Asia

English

简体中文

English

简体中文

Appearance

Privacy Policy

1. Introduction

The brand "Shelly Cloud Service" for the "Shelly Smart Control" is a digital service that allows remote access to, control of, and monitoring of Shelly devices and the appliances connected to them. For the purposes of this Privacy Policy, all apps developed by Shelly Smart Home (Shenzhen) Co., Ltd. that enable access to, control of, or monitoring of Shelly devices and process personal data generated by the "Shelly Cloud Service" accessible at https://control.shellyiot.cn are considered part of the "Shelly Cloud Service" covered by this Privacy Policy, regardless of their app name. The functionality of such applications may differ from Shelly Smart Control.

This Privacy Policy applies only to the processing of personal data that may occur when using the Shelly Cloud Service accessible at https://control.shellyiot.cn. The Service can be accessed via the Android, Huawei, or iOS mobile app Shelly Smart Control, or through any Internet browser at: https://control.shellyiot.cn. The Shelly Cloud Service can be provided either free (standard service) or by subscription (premium service), and in this document we collectively refer to both as the "Shelly service" or the "Service". This Privacy Policy does not apply to services, websites, or apps provided through other domains or third-party services, unless specified otherwise.

When you interact with the Shelly Service, Shelly Smart Home (Shenzhen) Co., Ltd. ("we" or "us") processes your personal data. We prepared this privacy statement to inform you what information we collect, why we collect it, and what rights you have under applicable data protection laws (including the People's Republic of China Personal Information Protection Law ("PIPL")).

2. Data Controllers

Personal data related to the Shelly Cloud Service is processed by the following organizations:

  • Mainland China: Shelly Smart Home (Shenzhen) Co., Ltd.

    • Website: https://www.shellyiot.cn
    • Registered address: Unit 2006-2007, Block A, Zhongguan Times Plaza, No. 4168 Liuxian Avenue, Pingshan Community, Taoyuan Street, Nanshan District, Shenzhen, Guangdong, China

  • Europe: Shelly Europe Ltd. (UIC: 202320104)

    • Website: https://www.shelly.com
    • Registered address: 2nd and 3rd floors, Building 3, 51 Cherni Vruh Blvd, 1407 Sofia, Bulgaria

3. Personal Data

Personal data means any information relating to an identified or identifiable natural person ("data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to identifiers such as a name, an ID number, location data, an online identifier, or by one or more factors specific to the physical, physiological, economic, cultural or social identity of that natural person. The term is defined in the People's Republic of China Personal Information Protection Law (PIPL), or as defined under other applicable data protection laws.

4. Data Subjects

This privacy statement applies to any registered users of the Shelly Service ("Service Users" / "you").

5. Data Protection Officer and Contact Details

You can contact our Data Protection Officer regarding any request related to the processing of your personal data by email or using the contact details below:

6. About the Shelly Service

The Shelly service allows you to monitor and control devices installed in your home or office, accurately measure power consumption of each device, and remotely turn such devices on/off. You can access the service via a mobile device, a computer, a laptop, or a tablet ("terminal device").

The service is related to the use of Shelly devices—any smart device carrying the "Shelly" brand or owned by the controller ("Shelly devices"), including all models and variations. Once added to a user account, these devices can be remotely monitored and controlled.

The information we collect and how we use it depends on how you use the Shelly service and the Shelly devices, how you configure privacy controls via the Service, and the settings on the terminal device you use to access the Service.

For security reasons, each Shelly device is associated with only one account; only the account owner can decide whether to share the device or account information with others or initiate a sharing action.

7. Types of Personal Data We Process to Provide the Service

In order to provide the Service under contract, we process the following types of data:

Data related to your account, your Shelly devices, the terminal devices used to access the Service, data derived from Shelly Service settings and/or your linked services or browser settings, and your interactions with the Service.

