Last updated December 1, 2022
2 Information we collect
2.1 Who are “you”?
You opened an account using a Roost mobile app or an insurance company’s white-label Roost app, which you downloaded on your smartphone, or through another third-party provider’s platform, but you have not purchased or installed a Roost device yet.
Roost registered user
You opened an account using a Roost mobile app or an insurance company’s white-label Roost app, which you downloaded on your smartphone, or through another third-party provider’s platform. You have also purchased or installed one or more Roost devices using your smartphone and a Wi-Fi network you control, or a cellular network, and/or you logged in on a third-party program provider’s application that works with Roost devices.
You were requested by someone that you know to be a monitor for their active Roost devices. You agreed, and then opened an account using the Roost or insurance co-branded mobile app which you downloaded on your smartphone or using a third-party provider’s platform. You may or may not have installed your own Roost devices using your own smartphone.
You have been designated as an emergency contact by a Roost Registered User, which Roost, an insurance company, or another third-party provider may communicate with where necessary, including in emergencies when the Roost Registered User is not reachable.
You visited one of our websites because you are curious about Roost.
A Roost Registered User has referred you to Roost to use the Roost Services.
2.2 Information we collect about you
“Personal Data” means information about someone that allows the person to be identified, either directly or indirectly. This information may include, for example, your name, address, mobile number, e-mail address, as well as any other information that could identify you.
“Additional Data” means device collected data such as temperature, humidity, garage door status, door and/or window status, battery levels, wireless signal strength, cellular connectivity, and the alerts generated by a device.
We collect the following Personal Data and Additional Data (collectively referred to as “your information”) from users of Roost Services or from a third-party, as described below:
Information to set up a Roost Account
You need a Roost account before you can use Roost Services. When you register for an account, we may collect your smartphone number, and in some cases your email address and your name directly from you, from an insurance company or from another third-party program provider. We or a third-party program provider will then provide you with an SMS access number during set up.
If a friend or family member asks you to be a Monitor for their Roost account, Roost or the user’s third-party program provider will automatically send you an invitation via SMS text. We may use and store this Personal Data for the sole purpose of sending these invitation texts, providing the Services and tracking the success of our referral program, if applicable.
Information to purchase a Roost Device
If you purchase a Roost device on our website, we require you to provide your billing details, including your name, billing address, shipping address, email address and financial information corresponding to your selected method of payment (e.g. a credit card number and expiration date). This information is provided to a trusted third-party (for example, Shopify, WooCommerce or Stripe) who processes your payment. Roost does not view or retain any of your personal financial information. We do retain your name, billing address, shipping address, email address and smartphone number.
Device and smartphone data
We collect information from the Roost device and, if you use the Roost mobile app, from the smartphone you used to install your Roost device.
Data about the device may include the device’s installation address and name (which you provide in the Roost mobile app or a third-party providers’ platform), your Emergency Contact’s information (name, phone number), the system’s personal identification number and Additional Data, such as temperature, humidity, batteries level, wireless signal strength and alerts. Our servers keep log files that record these data each time your device accesses those servers and updates this information.
Information we collect about your smartphone, if applicable, includes its make and model and its operating system version.
Wireless network data
When you install a Roost device, you connect the device to a cellular network or to your wireless network. With your permission, if you use the Roost mobile app, we store your wireless network name and password in the app so you can easily set up another Roost device. Your wireless network name and password are also stored in the internal flash memory of the installed Roost device so that it can connect to the Roost cloud. We also store your network name (SSID) in the Roost cloud.
Cellular networks don’t require passwords, but they use SIM cards to provide the necessary security information to the cellular network. Roost stores the SIM card information of your cellular-based Roost devices. Roost does not collect, use or store the SIM card information of your smartphone.
Customer support data
If you contact us for support regarding the Roost products or Services, we may collect your name, e-mail address, phone number and any communications or correspondence that you send us. Additionally, we may ask for your smartphone operating system and version, and shipping address if we need to send a replacement device.
