Data privacy is important to our company, we respect the privacy rights of users and recognize the importance of protecting information collected about you. This Privacy Policy explains how information is collected, used and disclosed by Khimo (referred in this document as “us”) and applies to information collected when you use or access our website, products, services or applications (the “service” or “services”). We provide the user (“you”) with features for their home controller (e.g.: BeoLink Gateway, BeoLiving Intelligence) such as remote access. We also act as an integrator between third party services such as the BeoLink App, BeoLiving App, Alexa, IFTTT, Google Home (“clients”).
For more information about how we provide our service please refer to our Terms of Service (http://www.khimo.com/tos).
Khimo is a company with offices located in Montevideo, Uruguay, Siria 6101. Khimo develops and provides solutions for smart buildings since 2006.
By using our services you knowingly provide personal information to us. This information will only be used for our legitimate interest in order to provide you with the features of our service, and always in ways you would reasonably expect. Whenever we use this information, we will make sure that your rights are not surpassed by our legitimate interests.
We keep log files of all the interaction between the clients, our services and the home controllers. The log files help us to debug and fix any possible errors and will not be used for other purpose than that. This logs are kept for no more than one week and could contain any of the personal data listed below. In addition to creating the logs, the information will be also processed for the purposes that are specified in each item:
*Email*: We will request an email when you register to our service and each time you log in. This email (with its respective password) will be stored in our database in order to identify you as a user. We will also use this email if we need to communicate with you for any matter related to our service operation. This information is kept until your request to be removed from our services.
*Home controllers you can access*: We store information about the home controllers you have access to so we can link them to your Khimo account. This information is kept while your account is active
*Home controllers commands and changes of status:* Each command you execute remotely as well as any status change that occurs in your home controllers are routed through Khimo, we will only store this in our database if you turn on the “store monitoring information” option in your controller settings. If enabled, the information will only be kept for up to a month.
*IP of each home controller*: We store the IP addresses of each home controller that is connected to Khimo in order to establish and maintain communication with them. This information is kept until a new connection is established.
*IP of login attempts*: We store the IP of each device that attempts to login, in order to prevent login attacks. This information is kept for no more than one month.
*Description of the house*: Since the clients get the home information from Khimo, we need to store a description of the house the home controller is in. This information is kept until updated or until the home controller is deleted from our system.
*Cookies*: When accessing Khimo.com, we only use technical cookies. Technical cookies are that ones that they are necessary to provide the service, more specifically we use them to keep track of user sessions so we can keep you logged in without the need to request your password in each interaction. We also use it as a security protection to verify that your request comes from the same client from where you login. This information is kept until the user logs out from the browser.
In some cases we will need to share personal information with third parties. In particular, if you have a camera in your home controller it might be necessary to use Twilio to show it in your client (i.e.: the BeoLink App). For this purpose, we will provide Twilio with the IP of the home controller and your client. We ensure that Twillio processes your personal information in a fairly manner and for no other purpose than intended by a data processing agreement.
We also share your home description with the clients that you connected to our system whenever they ask for it. We do so in order to provide those clients with the information they need to be able to control your devices through us. We understand that you have previously read and agreed with that client’s privacy policy and terms and conditions. Your personal information may be also disclosed to a third party if we are required to do so because of an applicable law, court order or governmental regulation.
In order to be able to provide our services Khimo needs to obtain data from your home controller as described before (see “What will we do with your personal information? ” section). We understand that you have previously read and agreed the home controller privacy policy and terms and conditions.
We also use PayPal as a payment provider. When you make a payment using PayPal, we receive information about you, which allows us to confirm the payment, acknowledge any error and keep track of the payments. This information is: First Name, Last Name, Payer Business Name (if any), Payer Id (a PayPal payment identifier), Payer status, Contact Phone (if any) and Residence country. This information is kept until you remove your account from our services.
If you are an EU citizen the General Data Protection Regulation (GDPR) gives you rights regarding your personal information. More specifically, you can access, review, update and delete any personal information we hold. To exercise this rights just write to 
with your requests and we will get back to you in less than 5 working days.
In addition to you being able to request the deletion of your data, if you stop using our services for a period of 5 years and you have accepted this policy, then your data will be automatically deleted.
We are committed to protecting the security of your personal information. We use appropriate organizational, technical and administrative security measures to protect it. However if we detect any data breach, we will report to you and to an appropriate authority within 72 hours.
Our servers are located in the US, meaning that your personal data will be transferred there. The transmission and storing of this information is under appropriate security measures and will be done through a compliance mechanism such as a data processing agreement.
We do not knowingly solicit or collect any personal information from children under 16. If notified by a parent or discovered by other means that we have gathered information from a child under 16 we will delete it as soon as possible.
We might change this policy in case of any change on what or how the data is processed. If we change this policy we will communicate to you so you can choose whether to agree to the new use.
If you have any doubts or concerns about this policy please send us a message to and we will answer you in less than 5 working days.
If you are not satisfied with the outcome of our communication, you may refer your complaint to a local supervisor authority.
