Privacy Policy

Last updated: 2026-04-27.

SmrtDesk is a native macOS app. It does not have a server-side product; the only piece of cloud infrastructure we operate is a stateless Cloudflare Worker that relays voice commands from Amazon Alexa to your Mac. Everything else is either local to your computer or talks directly to the smart-home provider you have an account with.

This document explains, in plain language, what SmrtDesk reads, where it sends it, and what we do — and don't — store.

What stays on your Mac

• Discovery of Hue bridges, Sonos speakers, Shelly devices, HomeKit accessory bridges, and Home Assistant servers happens over Bonjour / mDNS on your local network. Discovery results never leave your Mac.
• Every command you issue to a HomeKit, Hue, Kasa, Shelly, or Home Assistant device travels directly from your Mac to the device or hub, over your Wi-Fi. SmrtDesk has no server in this path.
• Crash reports, hang reports, and CPU/disk-write diagnostics are collected by Apple's MetricKit and saved to ~/Library/Application Support/SmrtDesk/diagnostics/events.jsonl. This file is never uploaded by SmrtDesk. Apple may forward aggregated diagnostics to us only if you have explicitly opted in to Share with App Developers in System Settings → Privacy & Security → Analytics & Improvements.
• Cloud-provider OAuth tokens and API keys are stored in the macOS Keychain (keychain-access-groups), encrypted at rest, and never copied off your Mac.

What goes to third parties

• Cloud-only smart-home providers: Govee, SmartThings, Ecobee, LIFX (cloud mode), Sonos, Tuya, and the optional Shelly Cloud fallback all require API calls. Those calls go from your Mac directly to the provider's API. We never proxy them.
• Apple iCloud (CloudKit): If iCloud Drive is enabled on your Mac, SmrtDesk syncs your user-defined scenes, rooms, and provider configuration to your private iCloud database so a second Mac sees the same setup. Apple is the data controller; their privacy policy applies.
• Amazon Alexa Skill (optional): If you sign in to the SmrtDesk Skill, Amazon associates your Amazon account with a per-installation identifier. When you say "Alexa, tell SmrtDesk to run X", Alexa sends the intent to our Cloudflare Worker, which forwards a silent push notification to your Mac. The Worker stores only an opaque APNs device token (rotated when you uninstall), a per-installation machine id, and the scene names you have published to the Skill. No name, email address, location, or device inventory is stored on the Worker.

What we don't do

• No analytics. SmrtDesk does not bundle Mixpanel, Amplitude, Sentry, Crashlytics, Firebase, or any other analytics SDK.
• No advertising identifiers. SmrtDesk does not access IDFA or any comparable identifier.
• No selling, no sharing. We have no business relationship that involves your data leaving us. We have no servers that store your data, with the narrow exception of the Alexa Worker described above.
• No tracking across apps or websites.

Data subject rights

You can delete every piece of state SmrtDesk has on your Mac by:

1. Quitting SmrtDesk.
2. Deleting ~/Library/Application Support/SmrtDesk (settings, diagnostics).
3. Removing SmrtDesk Keychain entries: open Keychain Access, search smrtdesk, delete matching items.
4. In iCloud → Manage Storage, removing the SmrtDesk container if present.
5. In the Alexa app, disabling the SmrtDesk Skill (this clears the Worker's record of your APNs token within 24 hours).

Contact

Questions or requests can go to support@smrtdesk.online.