Privacy Policy for Sunrise LLC Home Security App

With the following Privacy Policy, Sunrise (hereinafter “Sunrise”, “we” or “us”) informs you about the personal data (hereinafter “data”) which is collected and processed when using our website, obtaining services as a customer (agreed service contract) or receiving promotions (e.g., newsletter, giveaways). This Privacy Policy applies to all services offered under the brand names yallo, Lebara, MySports, swype and UPC.

Please note that this Privacy Policy may be updated from time to time. We therefore recommend that you check our website regularly for any updates.

1. Definitions

  • Personal data: Any information relating to an identified or identifiable natural person

  • Processing: Any operation performed on personal data, including collection, storage, use, disclosure and deletion

  • Data controller: Sunrise LLC, Thurgauerstrasse 101 B, 8152 Glattpark (Opfikon), Switzerland

  • Data processor: Any third party acting on behalf of Sunrise to process personal data

2. Scope and applicability

This Policy governs all personal data processed by Sunrise in connection with the Home Security App (“App”), including data collected via the App, website and related services. You are subject to this Policy when you install, access or use the App or related services.

3. Lawful basis for processing

We process personal data only when we have at least one lawful basis, including:

  • Performance of contract: To provide and maintain your home security services

  • Legal obligation: To comply with Swiss law, EU GDPR, UK GDPR and other applicable regulations

  • Legitimate interests: To secure, maintain and improve our services, provided such interests do not override your fundamental rights and freedoms

  • Consent: Where required, for example, marketing communications or background location tracking

4. Categories of personal data and purposes of processing

4.1 Account information

  • Data: Name, postal address, email address, telephone number, payment details

  • Purpose: Account creation, billing, customer support and service management

4.2 Device and usage data

  • Data: Device identifiers, QR-code scans, usage logs, IP addresses

  • Purpose: Pairing devices (sensors, cameras), diagnostics, performance monitoring, troubleshooting

4.3 Location data

  • Data: Precise geolocation, including when the App is closed or not in use

  • Purpose: Automated arming and disarming of your security system based on your presence

  • Consent: Explicit opt-in; purpose string: “Location access, including in the background, is required to offer automated arming/disarming based on your location.”

  • Retention: Stored for six months, then irrevocably deleted

4.4 Camera access

  • Data: Real-time camera stream solely for QR-code scanning; no storage of images or video

  • Purpose: Secure device pairing

  • Purpose string: “Camera access is required solely to scan QR codes for device pairing.”

  • Withdrawal: Users may revoke camera access in device settings; manual pairing codes remain available.

4.5 Camera footage

  • Data: Video recordings stored either locally on your device or in encrypted cloud storage, in line with your subscription plan

  • Purpose: Security monitoring and event review

  • Control: Retention period configurable by you within the App (default: seven days); footage older than the configured period is automatically deleted.

4.6 Cookies and similar technologies

  • Data: Identifier cookies and similar technologies for essential functionality, analytics and marketing (the latter only following consent)

  • Purpose: Ensuring service operation, analysing performance and delivering personalised marketing where permitted

5. Data sharing and international transfers

5.1 Processors

We share personal data only with authorised data processors under written agreements that require data-protection measures equivalent to this Policy.

5.2 Legal disclosures

We may disclose personal data to comply with legal obligations, court orders or to protect rights and safety.

5.3 International transfers

If data is transferred outside the EEA, UK or Switzerland, we implement standard contractual clauses or other approved safeguards to ensure adequate protection.

6. Data retention

We retain personal data only as long as is necessary to fulfil the stated purposes or comply with legal requirements:

  • Account and billing data: Seven years

  • Location data: Six months

  • Usage logs: Twelve months

  • Camera footage: Configurable (default seven days)

  • Cookies: As specified in our Cookie Policy. After these periods, data is securely deleted or irreversibly anonymised.

7. Data-subject rights

Under applicable data-protection laws, you have the right to:

  • Access and receive a copy of your personal data

  • Rectify inaccurate or incomplete data

  • Erase data (“right to be forgotten”) if lawful

  • Restrict or object to processing

  • Portability of data in a machine-readable format

  • Withdraw consent at any time for optional processing, without affecting data lawfully processed prior to withdrawal

  • Lodge a complaint with a supervisory authority (e.g., the Swiss FDPIC)

To exercise these rights, contact our Data Protection Office or use the in-App request feature.

8. Security measures

We maintain appropriate technical and organisational measures to safeguard personal data, including:

  • Encryption in transit (TLS) and at rest (AES‑256)

  • Role-based access controls and authentication

  • Regular vulnerability assessments and penetration testing

  • A formal incident-response and breach-notification plan

9. Data Protection Office

For inquiries, rights requests or other communications regarding data, contact:

Sunrise – Data Protection Office
Thurgauerstrasse 101 B, 8152 Glattpark (Opfikon), Switzerland
Email: privacy@sunrise.net

10. Breach notification

In the event of a data breach, we will notify the affected individuals and the relevant supervisory authority as soon as possible, in accordance with the applicable legal requirements.

11. Children’s privacy

Our App is not intended for use by persons under 16 years of age. We do not knowingly process the personal data of minors. If we become aware of such processing, we will erase the data without undue delay.

12. Changes to this Policy

We may amend this Policy to reflect changes in law, technology or business practices. Material changes will be communicated via email or in-App notification at least 30 days prior to their effective date. Continued use of the App constitutes acceptance of the updated Policy.

13. Governing law and jurisdiction

This Policy is governed by Swiss law, excluding its conflict-of-law provisions. Any disputes arising under or in connection with this Policy will be subject to the exclusive jurisdiction of the Swiss courts.

14. Contact and complaints

If you have any questions, concerns or complaints regarding this Policy, please contact our Data Protection Office. You may also lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) or other competent supervisory authority.