← Back to SmartLock Automation

Privacy Policy

Last updated: 5 April 2026

1. Introduction

SmartLock Automation ("we", "our", or "us") operates the SmartLock Automation platform, accessible at smartlockautomation.co.uk. This Privacy Policy explains how we collect, use, and protect your personal information when you use our service. We are the data controller for the purposes of UK GDPR and the Data Protection Act 2018.

2. Information We Collect

We collect the following types of information:

  • Account information: email address and password hash when you register.
  • Third-party account information: when you connect an external service (e.g. Google, SmartThings), we receive the profile name and email address associated with that account.
  • Booking and scheduling data: contents of data sources you explicitly authorise us to read (e.g. Google Sheets spreadsheets, future calendar or booking platform integrations), used solely to generate and schedule smart lock access codes.
  • Smart lock data: lock identifiers, access code assignments, and sync status from connected lock platforms (e.g. SmartThings, TTLock).
  • Usage data: standard server logs including IP address, browser type, and pages visited.

3. How We Use Your Data

We use the information we collect exclusively to provide the SmartLock Automation service. Specifically:

  • Authenticating your account and securing access to the platform.
  • Reading booking or reservation data from sources you authorise, to determine which access codes to generate, assign, and expire.
  • Communicating with connected smart lock platforms on your behalf to programme and remove codes.
  • Identifying connected third-party accounts (by email and name) so you can manage which integrations are active.

We do not use your data for advertising, profiling, or to train AI or machine learning models, and we do not sell or transfer your data to third parties.

4. Third-Party Integrations

SmartLock Automation connects to external services on your behalf using OAuth 2.0. You explicitly authorise each connection, and you may revoke any connection at any time from within the platform or directly via the provider.

Google (Google Sheets)

SmartLock Automation's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Data obtained from Google APIs is used only to read the Google Sheets spreadsheets you select (to extract booking data for lock code scheduling) and to identify the connected Google account by email and name. We do not use Google user data for advertising, to train AI/ML models, or share it with third parties. You may revoke Google access via Google Account permissions or from within SmartLock Automation.

SmartThings

When you connect a SmartThings location, we receive an OAuth access token scoped to the devices and locks you authorise. This token is used solely to programme and remove access codes on connected smart locks. You may revoke access via the SmartThings app or from within SmartLock Automation.

TTLock and other lock platforms

Similar OAuth-based or API-key-based credentials are used for other supported lock platforms. In each case, credentials are stored encrypted, scoped to lock management only, and never shared with other services.

5. How We Store and Protect Your Data

All OAuth tokens and API credentials from third-party services are stored AES-encrypted in our database. Passwords are hashed and salted and never stored in plaintext. Booking and scheduling data is processed in memory and not persisted beyond what is needed to generate lock code assignments. All data in transit is protected by TLS 1.2 or higher.

We restrict access to personal data to only the automated processes that require it. No human staff routinely access your booking contents or third-party credentials.

6. Data Retention and Deletion

You may disconnect any third-party integration at any time from within SmartLock Automation, which immediately deletes the stored tokens for that service. To request full deletion of your account and all associated data, contact us at privacy@smartlockautomation.co.uk. We will action all deletion requests within 30 days.

Server logs are retained for up to 90 days for security and troubleshooting purposes, then permanently deleted.

7. Your Rights (UK GDPR)

Under UK GDPR you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete data.
  • Request erasure of your data ("right to be forgotten").
  • Restrict or object to our processing of your data.
  • Data portability — receive your data in a machine-readable format.
  • Lodge a complaint with the Information Commissioner's Office (ICO).

To exercise any of these rights, contact us at privacy@smartlockautomation.co.uk.

8. Cookies and Tracking

We use only essential session cookies required for authentication. We do not use advertising or analytics cookies, and we do not use any third-party tracking pixels or scripts.

9. Changes to This Policy

We may update this policy from time to time. The "last updated" date at the top of this page will reflect any changes. Continued use of the service after changes constitutes acceptance of the updated policy.

10. Contact

Questions about this policy: privacy@smartlockautomation.co.uk