Website referral information
If you arrive at a Roost website from an external source (such as a link on another website or in an email), we record information about the source that referred you to us.
Website usage information
Roost services provided to you through a third-party program provider
It is very common for Roost to provide its products and Services to or through a third-party program provider, and for this third-party to provide the Roost products and Services to its own customers. If Roost devices or Services are provided to you through a third-party provider’s platform, this third-party may provide your information to Roost, as long as you also give the third-party permission to share this information with us.
3 How we use the information we collect
We process your information with your consent or, where permitted by law, in order to fulfill our contractual responsibility to deliver the Roost Services to you. We may also process your information for other purposes permitted by law, including responses to subpoenas, warrants and other valid legal process or for security purposes.
We use your name and shipping address information, so we can ship you Roost devices. We may use your email address or smartphone number to send you installation reminders and updates on products and services, provide customer support, and/or to respond to your inquiries.
If you purchase products and Service directly from us rather than through a third-party provider, we might also send you user surveys and marketing information now and then, as well as newsletters, and general updates to your account. You can opt out of Roost marketing communications at any time by clicking on the “unsubscribe” link in them, or by changing your account settings in the Roost app on your smartphone.
Home Wi-Fi information
If you use the Roost mobile app, we store your home Wi-Fi name and password in the flash memory of your smartphone. This allows you to easily add new Roost devices to the same Wi-Fi network.
Device identification to send you alerts
We or the third-party provider you sign up with, will store the device’s name, device type, and installation location so you can identify the device’s data and alerts during use.
During set up, we or the third-party provider, will ask you to identify the type of device (such as a Water Leak and Freeze Detector), a name for it (such as, Downstairs Bathroom), and location (such as, Under sink). You can change the device information anytime in the Roost or white-label insurance app, or by contacting the third-party provider you sign up with.
We, or the third-party provider you sign up with, may use the device MAC ID, your name and your smartphone number to send you alerts and to contact you when an event requires action, if you have subscribed to the home monitoring services. We, or the third-party, may use the name and smartphone numbers of each of your invited Monitors and designated Emergency Contacts to do the same. Where this information is collected by Roost, it will be stored in the Roost cloud.
We use your smartphone number as your unique user ID in our system. You use this number to set up Roost devices, and we use it to send device information to you. The Roost Services do not work without matching the device MAC ID with your smartphone number. We, or the third-party provider, retain the Monitor and Emergency Contact information you provide us so we may contact them with alerts if we cannot reach you.
We record the battery level and Wi-Fi strength of each device. If your device records other data (such as temperature or humidity) we record that as well. This data is sent from the Roost cloud to your smartphone and may be processed by Roost’s service providers or third-party providers you sign up with.
We also record the day and time your device alerts, and when it stops.
Data analysis to measure, administer and improve the effectiveness of our services
As part of Roost’s efforts to improve our products and Services and to better protect homeowners from risks, we will consolidate and analyze device data on an aggregated basis. We constantly look for alerts our devices might mistakenly send, or for instances when our sensors were too sensitive. We look for patterns in location, temperature, and humidity to find better ways of predicting leaks or freezing pipes.
Because these analyses are performed with aggregated data, Roost cannot identify you or any other specific Roost user.
To respond to legal requests, we may need to use and disclose your information. If we receive a subpoena or other legal request, we may need to inspect the data we hold to determine how to respond.
3.1 International transfers of personal data
Your information may be transmitted through, stored or processed in countries other than your home country. This means that your information may be subject to government or law enforcement access under the laws of those countries. We use contractual and other measures to provide a comparable level of protection to Personal Data wherever it is handled.
4 Sharing your information
We do not sell your information to any third parties. We may share your information or data with third parties outside Roost, in the following limited circumstances or as permitted or required by law:
With our partners and service providers
To provide you with our Services, we partner with trusted service providers and third parties, including to:
- store and process data, including the information we collect about you;
- host and power our websites and mobile application;
- process payments;
- provide customer support;
- ship products to you;
- analyze data, after such data has been aggregated so it cannot be used to identify any individual; and
- offer you Services, including home monitoring services.
