HomeBar Privacy Policy
HomeBar is built to work with your HomeKit devices directly on your Mac, iPhone, iPad, Apple Watch, and Apple TV. Your home data stays on your devices and in your private iCloud container — it never flows through our servers.
1. What we don't collect
We explicitly never collect:
- Your name, email address, or any account credentials.
- Device names, accessory names, room names, or home names from your HomeKit setup.
- HomeKit UUIDs, accessory identifiers, or any stable device identifiers.
- Sensor readings, automation rules, scene contents, camera frames, or any on-device state.
- Your location, IP address (stripped server-side), Wi-Fi SSID, or network information.
- API keys you provide (e.g., your Anthropic key) — these are stored only in the system Keychain and never transmitted to us.
- Payment information. Subscriptions are processed by Apple via StoreKit; we never see card or billing data.
- No location data reaches our servers. Weather-based features query Apple's WeatherKit directly from your device; your location is passed to Apple, never to us.
- No automation content. Automation names, triggers, conditions, actions, and rule contents never leave your device. We only receive aggregate counts and success/failure rates.
- Pairing codes stay on your device. HomeKit pairing codes you scan or store for re-pairing are kept only in your local, encrypted HomeBar database. They're never transmitted to us or included in any telemetry.
- Backups stay on your device or in your own iCloud. HomeBar's backups are written locally and, if you enable it, synced via your private iCloud container. The contents of a backup — device configurations, automations, scenes, pairing codes — never pass through our servers.
2. Anonymous usage telemetry
If you leave analytics enabled (toggleable in Settings → Privacy), HomeBar sends one aggregated snapshot per day to our analytics provider, PostHog. Each snapshot is identified only by a random UUID generated on your device — not tied to you, your Apple ID, or your hardware. You can reset this ID or opt out at any time.
The snapshot contains:
- Platform and version: operating system family and version, app version and build number, subscription tier.
- Hardware inventory: a list of {manufacturer, model} pairs for your HomeKit accessories, plus aggregate counts. This helps us build a supported-devices list and prioritize compatibility fixes. We do not send names, rooms, or identifiers.
- Home topology counts: number of homes, rooms, accessories, scenes, automations, and cameras.
- Feature adoption flags: boolean indicators such as "uses automations," "uses AI," "uses energy monitoring," "uses CloudKit sync," and similar. No click events, no screen transitions, no per-action tracking.
- Aggregated health metrics: 7-day automation success rate, failure counts, total run counts (no automation names or rule content), reachable vs unreachable device counts, active anomaly counts.
- Non-sensitive preferences: temperature unit, device grid column count, counts of hidden or favorited items. This helps us understand which settings our users prefer in aggregate.
- Matter device compatibility: for each Matter accessory in your home, the device vendor name, product name, and which energy-measurement clusters it exposes. This is how we keep our supported-hardware list accurate.
Every event is sent with $geoip_disable: true and $ip: 0.0.0.0, so geographic and IP information is never recorded. PostHog is configured in events-only mode (personProfiles = .never), meaning no per-person profiles are created.
3. Crash reports
HomeBar includes PLCrashReporter. When the app crashes, an anonymized stack trace and device-class information are collected to help us fix bugs. Crash reports do not include your HomeKit data, on-device content, or any personal identifiers.
4. Third-party services
| Service | Role | What it sees |
|---|---|---|
| PostHog us.i.posthog.com |
Anonymous product analytics | Only the telemetry fields described in Section 2. IP stripped. |
| PLCrashReporter | Crash reporting | Anonymized crash stacks. |
| Apple iCloud / CloudKit | Sync between your own HomeBar installs | Data stays in your private CloudKit container. We have no access. |
| Apple HomeKit | Core device integration | Local-only framework on your device. |
| Anthropic (Claude API) | AI automation suggestions and summaries | Your prompt, which includes HomeKit context such as accessory and room names, is sent to Anthropic whenever you use an AI feature. Requests go directly from your device to api.anthropic.com; we do not proxy or log them. |
| Apple StoreKit | Subscription billing | Apple processes payment; we receive only a subscription-status receipt. |
About the Claude API key
HomeBar ships with a bundled Anthropic API key so AI features work out of the box. You can provide your own key in Settings → AI; when set, it replaces the bundled key entirely.
What we can and cannot see on the bundled key:
- We can see aggregate usage on Anthropic's developer console for that key — total request count, tokens consumed, model mix, and cost. This is how we manage shared capacity and cost across all users of the bundled key.
- We cannot see who made a request. No user ID, install ID, or device identifier is attached to the request. We cannot correlate a specific call on the Anthropic console to a specific user or install.
- We do not see the prompt content. Prompts go directly from your device to Anthropic; we have no proxy, no logging, and no copy.
When you use your own API key, everything above is replaced by your own Anthropic account — HomeBar has no visibility into that usage at all.
5. Your controls
At any time you can:
- Opt out of analytics in Settings → Privacy. All collection stops immediately.
- Reset your anonymous install ID to break any linkability between past and future events.
- Delete all locally-stored telemetry snapshots (HomeBar keeps up to the last 90 for your own inspection).
- Disable AI, CloudKit sync, and other opt-in features individually.
6. Data retention
- On your device: up to 90 daily telemetry snapshots, kept locally for your own inspection. You can delete them at any time.
- PostHog: aggregated events retained according to our PostHog plan; no personally identifying data is stored, so there is nothing to request deletion of individually. Resetting your install ID breaks any linkage to prior events.
7. Children's privacy
HomeBar is not directed to children under 13 and does not knowingly collect personal data from children.
8. Changes to this policy
We'll update this page when we change what we collect. Material changes will be surfaced in-app on the next launch after the update.
9. Contact
Questions or privacy requests: support@madebydrew.com