching the device MAC ID with your smartphone number. We, or the third-party provider, retain the Monitor and Emergency Contact information you provide us so we may contact them with alerts if we cannot reach you.

Device information

We record the battery level and Wi-Fi strength of each device. If your device records other data (such as temperature or humidity) we record that as well. This data is sent from the Roost cloud to your smartphone and may be processed by Roost’s service providers or third-party providers you sign up with.

We also record the day and time your device alerts, and when it stops.

Data analysis to measure, administer and improve the effectiveness of our services

As part of Roost’s efforts to improve our products and Services and to better protect homeowners from risks, we will consolidate and analyze device data on an aggregated basis. We constantly look for alerts our devices might mistakenly send, or for instances when our sensors were too sensitive. We look for patterns in location, temperature, and humidity to find better ways of predicting leaks or freezing pipes.

Because these analyses are performed with aggregated data, Roost cannot identify you or any other specific Roost user.

Legal requirements

To respond to legal requests, we may need to use and disclose your information. If we receive a subpoena or other legal request, we may need to inspect the data we hold to determine how to respond.

3.1       International transfers of personal data

Your information may be transmitted through, stored or processed in countries other than your home country. This means that your information may be subject to government or law enforcement access under the laws of those countries. We use contractual and other measures to provide a comparable level of protection to Personal Data wherever it is handled.

4        Sharing your information

We do not sell your information to any third parties.  We may share your information or data with third parties outside Roost, in the following limited circumstances or as permitted or required by law:

With our partners and service providers

To provide you with our Services, we partner with trusted service providers and third parties, including to:

  • store and process data, including the information we collect about you;
  • host and power our websites and mobile application;
  • process payments;
  • provide customer support;
  • ship products to you;
  • analyze data, after such data has been aggregated so it cannot be used to identify any individual; and
  • offer you Services, including home monitoring services.

We may provide your information to these trusted third parties, who may only process the information to perform the requested services. We also enter into appropriate contractual terms with partners and third-party service providers to ensure they comply with high levels of confidentiality and comparable privacy and security practices.  We regularly review the practices of our partners and services providers.

With emergency services

To provide our Services, we may share your information with third-party emergency service providers such as police departments and fire departments, if applicable.

With your insurer

If Roost devices are associated with your insurer, we may provide your insurer some or all of your information.

Your insurer may also provide your contact information to Roost so that we can ship the Roost device to you, as long as you give permission to share this information with us.

With a third-party provider

If you use a third-party platform with your Roost devices and Services, Roost will share  your information with the third-party platform that is necessary to provide  Services to you.

With your monitor or emergency contacts

As part of Roost’s Services, you have the ability to identify a Monitor or Emergency Contact.  If you use the Roost mobile app or have designated the Monitors as Emergency Contacts in a third-party provider’s platform, these monitors are provided the same device alerts that you receive as part of Roost Services.

With a third party in the event of sale or change of control

We may share some or all of your Personal Data in connection with or during negotiation of any merger, financing, acquisition or dissolution transaction or proceeding involving sale, transfer, divestiture, or disclosure of all or a portion of our business or assets. In the event of an insolvency, bankruptcy, or receivership, Personal Data may also be transferred as a business asset. If another company acquires the Roost business or assets, that company will possess the Personal Data collected by us and will assume the rights and obligations regarding your Personal Data as described in this Privacy Policy.

With legal authorities

We may also have to share information or data in order to meet any applicable law, regulation, legal process, or governmental request. We will also share your data to detect, prevent, or otherwise address fraud or security issues. And lastly, we may have to share your data to protect against harm to the rights, property or safety of our users, the public, or to Roost and/or as required or permitted by law.

5        Cookies

We use cookies and similar technologies on our websites. Cookies are small bits of data we store on the device you use to access our website so we can recognize you as a repeat user. Each cookie expires after a certain period of time, depending on what we use it for.

We use certain cookies that you agree to when you use our websites and, in the case of some cookies, for legitimate interests of delivering and optimizing our Services when the cookie delivers essential functionality. We use cookies to make our site easier to use, for security reasons, to improve our Services.

You can choose to remove or disable cookies at any time via your browser setting.

6        Security of your information

We use physical, technical and administrative security measures and safeguards appropriate to the level of sensitivity and risk to protect your personal data against loss, theft, and unauthorized access. Examples of such measures include training of personnel, using passwords, restricted access to offices, limiting access to information on a “need-to-know” basis and well-defined internal policies and practices.

7        Data retention

As long as you have an account with Roost, we do not delete the data in your account.  If you use the Roost mobile app, you are responsible for the data in your account and how long you retain it. There are controls in your account where you can delete or revise data at the account level (all data in your account) and at the data element level. If you delete your account, your Personal Data will also be deleted.

As long as you have a Roost device set up in your account, we do not delete the data from the device. A Roost device can be deleted at any time using the Roost app or your third-party provider’s platform. When a device is deleted, it no longer provides data to Roost or to your smartphone. Where permitted by law, Roost may aggregate data for analysis purposes.

8        Safety of minors

Our Services are not intended for and may not be used by minors who we define as individuals under the age of 18. Minors between 13 and 18 may only use our Services with express consent from their legal guardian, and the guardian will be bound by these terms. Roost does not knowingly collect Personal Data from minors or allow them to open Roost accounts. If it comes to our attention that we have collected Personal Data from a minor, we will delete this information without notice. If you have reason to believe that this has occurred, please contact Roost customer support at the following email address: support@getroost.com.

9        Third-Party websites

Our websites or app may contain links to third party websites. When you click on a link to any other website or location, you will leave our sites or mobile app and go to another site, and another entity may collect information about you. We have no control over, do not review, and cannot be responsible for, these outside websites or their content.

Please be aware that the terms of this Privacy Policy do not apply to these outside websites or content, or to any collection of your Personal Data after you click on links to such outside websites. We encourage you to read the privacy policies of every website you visit. The links to third party websites or locations are for your convenience and do not signify our endorsement of such third parties or their products, content or websites.

10    Canadian users

Your consent choices

We collect, use and share your information in order to provide you with the Services. In some cases, you may be asked to consent to optional uses of your information, such as the use of some of our cookies or to receive promotional emails.

You can vary or withdraw your consent to these optional uses of Personal Data any time without affecting the Services we provide to you. You may adjust your preferences by contacting us (see Contact Us below). If you wish to vary or withdraw your consent to ways in which we use, process or disclose your information that may limit our ability to provide you with certain products or Services that require your information, we will tell you about those consequences. There are limited situations in which you cannot vary or withdraw consent, such as where the information is required for legal compliance.

Rights of access, correction and data portability

You are entitled to access and request a copy of all Personal Data we have about you. You may request that we correct any inaccurate, outdated or incomplete data we may have about you. You can access and update a lot of your information in your own account using the Roost app or a third-party provider’s platform. However, if this does not meet your needs, or you want to request that your Personal Data be sent to you or another organization, please contact us at the address provided below.

11    Facilitating international transfers and GDPR (for EU users)

Your information may be transferred to or accessed by Roost and third parties around the world. Roost complies with laws on the transfer of personal information between countries to keep your personal information protected, wherever it may be.  Roost further complies with the EU’s General Data Protection Regulation (“GDPR”).  We have implemented various safeguards including Contractual Clauses, such as those approved by the EU Commission and accepted in several other countries.

While the EU-US Privacy Shield Framework can no longer be relied upon for the transfer of Personal Information, we continue to comply with all EU-US Privacy Shield Framework obligations.  To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List:  https://www.privacyshield.gov/.

Roost is responsible for the processing of Personal Data it receives, under the Privacy Shield Framework, and data it subsequently transfers to third parties acting as agents on its behalf. Roost complies with the Privacy Shield Principles for all onward transfers of Personal Data from the EU, including the onward transfer liability provisions. Roost further complies with the EU’s General Data Protection Regulation (“GDPR”).

With respect to Personal Data received or transferred pursuant to the Privacy Shield Framework, Roost is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Roost may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

11.1    Who is my data controller?

Most of the time, Roost is the data processor.  We take data provided to us by you and/or by your insurance company or other third party and process it to deliver the Roost Services.  In these cases, your insurance company or other third-party is the data controller.

When you purchase a product directly from Roost, Roost is the data controller and data processor.

In most other instances, Roost is the data processor, only.

11.2    Your GDPR rights

If the processing of your personal information is subject to the EU General Data Protection Regulation (“GDPR”) or UK General Data Protection Regulation (“UK GDPR”), and your personal information is processed based on legitimate interests, you have the right to object to the processing on grounds relating to your specific situation. Under GDPR and UK GDPR you may also have the right to request to have your personal information deleted or restricted, ask for portability of your personal information, and not be subject to a decision based solely on automated processing. Where the processing of your personal information is based on consent, you have the right to withdraw this consent at any time. This does not affect the lawfulness of the processing based on consent before your withdrawal.

When you open and maintain an account with Roost, you are entitled to a copy of all Personal Data, which we hold in relation to you. You are also entitled to request that we restrict how we use your data or object to some aspect of our treatment of your data. You can access a lot of your data in your own account using the Roost app. However, if you want to obtain a full copy of all your data or to request a restriction/limitation in how we use your data, please contact us at the address provided below.

11.3    Resolving complaints

In compliance with the Privacy Shield Principles, Roost commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Roost at:

Data Protection Officer
Roost
1250 Borregas Ave.
Sunnyvale, CA 94089 USA

Roost has further committed to refer unresolved Privacy Shield complaints to JAMS an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit https://www.jamsadr.com/eu-us- privacy-shield for more information or to file a complaint. The services of JAMS are provided at no cost to you.

Under certain conditions, more fully described on the Privacy Shield
website; https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.

If you are resident in the European Union and you are dissatisfied with how we have managed a complaint you have submitted to us, you are also entitled to contact your local data protection supervisory authority.

12    California Consumer Privacy Act of 2018 (CCPA)

If you are a California resident, you have rights under the CCPA. There may be cases where we present you with an additional privacy notice that includes information specific to an activity or offering.  As a California resident, you have the right to:

Know your personal information

You can request specific pieces of Personal Information, or information about the categories of Personal Information that Roost holds about you by contacting us as set forth below.

Request deletion of your personal information

You can request the deletion of the Personal Information that Roost holds about you by contacting us as set forth below.

Non-Discrimination

If you choose to exercise any of these rights, we will not deny goods or services to you or provide different quality of services.

Authorized agent

You may use an authorized agent to submit a request about your personal information. To use an authorized agent, you must provide the agent with written authorization. In addition, you may be required to verify your own identity with Roost.

13    Changes to our Privacy Policy

We can make changes to this Privacy Policy from time to time. We will identify the changes we have made on this page. In circumstances where a change will materially change the way in which we collect or use your information, we will send a notice of this change to all of our Account Holders.

14    Contact us

If you have any questions, concerns or complaints about this Privacy Policy or our Personal Data collection or processing practices, or if you want to report any security violations to us, please contact our Privacy Officer using the following contact information:

Email: privacy.office@roostlabs.com

Mail:

Roost Inc., c/o Data Protection Officer

1250 Borregas Ave., Sunnyvale

CA 94089

 

We will reply to your question or complaint as soon as we can and, in any event, within 30 days.