Chicnuit LTD ("we") cares about protecting your data. This policy explains what data we process, why, and your rights, in accordance with the GDPR.
1. Data controller
Chicnuit LTD, Company No. 15646867, 71-75 Shelton Street, London WC2H 9JQ. Contact: via the contact form on this website.
2. Data we collect
| Data | Why | Legal basis |
|---|---|---|
| Email address | create your account, contact you (security, billing) | performance of contract |
| Password (hashed) | secure access to your account | performance of contract |
| Ring access token (encrypted) | open your door when someone rings | performance of contract |
| Your intercoms' ID and name | display and control your devices | performance of contract |
| Ring / opening log (date, result) | show you the history, troubleshoot | legitimate interest |
| Payment data | processed by Stripe — we never see your card | performance of contract |
3. What we never store
We never store your Ring password. During connection it is used only to obtain an access token, then immediately discarded. Only the token, encrypted at rest (AES via Fernet), is kept. We store no card data.
4. Use and sharing
Your data is used solely to provide the service. We do not sell or rent your data. It is shared only with the strictly necessary processors:
- Stripe — payment and billing;
- Hetzner — hosting (EU);
- Ring/Amazon — only to communicate with your intercom, via your token.
5. Hosting and location
Your data is hosted in the European Union (Hetzner datacenter, Helsinki, Finland).
6. Retention
Your account data is kept while your account is active. The ring log is kept on a rolling basis (most recent first). When you delete your account, your personal data and your Ring token are erased within 30 days, except for legal obligations (e.g. billing).
7. Your rights (GDPR)
You have the rights of access, rectification, erasure, portability, restriction and objection. You can revoke access to your intercom at any time from your dashboard. To exercise your rights, contact us via the website. You may also lodge a complaint with your country's data protection authority.
8. Security
Hashed passwords (PBKDF2), tokens encrypted at rest, access via a signed session cookie, EU hosting. No system is infallible, but we apply reasonable measures to protect your data.
9. Changes
This policy may be updated. Any significant change will be notified by email or via the dashboard.