Privacy Policy

Last updated date: Jun. 2026

This Privacy Policy (referred to as "this Policy") applies to all products, applications, websites, and services (referred to as "Products and/or Services") that reference or link to this Policy, provided by SYNLAN TECHNOLOGY PTE. LTD. (referred to as "we", "our", or "us" in this Policy). Please read this Policy carefully before using our Products and Services so that you can understand how we handle your personal data. Important contents related to sensitive personal data and your personal data rights are highlighted in bold; please pay particular attention to these.

The Country/Region-Specific Addendum (referred to as "Local Privacy Notice") is a supplementary explanation of this Policy according to applicable local laws and constitutes an integral part of this Policy. The Local Privacy Notice shall prevail in the event of any conflict with the main body of this Policy. Anything not specifically covered shall be subject to the latter.

If a particular product or service provides a separate privacy policy, or if we explain how a specific product or service collects and handles your personal data through instant notification, feature update instructions, and/or other appropriate means (collectively, "Product-Specific Privacy Notice"), the Product-Specific Privacy Notice shall prevail; anything not specifically covered shall be subject to this Policy.

In this Policy, "personal information" and "personal data" have the same meaning, referring to various information related to an identified or identifiable natural person recorded electronically or by other means, but not including anonymized information.

 

1. About Us

Depending on your location, the entity responsible for handling your personal data (acting as "Data Controller" or other equivalent concept defined by applicable laws) is:

• For users in the United States: SYNLAN TECHNOLOGY PTE. LTD. (Registered Address: 7 TEMASEK BOULEVARD #29-01D SUNTEC TOWER ONE SINGAPORE (038987), Registration Number 202034306W)
• For users in other locations (excluding Mainland China): SYNLAN TECHNOLOGY PTE. LTD. (Registered Address: 8 MARINA VIEW #42-092 ASIA SQUARE TOWER 1 SINGAPORE (018960), Registration Number 202034306W)

To provide you with Products and/or Services, your personal data may be processed by our affiliates or third parties. You can read more about this in Section 4.

 

2. How We Collect and Use Your Personal Data

How We Collect Your Personal Data

When using our Products and/or Services, we may collect your personal data. Depending on the product or service you use, different types of data will be collected. We handle your personal data in accordance with applicable laws, only when necessary to provide you with our Products and/or Services, only with a justified reason, in good faith, and only for the purposes described in this Policy (including the Local Privacy Notice) and any Product-Specific Privacy Notice.

When providing you with Products and/or Services, we may also collect and aggregate statistics, such as application downloads, product sales, feature usage counts, and specific event trigger counts, to understand how our Products and/or Services are used. For the purposes of this Policy, such statistics are not regarded as personal data. We will endeavor to isolate your personal data from non-personally identifiable information and use the two separately. However, if we combine non-personally identifiable information with personal data, the combined information will be treated and protected as personal data for as long as it remains combined.

The types of personal data we may collect are:

Personal Data You Provide to Us

• Account Information. For example, account ID (email address), verification code, and profile information such as nickname.

• Contact Information. For example, your name, email address, and phone number.

• Home and Device Configuration. For example, room or zone names, device names, groupings, scenes, schedules, and automation rules you create.

• User Content for Lighting Effect Generation. Voice commands and images you submit to generate lighting effects (see "AI Lighting Effect Generation" below for how this sensitive data is handled).

• Support and Communication Information. For example, interactions when you contact us.

• Other Information You Provide to Us. For example, content you upload to cloud storage for quick access and synchronization across devices.

If you provide us with another person's personal data, you must comply with applicable laws, including obtaining the prior consent of the data subject or relying on another legal basis stipulated by applicable laws.

Personal Data We Collect During Your Use of Products and Services

• Device Information. For example, device serial number, model, firmware/system version and type, device activation time, and device clock information (region, time zone).

• Device State and Control Data. For example, power on/off state, brightness, color temperature, color, active scene or lighting effect, and the control commands you issue. This data is used to execute control and synchronize device state.

• Connectivity Data. Wi-Fi provisioning and connection status, network request information, transfer metadata (not the content of your communications), and Matter/Thread local pairing and commissioning information.

• Application Information. For example, application name and version.

• Log Information. For example, IP address, network request information, and error/crash information.

