Your safety and privacy are very important to us, thus we've designed Homey to be a highly secure device for your smart home.
Homey can only be accessed by those who have been given access by the owner. The owner can invite and revoke access of others at any time.
Homey talks with many devices on various protocols. It depends on the capabilities of a device if the communication between Homey and the device is secure.
- When you're not at home, Homey always uses a cloud secure connection (HTTPS)
- When you're at home, Homey first tries to use a local secure connection (HTTPS)
- When local TLS does not work, Homey uses a local insecure connection (HTTP)
Note: Some routers block a feature called 'DNS Rebinding'. For a local secure connection to work, this feature must be disabled. We do not advice to do this, but it's something to consider.
Security and updates
With internet-connected devices like Homey, it's always important that they are updated when possible issues come to light. We recognize that responsibility.
We update Homey regularly with new features as well as updated versions of incorporated parts, to make sure your home is safe.
Using Homey as a single, updated, well-maintained controller to control a smart home of local devices via Zigbee, Z-Wave or 433MHz is recognized as the most secure way to manage a smart home, as there's only Homey directly connected to the internet, and its software is well-maintained with an eye for security.
This is not always the case with every water cooker or toaster oven that is directly connected to the internet.