search

Privacy Policy

CallOnAlarm.io

Version 2.0 — February 2026

circle-info

Legal Language Notice

These documents are provided in multiple languages for your convenience. However, please note that the French version (FR) is the original and legally binding version. In the event of any discrepancy or contradiction between the French version and any translation, the French version shall prevail.

hashtag
Legal Documents & Downloads

Language
Document
Status
Format

🇫🇷 Français

Politique de Confidentialité (FR)

Original / Binding

file-pdfprivacy_fr.pdf

🇬🇧 English

Privacy Policy (EN)

Translation

file-pdfprivacy_en.pdf

🇩🇪 Deutsch

Datenschutzerklärung (DE)

Translation

file-pdfprivacy_de.pdf

🇪🇸 Español

Política de Privacidad (ES)

Translation

file-pdfprivacy_es.pdf

🇮🇹 Italiano

Informativa sulla Privacy (IT)

Translation

file-pdfprivacy_it.pdf

hashtag
1. Introduction

This Privacy Policy describes how CallOnAlarm, operated by Homesec Services (hereinafter "we", "our" or "CallOnAlarm"), collects, uses, stores and protects the personal data of users of our alert notification platform accessible at callonalarm.io.

We are committed to respecting your privacy and protecting your personal data in accordance with Regulation (EU) 2016/679 (GDPR) and Directive 2002/58/EC (ePrivacy Directive).

This policy applies to all users of our Service within the European Union and the European Economic Area.

hashtag
2. Data Controller

Within the meaning of Article 4(7) of the GDPR, the data controller is:

Homesec Services — French simplified joint-stock company (SASU)

  • Registered office: 3 les crêtes, 14220 Le Hom, France

  • EU VAT Number: FR95951691989

  • Data Protection Officer (DPO): [email protected]

hashtag
2.1 Roles and Responsibilities

For Customer data (account holders), CallOnAlarm acts as data controller. For Emergency Contact data, the Customer acts as data controller and CallOnAlarm acts as data processor within the meaning of Article 28 of the GDPR.

hashtag
3. Personal Data Collected

hashtag
3.1 For Account Holders (Customers)

  • Identification data: surname, first name

  • Contact details: email address, phone number (optional)

  • Payment data: processed by Stripe Inc. — we do not store credit card numbers

  • Technical data: IP address, connection data, usage logs

  • Usage data: event history, call logs, configurations

hashtag
3.2 For Emergency Contacts

  • Name (as provided by the Customer)

  • Phone number

  • Consent status and proof (date, time, call identifier)

  • History of received calls and DTMF actions

hashtag
3.3 Data Not Collected

We do not collect special categories of data within the meaning of Article 9 of the GDPR (ethnic origin, political opinions, religious beliefs, health data, sexual orientation, etc.).

hashtag
4. Legal Bases for Processing

In accordance with Article 6 of the GDPR, our processing is based on:

hashtag
4.1 Performance of Contract (Article 6.1.b)

For our Customers, processing is necessary for the performance of the service contract.

hashtag
4.2 Explicit Consent (Article 6.1.a)

For Emergency Contacts, we obtain explicit consent via an automated phone call during which the contact presses key 1 to accept or key 9 to refuse.

hashtag
4.3 Legitimate Interest (Article 6.1.f)

In certain limited cases (platform security, fraud prevention, service improvement).

hashtag
4.4 Legal Obligation (Article 6.1.c)

Certain data is retained to meet our legal obligations (accounting, taxation).

hashtag
5. Purposes of Processing

Your personal data is processed for the following purposes:

  • Providing the alert notification service

  • Verifying and documenting emergency contact consent

  • Managing user accounts and authentication

  • Billing and subscription management

  • Service-related communications

  • Platform security and fraud prevention

circle-info

Important: We never use your data for unsolicited commercial prospecting or profiling for advertising purposes.

hashtag
6. Data Recipients

hashtag
6.1 Technical Subcontractors

These providers act on our instructions and are bound by contracts compliant with Article 28 of the GDPR:

  • Twilio Inc. (USA): telephony provider — EU-US Data Privacy Framework certified

  • Stripe Inc. (USA): payment provider — EU-US Data Privacy Framework certified

  • Hetzner Online GmbH (Germany): hosting provider — data stored in EU

  • Neurosaas (France): platform design and technical maintenance — data stored in EU

hashtag
6.2 Competent Authorities

In case of legal requisition, we may communicate data to competent authorities.

hashtag
6.3 No Sale of Data

We never sell, rent or share your personal data with third parties for commercial purposes.

hashtag
7. International Transfers

Our main servers are hosted within the European Union (Hetzner, Germany/Finland). Some data may be transferred to the United States via Twilio and Stripe.

These transfers are governed by:

  • The EU-US Data Privacy Framework adequacy decision (July 10, 2023)

  • Standard Contractual Clauses (decision 2021/914)

hashtag
8. Retention Period

We retain your personal data only for the duration necessary:

Data Category
Duration
Justification

Customer account data

Contract + 5 years

Accounting obligations

Active emergency contacts

Customer contract duration

Service execution

Deleted contacts

3 years after deletion

Proof of consent

Call logs

5 years

Legal obligations

Consent proofs

5 years after end

Burden of proof

Technical logs

1 year

Security, debugging

Billing data

10 years

Accounting obligations

hashtag
9. Your Rights

In accordance with Articles 15 to 22 of the GDPR, you have the following rights:

  • Right of Access (Article 15): obtain confirmation and access to your data

  • Right to Rectification (Article 16): correct inaccurate data

  • Right to Erasure (Article 17): request deletion of your data

  • Right to Restriction (Article 18): limit processing in certain cases

  • Right to Portability (Article 20): receive your data in a structured format

  • Right to Object (Article 21): object to processing based on legitimate interest

  • Right to Withdraw Consent (Article 7.3): withdraw consent at any time

To exercise these rights, contact us at: [email protected]

We will respond within one (1) month in accordance with Article 12.3 of the GDPR.

hashtag
10. Data Security

We implement appropriate technical and organizational measures:

  • Encryption: TLS 1.3 for all communications, bcrypt hashing for passwords

  • Access Control: strong authentication, least privilege principle

  • Infrastructure: ISO 27001 certified EU hosting, high availability

  • Monitoring: 24/7 monitoring, intrusion detection

hashtag
11. Data Breach Notification

In case of personal data breach:

  • We document the breach in our internal register

  • If risk exists, we notify the supervisory authority within 72 hours

  • If risk is high, we inform you directly

hashtag
12. Cookies

Our site uses only cookies strictly necessary for the operation of the Service (session cookies, authentication). We do not use advertising or tracking cookies.

hashtag
13. Policy Modifications

We reserve the right to modify this Privacy Policy. Substantial modifications will be notified to our Customers by email.

hashtag
14. Complaints and Supervisory Authorities

You have the right to lodge a complaint with a supervisory authority (Article 77 GDPR).

Contact us first: [email protected]

Supervisory authorities:

  • France: CNIL — www.cnil.fr

  • Germany: BfDI — www.bfdi.bund.de

  • Spain: AEPD — www.aepd.es

  • Italy: Garante — www.garanteprivacy.it

  • Others: https://edpb.europa.eu/about-edpb/about-edpb/members_en

hashtag
15. Contact

  • Data Protection Officer: [email protected]

  • General Support: [email protected]

  • Postal Address: Homesec Services — 3 les crêtes, 14220 Le Hom, France

  • Website: https://callonalarm.io

Document established on February 12, 2026

Homesec Services — CallOnAlarm — All rights reserved

PreviousLegal NoticeNextTerms of Service

Last updated