We may provide your information to these trusted third parties, who may only process the information to perform the requested services. We also enter into appropriate contractual terms with partners and third-party service providers to ensure they comply with high levels of confidentiality and comparable privacy and security practices. We regularly review the practices of our partners and services providers.
With emergency services
To provide our Services, we may share your information with third-party emergency service providers such as police departments and fire departments, if applicable.
With your insurer
If Roost devices are associated with your insurer, we may provide your insurer some or all of your information.
Your insurer may also provide your contact information to Roost so that we can ship the Roost device to you, as long as you give permission to share this information with us.
With a third-party provider
If you use a third-party platform with your Roost devices and Services, Roost will share your information with the third-party platform that is necessary to provide Services to you.
With your monitor or emergency contacts
As part of Roost’s Services, you have the ability to identify a Monitor or Emergency Contact. If you use the Roost mobile app or have designated the Monitors as Emergency Contacts in a third-party provider’s platform, these monitors are provided the same device alerts that you receive as part of Roost Services.
With a third party in the event of sale or change of control
With legal authorities
We may also have to share information or data in order to meet any applicable law, regulation, legal process, or governmental request. We will also share your data to detect, prevent, or otherwise address fraud or security issues. And lastly, we may have to share your data to protect against harm to the rights, property or safety of our users, the public, or to Roost and/or as required or permitted by law.
You can choose to remove or disable cookies at any time via your browser setting.
6 Security of your information
We use physical, technical and administrative security measures and safeguards appropriate to the level of sensitivity and risk to protect your personal data against loss, theft, and unauthorized access. Examples of such measures include training of personnel, using passwords, restricted access to offices, limiting access to information on a “need-to-know” basis and well-defined internal policies and practices.
7 Data retention
As long as you have an account with Roost, we do not delete the data in your account. If you use the Roost mobile app, you are responsible for the data in your account and how long you retain it. There are controls in your account where you can delete or revise data at the account level (all data in your account) and at the data element level. If you delete your account, your Personal Data will also be deleted.
As long as you have a Roost device set up in your account, we do not delete the data from the device. A Roost device can be deleted at any time using the Roost app or your third-party provider’s platform. When a device is deleted, it no longer provides data to Roost or to your smartphone. Where permitted by law, Roost may aggregate data for analysis purposes.
8 Safety of minors
Our Services are not intended for and may not be used by minors who we define as individuals under the age of 18. Minors between 13 and 18 may only use our Services with express consent from their legal guardian, and the guardian will be bound by these terms. Roost does not knowingly collect Personal Data from minors or allow them to open Roost accounts. If it comes to our attention that we have collected Personal Data from a minor, we will delete this information without notice. If you have reason to believe that this has occurred, please contact Roost customer support at the following email address: firstname.lastname@example.org.
9 Third-Party websites
Our websites or app may contain links to third party websites. When you click on a link to any other website or location, you will leave our sites or mobile app and go to another site, and another entity may collect information about you. We have no control over, do not review, and cannot be responsible for, these outside websites or their content.
10 Canadian users
Your consent choices
We collect, use and share your information in order to provide you with the Services. In some cases, you may be asked to consent to optional uses of your information, such as the use of some of our cookies or to receive promotional emails.
You can vary or withdraw your consent to these optional uses of Personal Data any time without affecting the Services we provide to you. You may adjust your preferences by contacting us (see Contact Us below). If you wish to vary or withdraw your consent to ways in which we use, process or disclose your information that may limit our ability to provide you with certain products or Services that require your information, we will tell you about those consequences. There are limited situations in which you cannot vary or withdraw consent, such as where the information is required for legal compliance.
Rights of access, correction and data portability
You are entitled to access and request a copy of all Personal Data we have about you. You may request that we correct any inaccurate, outdated or incomplete data we may have about you. You can access and update a lot of your information in your own account using the Roost app or a third-party provider’s platform. However, if this does not meet your needs, or you want to request that your Personal Data be sent to you or another organization, please contact us at the address provided below.