7.1 Account Data

We process the account data you provide to us directly when creating an account, interacting with the Service, or contacting our support team. This includes:

  • Email address
  • Password
  • Account ID
  • Time zone settings
  • Language settings
  • Data you provide or generate during customer support requests
  • Communications related to support (emails, messages, communication history, sender/recipient information, etc.)
  • Payment details required for in-app purchases and associated invoices
  • Coupons, activation codes, and redemption timestamps (only processed if you redeem a coupon within the account)

7.2 Purposes of Processing Account Data

We use account data to perform the contract under Section 1. The purposes include:

  • Verify your identity to ensure access control to your account and Shelly devices
  • Initiate and provide the Service and ensure it runs correctly
  • Protect the security of your account and Shelly devices
  • Process customer support requests you may submit
  • Facilitate payment and invoice handling and process subscription termination or renewal
  • Communicate with you about the Service, send service updates or other related information (including reminders, confirmations, and invoices for premium subscriptions and provide customer support as needed)

7.3 Device Data and Service Usage

To provide the Service, we also process information about your Shelly devices added to your account, information about your interactions with the Service, and information about any terminal devices used to install and access the Service, including devices necessary for the Service to operate (computer, laptop, tablet, mobile device).

By adding a Shelly device to your account, you share information generated and stored by your device (e.g., settings operations, schedules, modes, timers, or other configuration options you set for the device). This information is necessary for the operation of the Service and its features. To stop sharing such information, you can remove the Shelly device from the Service at any time.

When you install, access, or use our Service—including when you add a Shelly device to your user account or when you share information from the Shelly Service with other apps and services (linked services/integrators)—we automatically process:

  • Shelly device identifiers such as access point (SSID), device IP, device type, device ID, device name and channel, firmware version, Bluetooth data (where applicable), MAC address, and other configuration data
  • Network and server credentials
  • Information about the browser/terminal device you use to access our Service (device type, network provider, unique identifiers such as IP address/MAC address, operating system and version)
  • Service logs such as crash/diagnostic reports, startup information, click or other user interaction records
  • Device location (depending on features and Service options)
  • Event logs and settings, such as on/off modes, schedules, operations, device measurements, and power consumption data (including historical consumption and measurement data, depending on device type and Service options)
  • Other information about how you use the Service (depending on the device type and features)

7.4 Purposes of Processing Your Device Data

  • Provide the Service: to allow you to monitor and control your home/office devices, accurately measure device power consumption (including historical data), remotely turn devices on/off and perform configuration actions. Information about integrated Shelly devices, terminal devices used to access the Service, and the connections between them, your network, and our systems is required for these purposes. Device location may be necessary to enable some features (e.g., scheduling or power metering).
  • Process customer support requests
  • Send in-app notifications (including push notifications or email notifications, if enabled)

7.5 Data Processed Based on Explicit Consent

On the basis of your explicit consent through the settings on your terminal device or actions you take within the Service, we may further process device and Service usage data where you have consented.

To provide specific features of the Service depending on the Shelly device type and available Service options, we may also process additional information you explicitly set in Service settings.

7.5.1 Data from Shelly Service Settings and Linked Services

  • Content you create or upload within the Service (images, videos)
  • Security access credentials such as lock pins or access keys
  • Device sharing settings
  • Interaction history between the Service and Shelly devices (user logs)
  • Other information you provide through Service settings, linked services, or terminal device settings
  • Further information about how you use Shelly devices

7.5.2 Control Over Processing

You can control the processing of such data at any time through the Service settings and the terminal device you use to access the Service. This does not affect the lawfulness of processing based on your prior interaction with the Service and changes to previously given settings.

You can start and stop sharing selected Shelly device information with third parties and services via the Service features at any time. Please note that once data is shared with third parties and services, this Privacy Statement does not apply to their processing of the shared data.