Data Generated by the Service

• AI-Generated Lighting Content. Lighting effects, color palettes, and scene configurations generated from your voice or image input. The voice and image inputs themselves are not retained (see "AI Lighting Effect Generation").

How We Use Your Personal Data

We use your personal data only on a legal basis. Depending on applicable laws, we may rely on one of the following: your consent; performance of a contract between you and us; compliance with a legal obligation; protection of the vital interests of you or others; or our legitimate interests. Without limiting the foregoing, we may use your personal data to:

• Deliver the product or service you have requested, such as device activation, verification, network provisioning, device control, state synchronization, lighting effect generation, pre-sales consultation, technical support, and after-sales service.
• Notify you of operating system, firmware, or application updates and installations.
• Conduct promotional activities to the extent permitted by applicable laws. If you no longer wish to receive certain promotional materials, you may opt out by the method provided in the message (such as the unsubscribe link at the bottom of an email), unless otherwise required by applicable law.
• Conduct internal audit, data analysis, and research to analyze operational efficiency and improve our Products and/or Services.

• Fulfill obligations stipulated by applicable laws.

• Other purposes disclosed in a Product-Specific Privacy Notice.

Below are more detailed examples of how we use your information (which may include personal data):

Account Registration/Login. When registering or logging in, to verify your identity you may provide us with your email address (as your account ID) and a verification code. You need to log in to enjoy certain features, but not logging in does not affect your use of the device's basic functions.

Device Control (IoT Cloud). When you control your device through our application or cloud service, we transmit your control commands and synchronize device state in order to execute the requested action and reflect the current status across your devices and linked services.

Local Control (Matter / Thread). When you control your device locally over Matter within your home network, control commands are transmitted directly between devices on your local network and do not pass through our cloud servers; such data is not collected or stored by us. Local control data is managed within your home network environment and by your chosen Matter controller (such as a smart speaker or hub).

AI Lighting Effect Generation. When you generate a lighting effect using a voice command or an uploaded image, the relevant voice or image content is transmitted, as instructed by you, to a third-party AI service provider in order to generate the corresponding lighting effect. This input is used solely to fulfill your request and is deleted immediately after the lighting effect is generated. Neither we nor the third-party AI service provider cache, retain, back up, or use this voice or image input to train AI/ML models. Please be aware that the generated result is produced by a third-party AI service as instructed by you, and we take no liability for your access to or use of such third-party AI services.

User Feedback. When submitting feedback, we may collect your device serial number, operating system version, and application version. You may also need to provide your email address (as your account ID) to confirm your identity. To process your feedback, we may request further details, contact you using the information you provided, and keep records for problem-solving and service improvement.

Security Maintenance. When using our Products and/or Services, we may collect device information to maintain safe operation, quality, and efficiency. Such information may include device serial number, firmware version, user account and identification code, device activation time, and device usage update time. The serial number is used to distinguish the uniqueness of the device; the other items are necessary for providing services, updating the operating system, and installing applications.

 

3. How We Use Cookies and Similar Technologies

We may use cookies, pixel tags, web beacons, and other local storage technologies on our websites, mobile apps, online services, emails, and advertisements. Information collected through these technologies is generally regarded as non-personal data. However, if local laws treat IP addresses or similar identifiers as personal data, we will treat them as personal data. Where we combine non-personal data collected through these technologies with personal data, we will treat the combined data as personal data.

A cookie is a text file created by a web server and stored on a computer or mobile device. Its content can only be retrieved or read by the server that created it. Cookies are unique to the browser or application you are using and usually contain identifiers, site names, numbers, and characters.

Cookies may be used to improve user experience, including:

1. Necessary cookies: login and verification (helping you navigate between pages without re-logging in), and storage of your preferences and settings (such as language, font size, and browsing preferences).

2. Analysis cookies: statistical analysis of how you use our websites and apps, including recording a single visit (session cookie) or multiple visits (persistent cookie).

3. Advertisement cookies: collecting information about your online activities to deliver more relevant advertisements.

You can manage or delete cookies based on your own preferences. Most web browsers allow you to clear or block cookies; for details, contact your browser provider. If you clear cookies, you may need to change your settings on each visit. Please note that some services may require cookies, and disabling them may affect all or part of those services.

