Data Protection Impact Assessment
What is this document?
This is a formal privacy assessment describing what data Homer processes, where it is stored, and what is shared externally. It is prepared in accordance with European privacy law (GDPR, Article 35).
Homer runs locally in your home. This document shows exactly what is and isn't shared with the outside world.
Data that stays on your device
The following data is stored locally and never leaves your device:
User accounts
Username, email (optional), password (stored encrypted)
Home automation
Sensor values, temperature history, lighting states, controller settings
Financial
Bank transactions, invoices, client data, VAT administration, time tracking
Energy
Power consumption, solar panel yield, tariffs
Bank details, invoices, client data and all home automation data never leave your device. Not to us, not to third parties, not to any cloud.
What goes outside
Homer communicates with exactly one external domain: myhomer.nl. Below is everything that is sent.
| What | Why | When | |
|---|---|---|---|
| Daily check-in | Only your installation ID (a random number) | Verify your licence is valid | Once a day, automatically |
| Chat messages | Encrypted messages (the server cannot read them) | Deliver messages between households | When you send a message |
| News analysis | Nothing — Homer only retrieves analysis, sends no data | AI news analysis runs centrally | When you open the news page |
| Invoice recognition (optional) | Invoice text and supplier number | AI helps read invoices when no local pattern exists | Only when you use it yourself |
| Software updates | Your installation ID | Download new versions | When you click 'update' yourself |
| Error reports (off by default) | Technical error messages, cleaned of private data | Helps us fix problems | Only if you turn this on in settings |
What is never sent
The following data never leaves your device, under any circumstances:
- Bank transactions and financial data
- Client and invoice data
- Sensor values and home automation history
- Passwords
- IP addresses from your local network
- Energy consumption data
- Configuration settings
Legal basis
Every data processing activity has a legal basis under the GDPR:
Local storage
Performance of contract (Art. 6.1.b)
Necessary for the software to function
Licence check-in
Legitimate interest (Art. 6.1.f)
Minimal data — only a random ID number
Chat relay
Performance of contract (Art. 6.1.b)
Messages are end-to-end encrypted
Invoice recognition and error reports
Consent (Art. 6.1.a)
You decide whether to use these features
Security measures
On your device
- Passwords stored encrypted (bcrypt)
- Authentication via secure tokens (JWT)
- Protection against common attacks (rate limiting, CSRF, XSS)
- Validated input on all forms
In transit (to myhomer.nl)
- All connections encrypted (TLS/HTTPS)
- Chat messages additionally encrypted (end-to-end, AES-256)
- Error reports automatically cleaned of private data
Your rights
You have the following rights regarding your data:
Access
Your data is on your own device. Open Homer and you see everything. No request needed, no waiting.
Correction
Edit your data directly through Homer. You are your own administrator.
Deletion
Delete your account, erase your data, or unplug the device. Your device, your decision.
Portability
Your data is in open formats (SQLite, CSV, JSON) on your own drive. Copy it whenever you want.
Because Homer runs locally, you always have direct access to your data. No forms to fill out, no 30-day wait.
Third parties
Homer does not share data with third parties. The following parties are involved in specific features:
Mollie B.V.
Payment processing for module purchases
Homer stores no payment details — Mollie processes these directly
Hosting provider myhomer.nl
Hosting the central server
Only sees encrypted relay messages and installation IDs
How can you verify this?
We don't ask for blind trust. There are three ways to verify this document is accurate:
This document
Formally and legally describes what data Homer processes. If we don't comply, we're breaking the law.
Independent verification
Homer's communication layer has been reviewed by an independent security firm. Not by us — by someone paid to find problems.
Check it yourself
Homer communicates with exactly one domain: myhomer.nl. You can verify this with your router or any network monitor. Have a tech-savvy friend look for 5 minutes — then you'll know.
Contact
Questions about your privacy? Get in touch:
- Email: privacy@myhomer.nl
- Website: myhomer.nl