7.5.3 Personalization and Notification Purposes

  • Provide you with personalized information and solutions based on your interactions with the app and Shelly devices, such as device monitoring and control, precise power metering, and scheduled or rule-based automatic on/off behavior.
  • Authenticate and control access to Shelly devices, including enabling and managing device sharing.
  • Send notifications based on events in the Shelly device logs (including in-app notifications, push notifications, or email notifications).
  • Process customer support requests.
  • With your explicit consent, process additional account and device data for marketing purposes (e.g., email addresses and account information) to send you notices about Shelly products and services (including personalized marketing content, subject to your opt-in).

7.5.4 Withdrawing Consent for Marketing

You may withdraw your consent at any time either via the opt-out link in marketing emails or via the Service account settings. After withdrawing consent, we will stop processing the relevant personal data for the previously consented purpose. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.

7.6 Data Processed Based on Legitimate Interests

On the basis of our legitimate interests, we may process your personal data as described above to:

  • Implement and enforce our policies and procedures
  • Respond to claims against us and protect the rights, privacy, property, or safety of Shelly Europe Ltd. (and its affiliates), users, and the public to the extent required or permitted by law
  • Institute legal claims, including investigating activities that may violate the Terms of Service
  • Detect, prevent, or address fraud, misuse, security, or technical issues
  • Prevent hacking, fraud, or other non-compliant uses of the Service
  • Register, mediate, or resolve disputes, or enforce our Terms of Use and other policies
  • Maintain and strengthen security measures, comply with industry standards, detect spam, malware, illegal content, or other abusive behaviors that violate security policies
  • Perform other legitimate business purposes allowed by applicable law
  • Collect anonymized statistics about Service usage and user experience to operate, evaluate, and improve the Service and our business
  • Maintain the Service by monitoring systems and activity information, identifying and resolving issues to avoid interruptions and ensure the Service operates as intended
  • Improve the Service by analyzing usage trends and preferences
  • Send offers, promotions, and marketing content related to Shelly devices and the Service (including personalized content) via notifications (such as in-app notifications, email, or push). You can opt out at any time via your device settings, Service settings, or the "unsubscribe" link on marketing communications

7.7 Data Processed Based on Legal Obligations

Where necessary or appropriate under applicable law, we may process your personal data for compliance with legal requirements, such as:

  • Comply with applicable laws and regulations, including tax and accounting requirements
  • Comply with legal procedures
  • Respond to requests or orders from public or judicial authorities

7.8 Sharing Information with Third Parties

We may disclose your data within our business group and to the following parties as necessary to achieve the purposes described above. As part of our operations, third-party service providers may process your personal data, limited to the purposes described above:

  • Affiliates (other companies within the Shelly Group SE group to which Shelly Europe Ltd. belongs)
  • Business partners who integrate with third-party products or services (only when you explicitely consent to share data; such partners will be governed by their privacy policies and you should review them prior to sharing)
  • Service providers (e.g., cloud hosting, customer support, email and messaging services, direct marketing, infrastructure and IT services providers)
  • Payment service providers (licensed payment institutions that assist with prepaid subscription payments)
  • Professional advisors in their fields (e.g., external marketing, product and service advisors, auditors, legal, finance and accounting advisors) to maintain and improve the Service, ensure compliance, and protect our legitimate interests
  • Public authorities and government agencies may lawfully require disclosure where legal or judicial authorities request it
  • Other parties involved in corporate transactions (mergers, acquisitions, divestitures, or insolvency); you will be notified via email and/or the website regarding the change of ownership, changes in the use of personal information, and available choices, where applicable

In addition to the disclosures described in this privacy statement, we may share information with third parties where you have separately consented or requested such sharing.

For private parties, we require and expect the above third parties to take all necessary technical and organizational measures to protect the personal data shared with them.

8. Data Retention

The period we retain data depends on the legal basis for processing your data.

We will retain the data necessary to provide the Service (account data and device data) for as long as you hold an active user account, or as required by our legal obligations in the countries where we operate.

Data processed on our legitimate interests is retained only as long as necessary for the specific purposes for which it was collected.