11 Facilitating international transfers and GDPR (for EU users)
Your information may be transferred to or accessed by Roost and third parties around the world. Roost complies with laws on the transfer of personal information between countries to keep your personal information protected, wherever it may be. Roost further complies with the EU’s General Data Protection Regulation (“GDPR”). We have implemented various safeguards including Contractual Clauses, such as those approved by the EU Commission and accepted in several other countries.
While the EU-US Privacy Shield Framework can no longer be relied upon for the transfer of Personal Information, we continue to comply with all EU-US Privacy Shield Framework obligations. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List: https://www.privacyshield.gov/.
Roost is responsible for the processing of Personal Data it receives, under the Privacy Shield Framework, and data it subsequently transfers to third parties acting as agents on its behalf. Roost complies with the Privacy Shield Principles for all onward transfers of Personal Data from the EU, including the onward transfer liability provisions. Roost further complies with the EU’s General Data Protection Regulation (“GDPR”).
With respect to Personal Data received or transferred pursuant to the Privacy Shield Framework, Roost is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Roost may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
11.1 Who is my data controller?
Most of the time, Roost is the data processor. We take data provided to us by you and/or by your insurance company or other third party and process it to deliver the Roost Services. In these cases, your insurance company or other third-party is the data controller.
When you purchase a product directly from Roost, Roost is the data controller and data processor.
In most other instances, Roost is the data processor, only.
11.2 Your GDPR rights
If the processing of your personal information is subject to the EU General Data Protection Regulation (“GDPR”) or UK General Data Protection Regulation (“UK GDPR”), and your personal information is processed based on legitimate interests, you have the right to object to the processing on grounds relating to your specific situation. Under GDPR and UK GDPR you may also have the right to request to have your personal information deleted or restricted, ask for portability of your personal information, and not be subject to a decision based solely on automated processing. Where the processing of your personal information is based on consent, you have the right to withdraw this consent at any time. This does not affect the lawfulness of the processing based on consent before your withdrawal.
When you open and maintain an account with Roost, you are entitled to a copy of all Personal Data, which we hold in relation to you. You are also entitled to request that we restrict how we use your data or object to some aspect of our treatment of your data. You can access a lot of your data in your own account using the Roost app. However, if you want to obtain a full copy of all your data or to request a restriction/limitation in how we use your data, please contact us at the address provided below.
11.3 Resolving complaints
In compliance with the Privacy Shield Principles, Roost commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Roost at:
Data Protection Officer
1250 Borregas Ave.
Sunnyvale, CA 94089 USA
Roost has further committed to refer unresolved Privacy Shield complaints to JAMS an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit https://www.jamsadr.com/eu-us- privacy-shield for more information or to file a complaint. The services of JAMS are provided at no cost to you.
Under certain conditions, more fully described on the Privacy Shield
website; https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
If you are resident in the European Union and you are dissatisfied with how we have managed a complaint you have submitted to us, you are also entitled to contact your local data protection supervisory authority.
12 California Consumer Privacy Act of 2018 (CCPA)
If you are a California resident, you have rights under the CCPA. There may be cases where we present you with an additional privacy notice that includes information specific to an activity or offering. As a California resident, you have the right to:
Know your personal information
You can request specific pieces of Personal Information, or information about the categories of Personal Information that Roost holds about you by contacting us as set forth below.
Request deletion of your personal information
You can request the deletion of the Personal Information that Roost holds about you by contacting us as set forth below.
If you choose to exercise any of these rights, we will not deny goods or services to you or provide different quality of services.
You may use an authorized agent to submit a request about your personal information. To use an authorized agent, you must provide the agent with written authorization. In addition, you may be required to verify your own identity with Roost.
14 Contact us
Roost Inc., c/o Data Protection Officer
1250 Borregas Ave., Sunnyvale
We will reply to your question or complaint as soon as we can and, in any event, within 30 days.