Security
What happens at home stays at home. The security of your home is at the forefront of what we do.
How zendō communicates with Home Assistant
The zendō app establishes a direct connection with your Home Assistant without passing through our servers.
The app connects using HTTPS and requires a valid certificate:
- A valid certificate ensures the app is talking to your actual home
- Encryption is enabled so no one else can intercept what’s going on in your home
Upon app opening, zendō establishes a websocket connection to your Home Assistant, to listen for status changes and send commands.
When using location-based automations, requests are made using the Home Assistant REST APIs, which are also encrypted for added security.
Authentication
During the initial installation of the app, you’ll need to login to your Home Assistant via browser using your username and password. Once zendō is activated, it generates an authentication token for each device you add or any invitation link you send.
The device-specific tokens are managed within the app. Deleting a device or cancelling an invitation immediately deletes the corresponding tokens, effectively denying access.
Using multiple access tokens ensures the highest level of privacy and security for your Home Assistant when using zendō.
Your own Home Assistant authentication token is stored encrypted on your phone/tablet.