Data processed based on your consent will be retained until you withdraw your consent. After withdrawing consent, we will stop processing the personal data relying on your consent, but this does not affect processing of data collected before the withdrawal until the purposes for which those data were collected are fulfilled.

Data processed in compliance with legal obligations will be retained for the statutory retention periods under applicable law—for example, invoice information will be retained for 10 years to comply with accounting regulations where applicable.

After those retention periods expire, the data will be deleted and will not be retrievable or usable.

If data deletion would conflict with pending judicial proceedings, data will not be deleted and will be handled solely to protect our legitimate interests or to comply with our legal obligations until the conclusion of administrative or pre-trial proceedings.

9. Your Rights as a Data Subject

Under data protection law, you have certain rights we need to make you aware of. The rights available to you depend on the reasons we process your information.

9.1 Right of Access

  • You have the right to receive a copy of your personal data free of charge. This right applies in most cases, but not necessarily to all information we process in certain exceptions.
  • We will explain and provide reasons if we determine that certain personal data cannot be disclosed because it would infringe on the rights and freedoms of third parties.

Only recognized Service Users may exercise the rights set out in this section. You can contact us; after you submit a written request and verify your identity, we will provide the requested information.

If we have reasonable doubts about your identity, we may request additional information required to verify you as the service user. If we cannot identify the person submitting the request, we reserve the right to deny access to the requested information.

9.2 Right to Rectification

You have the right to request correction of inaccurate information and to supplement incomplete information. You can perform this action through your Service account or by contacting us to submit a written request.

9.3 Right to Erasure ("Right to be Forgotten")

The scope of the right to erasure is strictly limited by law. This right only applies in certain cases, for example:

  • When your data are no longer necessary for the purposes for which they were originally collected or used
  • When you withdraw your prior consent on which the processing was based
  • When you object to our processing of your data and your interests outweigh our legitimate interests
  • When you object to the processing of your data for direct marketing purposes

This right is not absolute and may not be respected if required by law or if reliable identity verification is not possible.

You may exercise the right to erasure following the procedures described or by contacting us and filling out a written application and verifying your identity. Shelly Europe Ltd. cannot restore deleted data.

9.3.1 Account Deletion

You may request deletion of your account in the following ways:

Please follow the instructions when requesting account deletion. Once we verify your identity, we will further process your request and provide guidance on how to complete the deletion flow to the extent required by law.

Once the deletion process is successfully completed, your account data and any other data associated with your account will be irreversibly deleted.

If you used premium services, once the account deletion process is successfully completed, your premium services will be terminated and you will not be entitled to use premium features for the remaining subscription period. Subscription fees are non-refundable. Shelly Europe Ltd. will not refund the unused portion of any paid subscription.

Free premium trial access will terminate after you complete the account deletion process, and you will no longer be able to use or test premium features during the remaining free trial period.

Even after account deletion, for legal compliance, we will retain payment details required for subscriptions and invoicing for 10 years in line with applicable accounting regulations.

9.3.2 Managing Data

If you do not want to delete your account entirely, you can manage your account data (including device data) through account settings by choosing to:

  • Reset device settings, restart devices, enable night/eco mode, configure device on/off, etc.
  • Remove device information from the app or account in a browser
  • Edit account data such as associated email or password

9.4 Right to Restrict Processing

The right to restrict processing applies if you request temporary limits on use of your data, e.g., in situations where:

  • You contest the accuracy of the data
  • You object to our processing of your data
  • The data has been unlawfully processed but you oppose deletion
  • The data is no longer needed by you but is kept for the establishment, exercise or defence of legal claims

If correction or erasure processing is performed, we will notify each recipient to whom personal data was disclosed unless this proves impossible or requires disproportionate effort.