In addition to cookies, we may use other similar technologies such as web beacons and pixel tags, which help us identify your device and understand whether an email has been opened. Our third-party partners may use such technologies to analyze service usage and provide more relevant content and advertisements.

 

4. How We Entrust, Share, Transfer, and Disclose Your Personal Data

Entrusting

We may entrust other companies to process your personal data on our behalf, for example to provide hotline support, send emails, or provide technical support. Such companies may only use your personal data to provide services on our behalf. We will enter into strict data processing agreements with the entrusted party as required by applicable laws, and the entrusted party must process your personal data in accordance with such agreements and take necessary measures to ensure its security.

Sharing

Sharing refers to providing personal data to other controllers, where both parties can independently determine the purposes and means of processing. We will not share your personal data with external parties, except in the following cases:

•Sharing with consent: After obtaining your consent in accordance with applicable laws, we will share your personal data within the scope of your authorization with third parties designated by you.

• Sharing under statutory circumstances: We may share your personal data in accordance with applicable laws, dispute resolution requirements, and/or lawful requests from administrative or judicial authorities.

• Sharing with our affiliates and/or business partners: Where necessary to provide the Products and/or Services you have requested, we may share your personal data with affiliates and/or business partners, only for legitimate, appropriate, necessary, specific, and definite purposes. Before sharing, we will conduct a security assessment and sign strict data-sharing agreements as required by applicable laws.

Third-Party Integrations and Cloud-to-Cloud Connections

If you choose to enable an integration or link your account with a third-party service, we will exchange certain data with that third party as instructed by you in order to provide the requested functionality. We share such data only when: (i) you have actively enabled the integration and completed the authorization/linking process; (ii) the scope of sharing is limited to what is necessary to provide the feature and is controlled by your settings; and (iii) you may disconnect or disable the integration at any time to stop future sharing. Disabling an integration does not automatically delete data already shared with the third party, which will be governed by that third party's privacy practices.

Google Home Integration (Cloud-to-Cloud). When you link your device to Google Home, we exchange data with Google through OAuth account linking in order to synchronize device state and execute control commands initiated by you or by Google Assistant. The data shared is limited to device identifiers, device capabilities, device state, and control commands. Data processed through this integration is used solely to execute device control and is not used for advertising or to train AI/ML models.

Amazon Alexa Integration (Smart Home Skill). When you enable our Alexa skill and complete account linking through Login with Amazon, we exchange device identifiers, device state, and control commands with Amazon in order to support voice and app-based control. The data shared is limited to what is necessary to provide this feature. You may stop future sharing at any time by disabling the skill in the Alexa app.

Transfer

In the event of a merger, division, dissolution, bankruptcy, or other circumstance requiring the transfer of your personal data, we will inform you of the name and contact information of the recipient as required by applicable laws, and require the recipient to continue to protect your personal data in accordance with this Policy. Any change to the original purposes or means of processing by the recipient shall be subject to your consent as required by applicable laws.

Public Disclosure

We may publicly disclose your personal data only: (1) after obtaining your consent; (2) to comply with obligations, procedures, or requirements stipulated by applicable laws; or (3) in other circumstances permitted by applicable laws.

 

5. How We Protect Your Personal Data

We take administrative, technical, and physical measures to protect your information. However, no security measure can guarantee absolute safety. If you believe your information has been compromised, please contact us immediately. Examples of measures we undertake include:

1. Securing the premises housing the information systems used to process personal data against uncontrolled access.
2. Using technical means such as encryption and anonymization to protect information.
3. Limiting the list of persons authorized to access systems where personal data is processed.
4. Identifying threats to the security of personal data during processing.
   
5. Assessing the effectiveness of security measures.
6. Detecting unauthorized access and taking appropriate measures to mitigate its effects.
7. Taking all practicable measures to restore personal data modified or destroyed as a result of unauthorized access.
8. Establishing an emergency plan for personal data breaches, including notification and disclosure mechanisms.
9. Monitoring the measures taken and the level of protection of personal data information systems.
10. Establishing access rules and recording processing actions performed on personal data in our systems.
11. Maintaining and regularly updating records of data processing activities.

