Your privacy and security are Alfred's top concerns. As such, Alfred has established strict policies and technical barriers to prevent unauthorized access to your data. With the support of top-tier cybersecurity mechanisms— W3C, Google, Android, and Amazon— Alfred is equipped with the most advanced protection. In this article you'll find:
- The strict policies Alfred employs to protect your data
- The cybersecurity mechanisms Alfred adopts
- Why Alfred needs permission to access certain information
- What happens when you give us your Gmail address
Here are some of the strict policies Alfred employs:
- Alfred does not have and cannot access your videos unless public agents (i.e. police) request videos as evidence through legal processes.
Alfred implements strict internal policies for data processing. Staffs granted with data access rights can only perform limited operations required for service maintenance purposes.
Alfred reviews our security measures regularly to ensure the service keeps up with the industry standard.
Here are the top-tier cybersecurity mechanisms Alfred employs:
Alfred uses industry-standard OAuth2 scheme for user sign-in and no password is kept at one Alfred’s server.
- Alfred uses Amazon as a third party solution to store your Motion Detection videos. These videos are deleted 7 or 30 days, depending on your subscription plan, automatically after being generated. No copies or records are kept.
The video/audio streams in live communication are encrypted by industry-standard 256-bit AES encryption. The key used to encrypt the communication is generated per session and Alfred does not know it either.
Alfred enforces HTTPS and highest possible TLS level for all communications with our service backend and/or other 3rd-party service providers to prevent any possible attack known so far.
Every request to our backend server requires an access token that is only valid for a short period of time. This design is compliant with the IETF specification.
Access to the media stored on our backend server is protected by randomized URLs with very short lifecycle, which greatly minimizes the possibility of being hacked.
Why does Alfred need permission to certain information? Is my information safe with Alfred?
To protect your privacy, Android 6.0+ asks you for permission when you launch Alfred for the first time. Here are the permissions Alfred needs and why:
- Access to photos, media, and files: Alfred needs to save and retrieve captured videos and photos.
- Take pictures and record video: Alfred is a home security app that receives and delivers photos and videos.
- Access to your contacts: Alfred relies on Gmail login to pair your devices, which Google phrases as “contacts.” This clause does not apply to those who sign up with email instead of Gmail.
- Record audio: You can hear as well as speak to the Camera device from your Viewer device.
Ultimately Alfred started with Gmail so that you do not have to create an account on Alfred and Alfred would have no access to your password. While some of you may have privacy concerns regarding Google, Google manages countless apps and sets the security standards in the industry. With that said, we now also allow you to sign in with other emails should you wish to do so.
As developers of a home security app, we value your privacy more than anything else, and we would do everything to protect it.
If you haven’t, please go to “app permissions” and allow everything.
What happens when you give us your Gmail?
“I wrote to ask for support and you asked for my Gmail. What do you do with it? Can you see my feed/videos?”
If you have written to us regarding more specific questions (namely the questions you can’t find the answer to in our FAQ), chances are we have asked for your Gmail. Some Alfred users get a little nervous about this and we totally understand: Alfred guards those who are the nearest and dearest to you. It is understandable that you would want to keep things private.
Don’t worry! You would be happy to know that your live feed and videos are protected by the strictest cybersecurity service: Amazon, which means we do not have access to your live feeds and videos. In other words, there is no way we can see what you see. All we can get from your Gmail are some statistics (connection quality, whether a specific feature is turned on, the device models…) to help us zero in on the problem. Moreover, your privacy is of our utmost concern, so information will never be used for any other purpose!
Still have questions? Let us know on the feedback form