Privacy Policy for Sunrise LLC Home Security App
With the following Privacy Policy, Sunrise (hereinafter “Sunrise”, “we” or “us”) informs you about the personal data (hereinafter “data”) which is collected and processed when using our website, obtaining services as a customer (agreed service contract) or receiving promotions (e.g., newsletter, giveaways). This Privacy Policy applies to all services offered under the brand names yallo, Lebara, MySports, swype and UPC.
Please note that this Privacy Policy may be updated from time to time. We therefore recommend that you check our website regularly for any updates.
1. Definitions
Personal data: Any information relating to an identified or identifiable natural person
Processing: Any operation performed on personal data, including collection, storage, use, disclosure and deletion
Data controller: Sunrise LLC, Thurgauerstrasse 101 B, 8152 Glattpark (Opfikon), Switzerland
Data processor: Any third party acting on behalf of Sunrise to process personal data
2. Scope and applicability
This Policy governs all personal data processed by Sunrise in connection with the Home Security App (“App”), including data collected via the App, website and related services. You are subject to this Policy when you install, access or use the App or related services.
3. Lawful basis for processing
We process personal data only when we have at least one lawful basis, including:
Performance of contract: To provide and maintain your home security services
Legal obligation: To comply with Swiss law, EU GDPR, UK GDPR and other applicable regulations
Legitimate interests: To secure, maintain and improve our services, provided such interests do not override your fundamental rights and freedoms
Consent: Where required, for example, marketing communications or background location tracking
4. Categories of personal data and purposes of processing
4.1 Account information
Data: Name, postal address, email address, telephone number, payment details
Purpose: Account creation, billing, customer support and service management
4.2 Device and usage data
Data: Device identifiers, QR-code scans, usage logs, IP addresses
Purpose: Pairing devices (sensors, cameras), diagnostics, performance monitoring, troubleshooting
4.3 Location data
Data: Precise geolocation, including when the App is closed or not in use
Purpose: Automated arming and disarming of your security system based on your presence
Consent: Explicit opt-in; purpose string: “Location access, including in the background, is required to offer automated arming/disarming based on your location.”
Retention: Stored for six months, then irrevocably deleted
4.4 Camera access
Data: Real-time camera stream solely for QR-code scanning; no storage of images or video
Purpose: Secure device pairing
Purpose string: “Camera access is required solely to scan QR codes for device pairing.”
Withdrawal: Users may revoke camera access in device settings; manual pairing codes remain available.
4.5 Camera footage
Data: Video recordings stored either locally on your device or in encrypted cloud storage, in line with your subscription plan
Purpose: Security monitoring and event review
Control: Retention period configurable by you within the App (default: seven days); footage older than the configured period is automatically deleted.
4.6 Cookies and similar technologies
Data: Identifier cookies and similar technologies for essential functionality, analytics and marketing (the latter only following consent)
Purpose: Ensuring service operation, analysing performance and delivering personalised marketing where permitted
5. Data sharing and international transfers
5.1 Processors
We share personal data only with authorised data processors under written agreements that require data-protection measures equivalent to this Policy.
5.2 Legal disclosures
We may disclose personal data to comply with legal obligations, court orders or to protect rights and safety.
5.3 International transfers
If data is transferred outside the EEA, UK or Switzerland, we implement standard contractual clauses or other approved safeguards to ensure adequate protection.
6. Data retention
We retain personal data only as long as is necessary to fulfil the stated purposes or comply with legal requirements:
Account and billing data: Seven years
Location data: Six months
Usage logs: Twelve months
Camera footage: Configurable (default seven days)
Cookies: As specified in our Cookie Policy. After these periods, data is securely deleted or irreversibly anonymised.
7. Data-subject rights
Under applicable data-protection laws, you have the right to:
Access and receive a copy of your personal data
Rectify inaccurate or incomplete data
Erase data (“right to be forgotten”) if lawful
Restrict or object to processing
Portability of data in a machine-readable format
Withdraw consent at any time for optional processing, without affecting data lawfully processed prior to withdrawal
Lodge a complaint with a supervisory authority (e.g., the Swiss FDPIC)
To exercise these rights, contact our Data Protection Office or use the in-App request feature.
8. Security measures
We maintain appropriate technical and organisational measures to safeguard personal data, including:
Encryption in transit (TLS) and at rest (AES‑256)
Role-based access controls and authentication
Regular vulnerability assessments and penetration testing
A formal incident-response and breach-notification plan
9. Data Protection Office
For inquiries, rights requests or other communications regarding data, contact:
Sunrise – Data Protection Office
Thurgauerstrasse 101 B, 8152 Glattpark (Opfikon), Switzerland
Email: privacy@sunrise.net
10. Breach notification
In the event of a data breach, we will notify the affected individuals and the relevant supervisory authority as soon as possible, in accordance with the applicable legal requirements.
11. Children’s privacy
Our App is not intended for use by persons under 16 years of age. We do not knowingly process the personal data of minors. If we become aware of such processing, we will erase the data without undue delay.
12. Changes to this Policy
We may amend this Policy to reflect changes in law, technology or business practices. Material changes will be communicated via email or in-App notification at least 30 days prior to their effective date. Continued use of the App constitutes acceptance of the updated Policy.
13. Governing law and jurisdiction
This Policy is governed by Swiss law, excluding its conflict-of-law provisions. Any disputes arising under or in connection with this Policy will be subject to the exclusive jurisdiction of the Swiss courts.
14. Contact and complaints
If you have any questions, concerns or complaints regarding this Policy, please contact our Data Protection Office. You may also lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) or other competent supervisory authority.