9.5 Right to Data Portability

You have the right to obtain personal data from us in an accessible and machine-readable format, and to request that we transfer it to another organization. Specifically, this right generally applies only to:

  • Data that is electronically stored, and
  • Data that you have provided to us

The data you provided is not limited to data you have typed in, such as username or email address. It may include data collected while monitoring your activity when using the Service, such as usage history or data processed by connected objects like devices.

This right does not apply to data processed for public interest tasks or if its exercise would adversely affect the rights and freedoms of others.

9.6 Right to Object to Processing Based on Legitimate Interests

You may object to our processing of your data where we process it for our legitimate interests, for statistical purposes, or for direct marketing. Unless we have compelling legitimate grounds that override your interests, rights and freedoms, or the processing is necessary to establish, exercise, or defend legal claims, we will stop processing your data.

9.7 Right to Lodge a Complaint with a Supervisory Authority

If you believe processing of personal data related to you violates applicable data protection laws (for example, the PIPL), you have the right to lodge a complaint with a supervisory authority in the relevant jurisdiction where you reside, work, or where the alleged infringement occurred.

If you believe your personal data is being processed in violation of data protection laws, you may always lodge a complaint or signal the issue to a supervisory authority. In addition, please contact us in advance, and we will do our best to resolve any dispute amicably.

10. Information Security Measures

The security, integrity, and confidentiality of your personal data are of utmost importance to us. We have implemented technical, contractual, organizational, and physical security measures designed to protect our users’ personal data against unauthorized access, disclosure, use, and modification. We regularly review our security practices and procedures to consider appropriate new technologies and methods. Please note that despite our best efforts, no security measure is perfect or invulnerable.

11. Third-Party Service Provider – Jiguang Push SDK

11.1 Basic Information

  • Third-party provider name: Shenzhen Hexun Huagu Information Technology Co., Ltd. (Jiguang Platform)
  • Purpose: Provide real-time push notification services to Shelly Smart Control app users
  • Official website: https://www.jiguang.cn/
  • Privacy policy: AURORA Jiguang Privacy Policy: https://www.jiguang.cn/license/privacy

11.2 Types of Personal Data Processed

11.2.1 Necessary Personal Data

The following information is required for basic push notification functionality:

  • Device identifiers: Android ID, GAID, OAID, UAID, IDFA, AAID, Boot ID
  • Device hardware info: device model, screen resolution, device manufacturer, product name, device storage
  • OS info: OS version, system name, system language
  • Network info: network type, carrier info, IP address, DHCP, WiFi status information
  • Push log info: used to generate a de-identified unique terminal device identifier

Purpose: Ensure compatibility across devices and accurate delivery of push messages

11.2.2 Optional Personal Data

With your authorization, the following data may be collected:

  • Supplemental device identifiers: IMEI, MAC, IMSI (to improve unique device identification accuracy)
  • Network location info: SSID, BSSID, Wi-Fi list, cell tower info, SIM status (to choose the nearest service node and improve delivery rate)
  • Geolocation and Bluetooth info: Bluetooth MAC, Bluetooth name, Bluetooth type (used for geofencing, segmentation, precise push targeting)
  • Software list info: list of installed and running apps (to optimize SDK stability, improve app engagement, conserve power and data usage)

11.3 Data Security

  • Transport security: encrypted transmission methods
  • Data processing: de-identification and other security methods used to protect personal data
  • Security measures: industry-standard information security protections implemented

11.4 Your Rights

  • You can turn off push notifications in the app settings
  • You can manage app permissions in your phone’s system settings
  • You can contact us at dpo@shelly.com for more information
  • If you have concerns about Jiguang’s data processing, please consult their privacy policy: https://www.jiguang.cn/license/privacy

12. Privacy Policy Updates

We may update this Privacy Policy from time to time due to changes in services, applicable law, and our legitimate interests. You can determine the latest revision date from the date at the top of this page.

Any changes will take effect once published in the app or otherwise provided to users.

13. More Information

If you have any further questions, please contact us via email at: dpo@shelly.com

Last updated: