Privacy Policy
Last updated: April 2026
1. Data Controller
DeNada Home Systems ("De Nada", "we", "us") is the data controller for personal data processed through our smart villa concierge services.
2. What Data We Collect
| Category | Examples | Purpose |
|---|---|---|
| Identity | Name, phone number | Identify you when you message your villa; manage guest access |
| Communications | WhatsApp messages, voice notes | Process your requests and commands |
| Smart home data | Sensor readings, device states, energy usage | Automate your home, generate reports, detect anomalies |
| Location | Geofence arrival/departure (if enabled) | Automatic arrival/departure automation |
| Images | Camera snapshots (if requested) | Visual status checks on request |
| Voice biometrics | Voice note audio | Transcription to process spoken requests |
3. Legal Basis for Processing (Art. 6 GDPR)
- Contract performance (Art. 6(1)(b)): Processing your commands to deliver the concierge service you subscribed to.
- Legitimate interest (Art. 6(1)(f)): System monitoring, anomaly detection, and security alerts to protect your property.
- Consent (Art. 6(1)(a)): Processing voice recordings and images through external AI services. You may withdraw consent at any time by messaging "stop voice processing" to your villa concierge.
4. Where Your Data Is Stored and Processed
The core principle of De Nada is local-first processing. Your smart home data is stored and processed on a dedicated device (Raspberry Pi) physically located at your property.
Data that stays on your property
- All smart home device states and sensor readings
- Conversation history (stored in a local database)
- Guest records and access logs
- Automation rules and preferences
Data sent to external services
- AI language model provider: Anonymized message text (phone numbers and names removed before sending), voice note audio for transcription, and images when you request camera snapshots. Inputs are processed in real time to generate a response and are not retained or used to train models. Cross-border transfers (where applicable) are governed by Standard Contractual Clauses (SCCs).
- WhatsApp / Meta: Message delivery via WhatsApp's end-to-end encrypted infrastructure.
5. Data Retention
- Conversations: 90 days, then automatically deleted
- Audit logs: 1 year (security and maintenance actions)
- Guest records: Duration of stay plus 30 days
- Smart home data: Retained locally while service is active; deleted on service termination
- Voice note audio & camera images: Not stored — processed in real time by the AI provider and discarded after generating a response. Voice notes are not stored locally either.
6. Data Processors
| Processor | Purpose | Location |
|---|---|---|
| AI language model provider | Natural language understanding, transcription, image analysis (no training, no retention) | SCCs apply for non-EU transfers |
| Meta Platforms, Inc. | WhatsApp message delivery | United States (SCCs) |
| Hetzner Online GmbH | VPS for license verification and health monitoring | Germany (EU) |
7. Your Rights Under GDPR
You have the right to:
- Access your personal data (Art. 15)
- Rectify inaccurate data (Art. 16)
- Erase your data ("right to be forgotten", Art. 17)
- Restrict processing (Art. 18)
- Data portability — receive your data in a structured format (Art. 20)
- Object to processing based on legitimate interest (Art. 21)
- Withdraw consent at any time for voice/image AI processing
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.
8. Automated Decision-Making
Our AI concierge provides suggestions and automations (e.g., adjusting temperature, closing blinds based on weather). These automations do not produce legal effects or similarly significant effects on you (Art. 22 GDPR). Safety-critical actions (alarm disarm, door unlock) always require explicit confirmation.
9. Cookies
This website (denada.casa) does not use cookies or tracking technologies. No analytics, no advertising pixels, no session cookies.
10. Guest Data
When a property owner adds guests to the concierge system, the property owner acts as data controller for that guest's data. De Nada acts as data processor. Guest data (name, phone number, access dates) is stored locally on the property device and deleted 30 days after check-out.
11. Supervisory Authority
You have the right to lodge a complaint with the Spanish Data Protection Agency:
12. Changes to This Policy
We will notify you of material changes via WhatsApp message at least 30 days before they take effect.