Privacy Policy

Premium Invention Security

Introduction

Premium Invention Limited, a company registered in Hong Kong ("we", "us", or "our"), operates the Premium Invention Security mobile application (the "App") and provides the services that work with your connected smart security devices. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use the App.

Premium Invention Limited is the operator of the App and the controller of the personal information collected through it.

By creating an account or using the App, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not use the App.

1. Information We Collect

1.1 Account Information

When you register for an account, we collect:

• Email address or mobile phone number (used as your login identifier).
• Password. Your password is stored using secure encryption; we do not store or have access to your password in plaintext.

1.2 Device Information

When you add and bind a device to your account, we collect:

• Device serial number (SN), MAC address, device name, and model.
• Firmware version and hardware version.
• Battery level and device status.
• On-device detection settings — that is, whether AI detection features such as human detection, vehicle detection, or pet detection are enabled or disabled on your device.
• For cellular (LTE) models, the SIM card identifier used for the device's mobile data connection.
• The device's local (LAN) IP address and public (WAN) IP address, used to establish the connection between your device and the App.

1.3 Live Video and Audio

Live video and audio are transmitted in real time using WebRTC (Web Real-Time Communication). The App prioritises a direct peer-to-peer connection between your device and your mobile device. Where a direct connection cannot be established due to network conditions, the stream may be relayed through a relay (TURN) server to maintain the connection. Live streams are not recorded or stored on our servers.

Alarm-triggered images and short video clips are separate from live streams and are handled as described in Section 1.4.

1.4 Cloud Storage Data

If you use the optional cloud storage feature, alarm-triggered images and video recordings from your device are uploaded to and stored on Amazon Web Services (AWS) S3 servers. Cloud storage data is retained for a maximum of seven (7) consecutive days on a rolling basis, after which it is automatically and permanently deleted. Our database stores only the timestamps, event types, and storage resource addresses associated with these recordings — not the content itself.

When you unbind a device from your account, the cloud storage, alarm records, and connection certificates associated with that device are permanently deleted.

If you save snapshots or video clips to your mobile device, those files are stored locally on your device and are controlled by your device settings. Deleting cloud recordings, unbinding a device, or uninstalling the App does not automatically delete files you have saved locally on your device.

Access to cloud-stored data is limited to the systems and authorised personnel necessary to operate and support the Service.

1.5 Push Notification Data

To deliver alarm and event notifications, we collect your mobile device's push notification token. We use a third-party push notification provider, Pushy (https://pushy.me), to deliver notifications on both iOS and Android. Notifications are sent only when all of the following conditions are met: (a) your connected device triggers an alarm event; (b) you have enabled notifications within the App; and (c) your mobile device's operating system permits the App to receive notifications.

1.6 Device Permissions

The App may request the following permissions on your mobile device:

• Camera: Used for scanning QR codes to add devices.
• Microphone: Used for two-way audio communication with your connected device.
• Storage: Used to save snapshots and video clips to your device.
• Location (Android): On Android, the operating system may require location permission to scan for nearby Wi-Fi networks during device setup and pairing. Location permission is used only during setup. We do not use this permission to collect, store, or transmit your precise GPS location or real-time physical location.
• Notifications: Used to deliver alarm and event notifications from your connected devices.

If you disable certain permissions, some App features may not work as intended. For example, disabling notifications may prevent alarm alerts, and disabling microphone access may prevent two-way audio from working.

1.7 Information We Do Not Collect

For clarity, the App does not collect:

• Your precise GPS location or real-time physical location.
• Usage analytics, behavioural data, or advertising identifiers.
• Crash reports or remote diagnostic data.

We may process IP address information as part of device connectivity and service operation, but we do not use IP address information to track your precise physical location.

2. How We Use Your Information

We use the information we collect for the following purposes:

• To create and manage your user account.
• To enable you to add, configure, and control your connected devices.
• To provide live video and audio streaming between your device and the App.
• To enable two-way audio communication between you and your connected device.
• To deliver alarm notifications and event alerts.
• To store and manage cloud recordings (if you enable the cloud storage feature).
• To use account, device, and event information when needed to troubleshoot user-reported issues and provide customer support.

3. Third-Party Services and Data Sharing

The App does not integrate any third-party analytics tools, advertising networks, or crash-reporting SDKs. We do not sell, rent, trade, or otherwise share your personal information with any third party for marketing or commercial purposes.

We use the following service providers to operate and support the App:

• Amazon Web Services (AWS) — server hosting and cloud storage. AWS acts as a data processor on our behalf and is contractually obligated to protect your data in accordance with applicable data protection standards.
• Pushy — delivery of push notifications on iOS and Android.

These providers process information only as needed to provide services on our behalf.

We may disclose your information if required to do so by law, regulation, legal process, or enforceable governmental request, or to protect the rights, property, or safety of our company, our users, or the public.

4. Data Storage and Retention

Your data is stored on servers located in the United States (AWS US-East-1 region). We retain your account information and device data for as long as your account is active. Cloud storage recordings are retained for a maximum of seven (7) days and are automatically deleted thereafter. When you unbind a device, all cloud data associated with that device is permanently deleted.

Uninstalling the App does not delete your account or any associated cloud data. To delete your data, you must delete your account through the App or contact us using the details in Section 10. When you delete your account, your associated personal data is permanently deleted and is not retained or recoverable.

5. Data Security

We take reasonable technical and organisational measures to protect your personal information from unauthorised access, disclosure, alteration, or destruction. These measures include encrypted password storage, secure WebRTC connections for live streaming, and access controls on our server infrastructure.

In the event of a data breach that affects your personal information, we will notify affected users by email and through in-app notification, and we will notify relevant authorities as required by applicable law. Depending on the nature of the incident, we may take protective measures such as resetting passwords, invalidating access tokens, and restoring account permissions.

However, no method of transmission over the Internet or electronic storage is completely secure, and we cannot guarantee absolute security.

6. Your Rights

Subject to applicable law, you have the right to:

• Access and review the personal information we hold about you through your account settings.
• Correct or update your account information at any time.
• Delete your data by unbinding devices (which deletes all associated cloud data) or by deleting your account entirely.
• Withdraw consent for push notifications or specific device permissions through your mobile device settings.
• Request a copy of your personal information by contacting us using the details in Section 10.
• Lodge a complaint with us regarding how your personal information has been handled by contacting us using the details in Section 10.

We will respond to requests regarding your personal information within 30 days of receipt.

7. Children's Privacy

The App is not intended for use by children under the age of 16 (or the minimum age specified by applicable law in your jurisdiction). When you register, you must agree to this Privacy Policy and the User Agreement before an account can be created. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child without verifiable parental consent, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us using the details in Section 10.

8. International Data Transfers

Your information may be transferred to and processed on servers located outside your country of residence. App data is currently stored and processed in the United States (AWS US-East-1 region), and push notification tokens are processed by our push notification provider, Pushy. As our user base grows, we may add additional AWS regions (for example, US West and/or Europe) to improve load balancing and latency.

By using the App, you consent to the transfer of your information to countries that may have different data protection laws than your own. We take steps to ensure that your data receives an adequate level of protection wherever it is processed.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes to the App, connected device functionality, data practices, operational needs, or regulatory requirements. When we make material changes, we will notify you through the App or by other appropriate means before the changes take effect. The updated policy will indicate the new effective date at the top of the document. Your continued use of the App after any changes constitutes your acceptance of the updated Privacy Policy.

10. Contact Us

If you have any questions, concerns, complaints, or requests regarding this Privacy Policy or our data practices, please contact us: