# Privacy Policy

**CallOnAlarm.io**

*Version 2.0 — February 2026*

{% hint style="info" %}
Legal Language Notice

These documents are provided in multiple languages for your convenience. However, please note that the French version (FR) is the original and legally binding version. In the event of any discrepancy or contradiction between the French version and any translation, the French version shall prevail.
{% endhint %}

***

### Legal Documents & Downloads

<table><thead><tr><th width="127.4453125">Language</th><th width="271">Document</th><th width="180.5546875">Status</th><th data-type="files">Format</th></tr></thead><tbody><tr><td>🇫🇷 Français</td><td>Politique de Confidentialité (FR)</td><td>Original / Binding</td><td><a href="/files/4GSCvSzq0uZGiV52UeH7">/files/4GSCvSzq0uZGiV52UeH7</a></td></tr><tr><td>🇬🇧 English</td><td>Privacy Policy (EN)</td><td>Translation</td><td><a href="/files/WzMYoDS0ceDQz6hkGH1k">/files/WzMYoDS0ceDQz6hkGH1k</a></td></tr><tr><td>🇩🇪 Deutsch</td><td>Datenschutzerklärung (DE)</td><td>Translation</td><td><a href="/files/oewcJRGXtAC0I2DkTL3M">/files/oewcJRGXtAC0I2DkTL3M</a></td></tr><tr><td>🇪🇸 Español</td><td>Política de Privacidad (ES)</td><td>Translation</td><td><a href="/files/VFuxLwstdvInQXA98aTR">/files/VFuxLwstdvInQXA98aTR</a></td></tr><tr><td>🇮🇹 Italiano</td><td>Informativa sulla Privacy (IT)</td><td>Translation</td><td><a href="/files/ABELBeAK1ZJIzuG9k3Ad">/files/ABELBeAK1ZJIzuG9k3Ad</a></td></tr></tbody></table>

***

## 1. Introduction

This Privacy Policy describes how CallOnAlarm, operated by Homesec Services (hereinafter "we", "our" or "CallOnAlarm"), collects, uses, stores and protects the personal data of users of our alert notification platform accessible at callonalarm.io.

We are committed to respecting your privacy and protecting your personal data in accordance with Regulation (EU) 2016/679 (GDPR) and Directive 2002/58/EC (ePrivacy Directive).

This policy applies to all users of our Service within the European Union and the European Economic Area.

***

## 2. Data Controller

Within the meaning of Article 4(7) of the GDPR, the data controller is:

**Homesec Services** — French simplified joint-stock company (SASU)

* **Registered office:** 3 les crêtes, 14220 Le Hom, France
* **EU VAT Number:** FR95951691989
* **Data Protection Officer (DPO):** <privacy@callonalarm.io>

### 2.1 Roles and Responsibilities

For Customer data (account holders), CallOnAlarm acts as data controller. For Emergency Contact data, the Customer acts as data controller and CallOnAlarm acts as data processor within the meaning of Article 28 of the GDPR.

***

## 3. Personal Data Collected

### 3.1 For Account Holders (Customers)

* Identification data: surname, first name
* Contact details: email address, phone number (optional)
* Payment data: processed by Stripe Inc. — we do not store credit card numbers
* Technical data: IP address, connection data, usage logs
* Usage data: event history, call logs, configurations

### 3.2 For Emergency Contacts

* Name (as provided by the Customer)
* Phone number
* Consent status and proof (date, time, call identifier)
* History of received calls and DTMF actions

### 3.3 Data Not Collected

We do not collect special categories of data within the meaning of Article 9 of the GDPR (ethnic origin, political opinions, religious beliefs, health data, sexual orientation, etc.).

***

## 4. Legal Bases for Processing

In accordance with Article 6 of the GDPR, our processing is based on:

### 4.1 Performance of Contract (Article 6.1.b)

For our Customers, processing is necessary for the performance of the service contract.

### 4.2 Explicit Consent (Article 6.1.a)

For Emergency Contacts, we obtain explicit consent via an automated phone call during which the contact presses key 1 to accept or key 9 to refuse.

### 4.3 Legitimate Interest (Article 6.1.f)

In certain limited cases (platform security, fraud prevention, service improvement).

### 4.4 Legal Obligation (Article 6.1.c)

Certain data is retained to meet our legal obligations (accounting, taxation).

***

## 5. Purposes of Processing

Your personal data is processed for the following purposes:

* Providing the alert notification service
* Verifying and documenting emergency contact consent
* Managing user accounts and authentication
* Billing and subscription management
* Service-related communications
* Platform security and fraud prevention

{% hint style="info" %}
Important: We never use your data for unsolicited commercial prospecting or profiling for advertising purposes.
{% endhint %}

***

## 6. Data Recipients

### 6.1 Technical Subcontractors

These providers act on our instructions and are bound by contracts compliant with Article 28 of the GDPR:

* **Twilio Inc. (USA):** telephony provider — EU-US Data Privacy Framework certified
* **Stripe Inc. (USA):** payment provider — EU-US Data Privacy Framework certified
* **Hetzner Online GmbH (Germany):** hosting provider — data stored in EU
* **Neurosaas (France):** platform design and technical maintenance — data stored in EU

### 6.2 Competent Authorities

In case of legal requisition, we may communicate data to competent authorities.

### 6.3 No Sale of Data

We never sell, rent or share your personal data with third parties for commercial purposes.

***

## 7. International Transfers

Our main servers are hosted within the European Union (Hetzner, Germany/Finland). Some data may be transferred to the United States via Twilio and Stripe.

These transfers are governed by:

* The EU-US Data Privacy Framework adequacy decision (July 10, 2023)
* Standard Contractual Clauses (decision 2021/914)

***

## 8. Retention Period

We retain your personal data only for the duration necessary:

| Data Category             | Duration                   | Justification          |
| ------------------------- | -------------------------- | ---------------------- |
| Customer account data     | Contract + 5 years         | Accounting obligations |
| Active emergency contacts | Customer contract duration | Service execution      |
| Deleted contacts          | 3 years after deletion     | Proof of consent       |
| Call logs                 | 5 years                    | Legal obligations      |
| Consent proofs            | 5 years after end          | Burden of proof        |
| Technical logs            | 1 year                     | Security, debugging    |
| Billing data              | 10 years                   | Accounting obligations |

***

## 9. Your Rights

In accordance with Articles 15 to 22 of the GDPR, you have the following rights:

* Right of Access (Article 15): obtain confirmation and access to your data
* Right to Rectification (Article 16): correct inaccurate data
* Right to Erasure (Article 17): request deletion of your data
* Right to Restriction (Article 18): limit processing in certain cases
* Right to Portability (Article 20): receive your data in a structured format
* Right to Object (Article 21): object to processing based on legitimate interest
* Right to Withdraw Consent (Article 7.3): withdraw consent at any time

To exercise these rights, contact us at: **<privacy@callonalarm.io>**

We will respond within one (1) month in accordance with Article 12.3 of the GDPR.

***

## 10. Data Security

We implement appropriate technical and organizational measures:

* **Encryption:** TLS 1.3 for all communications, bcrypt hashing for passwords
* **Access Control:** strong authentication, least privilege principle
* **Infrastructure:** ISO 27001 certified EU hosting, high availability
* **Monitoring:** 24/7 monitoring, intrusion detection

***

## 11. Data Breach Notification

In case of personal data breach:

* We document the breach in our internal register
* If risk exists, we notify the supervisory authority within 72 hours
* If risk is high, we inform you directly

***

## 12. Cookies

Our site uses only cookies strictly necessary for the operation of the Service (session cookies, authentication). We do not use advertising or tracking cookies.

***

## 13. Policy Modifications

We reserve the right to modify this Privacy Policy. Substantial modifications will be notified to our Customers by email.

***

## 14. Complaints and Supervisory Authorities

You have the right to lodge a complaint with a supervisory authority (Article 77 GDPR).

Contact us first: <privacy@callonalarm.io>

Supervisory authorities:

* **France:** CNIL — [www.cnil.fr](http://www.cnil.fr)
* **Germany:** BfDI — [www.bfdi.bund.de](http://www.bfdi.bund.de)
* **Spain:** AEPD — [www.aepd.es](http://www.aepd.es)
* **Italy:** Garante — [www.garanteprivacy.it](http://www.garanteprivacy.it)
* **Others:** <https://edpb.europa.eu/about-edpb/about-edpb/members\\_en>

***

## 15. Contact

* **Data Protection Officer:** <privacy@callonalarm.io>
* **General Support:** <support@callonalarm.io>
* **Postal Address:** Homesec Services — 3 les crêtes, 14220 Le Hom, France
* **Website:** <https://callonalarm.io>

***

*Document established on February 12, 2026*

*Homesec Services — CallOnAlarm — All rights reserved*


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.callonalarm.io/legal/privacy-policy.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.