GlassHome GlassHome
Install

Privacy Policy

Last updated: April 3, 2026

GlassHome is a dashboard for Home Assistant. We respect your privacy and aim to collect only what is necessary to provide and improve the service. This policy explains what data we collect, why, and how we handle it.

1. What we collect

Account information

When you create a GlassHome Hub account, we store your name, email address, and a hashed password. We never store your password in plain text.

Session data

When you sign in, we create a session that includes your IP address and browser user-agent. This is used to keep you signed in and to detect unauthorized access.

Widget publishing

If you publish a widget, we store the widget metadata (name, description, icon, version) and the JavaScript bundle. Bundles are hosted on Cloudflare R2 and served through a CDN.

Remote access tunnels

If you set up remote access, we store the subdomain you choose and tunnel configuration data managed through Cloudflare. Traffic is routed through Cloudflare's network.

Analytics

We use Umami, a privacy-focused, self-hosted analytics tool, to understand how the site is used. Umami does not use cookies, does not collect personal data, and does not track users across websites. The data it collects includes:

  • Pages visited and referrer URLs
  • Browser type, operating system, and device type
  • Country of origin (derived from anonymized IP)
  • Custom events (e.g., button clicks, feature usage) without personal identifiers

All analytics data is stored on our own infrastructure and is never shared with third parties.

2. What we do not collect

  • We do not access or store your Home Assistant data. GlassHome connects to your Home Assistant instance directly from your browser via WebSocket, your smart home data never passes through our servers.
  • We do not use advertising trackers or third-party analytics services.
  • We do not sell, rent, or share your personal data with anyone.
  • We do not use cookies for tracking. Session authentication uses secure HTTP-only tokens.

3. How we use your data

  • Account data, to authenticate you, manage your widgets and organizations, and send password reset emails.
  • Session data, to keep you signed in and protect your account.
  • Analytics data, to understand which features are used, where users drop off, and how we can improve the product.

4. Where your data is stored

Account and session data is stored in a SQLite database on our server. Widget bundles are stored on Cloudflare R2. Analytics data is stored on our self-hosted Umami instance. All data is hosted within infrastructure we control.

5. Third-party services

6. Data retention

We keep your account data for as long as your account is active. If you delete your account, all associated data (account info, sessions, widgets, organizations) is permanently removed. Analytics data is aggregated and does not contain personally identifiable information.

7. Your rights

You can:

  • Access your data, view your profile, widgets, and organizations in the dashboard.
  • Delete your account and all associated data by contacting us.
  • Export your widget data at any time through the dashboard.

If you are in the EU, you have additional rights under GDPR including the right to rectification, restriction of processing, and data portability. Contact us to exercise these rights.

8. Security

Passwords are hashed before storage. Sessions use secure, HTTP-only tokens. All traffic is encrypted via HTTPS. We follow security best practices, but no system is 100% secure. If you discover a vulnerability, please report it to us responsibly.

9. Children

GlassHome is not directed at children under 16. We do not knowingly collect data from children.

10. Changes to this policy

We may update this policy from time to time. Changes will be reflected on this page with an updated date. For significant changes, we will notify users through the site.

Contact

Questions about this policy? Email us at [email protected] or reach out on our Discord server.

← Back to home