Skip to main content
IMI Logo
Climate control
logo Climate Control

Heatmiser neoApp Privacy Policy

This Privacy Notice applies to the “neoApp”, which is owned and managed by Heatmiser UK Limited (referred to as “Heatmiser”, “we”, “us”, or “our”) which is wholly-owned subsidiary of IMI plc (“IMI”). We are committed to protecting your privacy. This notice explains what personal data (information that identifies or can be used to identify you) is collected and generated when you use the neoApp in connection with Heatmiser hardware or devices, including the neoHub (the “Products”). It also describes your rights regarding your data. This Privacy Notice is incorporated into the Heatmiser neoApp Terms of Service (the “Terms”).

The defined terms in this Privacy Notice have the same meaning as in the neoApp User Guide available on heatmiser.com. 

What personal data is collected / generated and for what purposes?

Account Registration:

When you create a neoApp account, you will be asked to provide: 

  • The full address of the property where the Products are installed (this is optional).

  • A current email address and a complex password to set up an account.

  • Activation codes from the neoHub hardware.

To set and operate Heatmiser Products: 

  • Profile settings: The first person who pairs to a neoHub is the “Owner” (also known as “MasterOwners”). The Owner will have the ability to add other Users – either “Admin” or “Guest Users” (as defined in the Terms). Owners and Admin Users can input comfort level and profile settings. They may name zones in the property and define zone setup, program mode, temperature format and time/date. 

  • Approximate geo-location information of the Owner and Admin Users: When the Owner sets up the geo-location functionality feature to automatically control heating based on the Owner or Admin User device entering or leaving a zone, this event will be logged. Admin Users will have to expressly consent to the geo-location functionality. Heatmiser and the Owners do not have access to precise geo-location data; this is stored only on individual devices. 

  • Environmental data from Heatmiser sensors: Information from sensors provides data about the current temperature of the property or specific zones, indicating whether there are open doors or windows. This information is not personal data but might be used by the Owner, Admin or Guest Users to infer whether the property or specific zones, are occupied. 

  • Thermostat settings: Information, including time and date of manual or automated interactions with the thermostat, heating usage and temperature history for the last 24 hours for each zone.

  • Historical usage information: Where the Owner or Admin User consents, up to 400 days of enhanced history will be made available to the Owner or Admin User. This includes actual and set temperature and the heat output status per zone. The Owner or Admin Users can delete the enhanced data at any time via the neoApp. 

  • Device and Technical Information: Information about the devices used for the neoApp, including Owner, Admin and Guest Users device type and operating system. Information will also be processed about, your IP address, WiFi network (SSID (service set identifier) and password is only used locally and shared between devices not with Heatmiser). This does not include persistent identifiers such as MAC addresses or advertising identifiers.

To monitor the services and provide support:

  • neoApp usage and event information: To ensure proper operation, we will monitor error logs, network data, and neoApp usage data. 

  • Name, contact information and details of support: If you contact Heatmiser technical support, we will process your contact information, registered email address and any information needed to address your request or included in your communications with us. 

Disclosure of your data

Your information may be disclosed to third parties as follows:

  • To IMI or third-party businesses to provide the service: Heatmiser shares information only when necessary to provide services and operate our businesses legally. This includes sharing information within IMI, with trusted suppliers and third parties such as technology platforms (e.g., AWS), customer service systems (e.g.,Zendesk, 8x8) and technical support providers (e.g., Birlasoft). 

  • To law enforcement/regulators: Heatmiser may disclose your information when required or permitted by law (e.g., to police for crime investigations).

  • To other companies for business operations: In the event of a corporate sale, merger, reorganisation, dissolution or similar event, your data may be part of the transferred assets.

  • To linked Users: If you are an Admin or Guest User of the neoApp, Owners will have access to certain information about you. If Admin Users consent to “geo-events”, Owners and other Admin Users will have access to data about when devices leave or enter a specified geo zone. However, Owners and Admin Users do not have access to precise location or device information via the neoApp. Owners can access the email address and settings configured by Admin Users for the property or specific zones. 

  • To Alexa / HomeKit / Google Home with your consent: If you are the Owner or  Admin User and you link the neoApp with your smart home centre such as Alexa, you consent to Heatmiser sending all data to these third parties. Heatmiser is not responsible for the processing of your personal data by smart home centre providers.

Please note: Personal data related to the neoApp is not shared with third parties for commercial purposes without your consent. 

Security and Retention

Heatmiser takes appropriate organisational and technical measures to secure the neoApp and protect your data. Some of the technical protections include: 

  • Data transmitted between the device, neoApp and Heatmiser servers is protected from unauthorised access using Secure Sockets Layer (SSL) protocol with a 128-bit encryption key, the highest level commercially available as at the date of this notice.

  • Secure authentication methods, such as OAuth 2.0 and token-based authentication, are used to verify User identity. 

  • Regular firmware and software updates are applied to patch vulnerabilities.

Heatmiser only retains data for the minimum period necessary required to operate the services and in accordance with applicable law. In most cases data will be deleted after thirteen (13) months. 

Location of personal data storage and processing 

Heatmiser is based in the UK. The information we collect may be transferred from UK to countries within the European Economic Area (EEA) and other juridictions, including India and USA. Where these countries have fewer protective laws than the UK or EEA, Heatmiser has implemented appropriate contractual measures to protect this data.

Legal Basis of Processing

  • We rely on the consent of all Users to process location or personalised settings to operate the neoApp, or to provide access to neoApp data to the Owner or Admin Users, or to third parties at your request. 

  • We rely on legitimate interests of operating the Heatmiser business to process personal data for operations, including provision of the services, monitoring and neoApp maintenance, security, and customer support. We protect Users’ data as defined in this notice. 

  • We process User authentication data and related device personal data and information generated by the Products as necessary to provide the neoApp functionality defined to fulfil the contract between Heatmiser and Users as defined in the Terms of Service. 

  • We process personal data described in this notice where necessary to comply with Heatmiser legal obligations

Your rights

You have the following rights relating to your personal data:

  • The right to be informed about how your personal data is being used.

  • The right to access the personal data we hold about you.

  • The right to opt out of receiving direct marketing communications.

  • The right to request corrections to any inaccurate personal data we hold.

  • The right to request the blocking or deletion of your personal data if its processing does not comply with applicable data protection laws.

  • The right to request that we transfer your data to another company.

Some of these rights are limited. To exercise any of these rights, or if you have any questions or comments about this notice, please contact [email protected]. We may need to ask some questions to verify your identity or clarify your enquiry. 

If you are unhappy with our data processing, you can contact the Information Commission at ICO.