SREX the Smart Remote Experience

Privacy Policy

This Privacy Policy explains how MornaDev Ltd., doing business as SREX – Smart Remote Experience (“we,” “us,” or “our”), collects, uses, shares, and protects your personal information when you use our website (https://wpui.srex.mornailla.com) and related services (collectively, the “Services”). Our Services, built on WordPress and hosted on IONOS, enable users to integrate smart locks with property management systems (PMS) for secure access management. We are committed to protecting your privacy in compliance with applicable laws, including the UK General Data Protection Regulation (UK GDPR) and, where applicable, the EU General Data Protection Regulation (GDPR). If you are in regions like California (CCPA), additional rights may apply as noted below.

By using our Services, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use our Services.

Who we are

Our website address is: https://wpui.srex.mornailla.com.

Contact Us

For questions about this policy or your data, reach us at hello@mornadev.com or by mail at MornaDev Ltd (Company number: 11187902) 840 Ibis Court, Centre Park, Warrington, Cheshire, United Kingdom, WA1 1RL

Information We Collect

We collect personal information necessary to provide and improve our Services, including data you provide, data from third-party integrations, and automatically collected data.

Personal Information You Provide

  • Customer Account Data: When you register via Azure B2C, we collect your name and email address. (Note: We may add optional fields like phone numbers for two-factor authentication or support, pending implementation.)
  • Credential Data for Locks: When configuring smart locks, you may provide names, email addresses, and PIN codes for recipients (e.g., family members, cleaners, guests). For family members like children, you may provide PINs without emails. This data is stored until you delete it.
  • Property and Reservation Data: When integrating with PMS, you provide or we receive via webhooks: property addresses, unit details, check-in/out dates, guest names, email addresses, and addresses. These are stored until the check-out date.

Information from Third Parties

  • Smart Lock Providers (e.g., Nuki, Yale, Home Assistant) via OAuth2 or API keys: Device discovery and pairing details.
  • Property Management Systems (PMS) via OAuth2, API keys or webhooks: Reservation details (check-in/out dates, guest names, emails, addresses).
  • Home Assistant Plugin: Device IDs, access tokens, and settings (e.g., number of supported users) exchanged via HTTPS API or MQTT.

Automatically Collected Information

  • Usage Data: IP addresses, device information, and browser details for security and troubleshooting.
  • Cookies and Trackers: We currently do not use cookies or trackers. When you visit our login page, we set a temporary cookie to check if your browser accepts cookies; it contains no personal data and is deleted when you close your browser. Upon login, we set cookies to save login information (lasting two days) and screen display choices (lasting one year). Selecting “Remember Me” extends login cookies to two weeks. These cookies are removed upon logout.
    • Future Use: We plan to implement Google Analytics, which may use cookies to analyse site usage. We will update this policy and provide opt-in/opt-out options as required.

Embedded Content from Other Websites

Our site may include embedded content (e.g., videos, images) from third-party websites. These behave as if you visited those sites, which may collect data, use cookies, or track interactions if you are logged into their services. We do not control their data practices; please review their privacy policies.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

How We Use Your Information

We use your information to:

  • Provide the Services (e.g., pair devices, generate/send PIN codes, manage PMS integrations).
  • Communicate with you (e.g., send service-related emails like PIN codes to guests or credentials to recipients).
  • Ensure security, prevent fraud, and maintain system functionality.
  • Comply with legal obligations (pending clarification of retention requirements).

Legal Basis for Processing

Under UK GDPR/GDPR, we process data based on:

  • Performance of a Contract: To deliver Services to you, such as lock integrations and email notifications.
  • Legitimate Interests: For guest data from PMS (e.g., names, emails, addresses), we process it to facilitate access management for our customers (property managers), minimizing storage and deleting after check-out. Our customers are responsible for ensuring guests are informed of this processing via their own privacy policies or contracts.
  • Consent: For optional features (e.g., future marketing emails, if implemented).

For children’s data (under 16 in UK/EU or 13 in US): We do not directly collect from children. If customers provide data for family members (e.g., PINs for children), they must obtain parental consent where required.

Sharing Your Information

We share data only as necessary

Third-Party Service Providers

  • Smart Lock and PMS Providers: For device pairing and reservation data (via OAuth2 or API keys).
  • Email Services (MailGun): To send PIN emails (recipient emails, addresses, PINs).
  • Hosting (IONOS): For data storage.
  • Future Providers: Google Analytics and third-party payment providers for subscriptions (no payment data stored directly).

Password Reset Emails

If you request a password reset, your IP address may be included in the reset email.

Legal Requirements

To comply with law or protect rights/safety. We do not sell data or share for advertising.

International Transfers

Data may be transferred outside the UK/EU (e.g., to US-based providers like MailGun). We use safeguards like standard contractual clauses to ensure GDPR compliance.

Data Retention

We retain data only as long as necessary:

  • Customer Accounts: Until you delete your account or are no longer a customer, plus [Placeholder: Suggest 30 days for administrative purposes].
  • Credential Data (Locks): Until deleted by you.
  • Guest/Reservation Data: Until check-out date, plus [Placeholder: Suggest 7 days for disputes].
  • Logs/Backups: [Placeholder: Currently none; Suggest 30-day retention for logs once implemented. Research legal requirements, e.g., 6-7 years for financial data in the UK.]

We will update this policy as retention policies are finalized

Security of Your Information

We use .NET Data Protection for encryption, SSL for communications, and access controls. No system is fully secure, but we take reasonable measures to protect your data.

Your Privacy Rights

Under UK GDPR/GDPR, you have the right to:

  • Access, correct, or delete your data.
  • Object to or restrict processing.
  • Request data portability.
  • Withdraw consent (where applicable).
  • Complain to the UK Information Commissioner’s Office.

For CCPA (if in California): Similar rights; we do not sell data.
To exercise rights, contact us at hello@mornadev.com. We respond within 30 days (extendable). If you have an account, you can view, edit, or delete your personal information (except username) directly. Administrators can also manage this data.

Children’s Privacy

Our Services are not directed at children under 16 (UK/EU) or 13 (US). If we learn of such data collection, we delete it promptly.

Updates to This Policy

We may update this policy; changes are effective upon posting. Material changes will be communicated via email or site notice.

Third-Party Websites

Our site may link to third-party sites (e.g., lock providers, embedded content). Their privacy policies apply.