 

6. How We Store Your Personal Data

We retain your personal data only for the period necessary to fulfill the purposes described in this Policy and/or a Product-Specific Privacy Notice, unless otherwise stipulated by applicable laws. We will cease to retain and will delete or anonymize personal data once the purpose of collection is fulfilled, after we confirm your request for erasure or account cancellation, or after we terminate operation of the corresponding product or service. In deciding retention periods, we may consider: the purpose of processing; the volume, nature, and sensitivity of the data; the risk of harm from unauthorized use or disclosure; our legal obligations to retain records; our legitimate interests; and minimum retention periods stipulated by applicable laws and regulatory requirements.

 

7. Your Rights

Legislation in certain countries and regions may grant data subjects certain rights over personal data, such as the rights to be informed and to make decisions about processing, and the rights to access, duplicate, transfer, rectify, supplement, and delete personal data. We fully respect your data subject rights. Generally, you may manage your personal data directly through the functions of our Products and/or Services. You can also submit requests to exercise your data subject rights ("requests") to us in accordance with applicable laws. You may read more about your rights and the country/region-specific channels for submitting requests in the Local Privacy Notice.

Requests must be submitted in writing through the channels specified in this Policy and/or a Product-Specific Privacy Notice, unless otherwise provided by applicable laws. Requests made through other channels may not be accepted. After receiving your request, we may ask you to provide additional information to verify your identity; if you refuse or the information is insufficient, we may be unable to respond.

Generally, we will make an initial response within 15 working days of receiving your request and fulfill it within the period stipulated by applicable laws. We may refuse or only partially respond to a request where an exemption applies or where otherwise entitled under applicable laws—for example, where a request is manifestly unfounded or excessive, would cause us to violate contractual or legal obligations, or would cause disproportionate harm to us or third parties. In some circumstances, we may charge a fee where permitted under applicable laws.

 

8. How We Handle Personal Data of Minors

We do not target our Products and/or Services to minors. If you are a guardian and believe that a person under your guardianship has provided us with personal data, please contact us via the channels in Section 12 so that such data can be deleted promptly.

 

9. Links to Third-Party Products and/or Services

Our Products and/or Services may contain links to third-party websites, products, and/or services that we do not control and that are not subject to this Policy. Before submitting personal data to third parties, please read their privacy policies.

 

10. How Your Personal Data Is Transferred Globally

To provide the Products and/or Services you have requested, we may need to transfer your personal data to our affiliates or business partners located in other countries/regions. Those jurisdictions may not protect personal data to the same standard as your own, but we will meet the cross-border transfer requirements of applicable laws—for example, by signing data transfer agreements with recipients and conducting risk assessments—to ensure the level of protection guaranteed by applicable laws and this Policy is not undermined.

In particular:

• For users in the United States: SYNLAN TECHNOLOGY PTE. LTD. (Registered Address: 7 TEMASEK BOULEVARD #29-01D SUNTEC TOWER ONE SINGAPORE (038987), Registration Number 202034306W)
• For users in other locations (excluding Mainland China): SYNLAN TECHNOLOGY PTE. LTD. (Registered Address: 8 MARINA VIEW #42-092 ASIA SQUARE TOWER 1 SINGAPORE (018960), Registration Number 202034306W)

 

11. How We Update This Policy

We review this Policy periodically based on changes in applicable laws, business, and technology, and may update it. If we make a material change, we will notify you via the device, application, and/or other suitable means so that you can learn what information we collect and how we use it. Such changes apply from the effective date specified in the notice. We encourage you to check this page regularly. Your continued use of the Products and/or Services will be deemed an acknowledgement of the updated Policy. We will ask for your explicit consent when we collect additional personal data or use or disclose your personal data for new purposes.

 

12. How to Contact Us

If you have any comments or questions about this Policy, or about our collection, use, or disclosure of your personal data, please contact us via support@nurmina.ai, the "Feedback" function in the application, and/or the methods listed in the Local Privacy Notice.

We will fulfill your request within the period stipulated by applicable laws, generally making an initial response within 15 working days of receipt unless otherwise provided. If your question involves a significant issue, we may ask for more information. If you are not satisfied with our response regarding your personal data, you may submit a complaint to the relevant data protection authority in your jurisdiction.

 

Country-Specific Addendum for the US

Various states provide specific rights to their residents regarding personal information, including allowing consumers to opt out of certain sharing of their data.

Your Choices About Our Collection, Use, and Disclosure of Your Information

We strive to provide you with choices regarding the personal information you provide to us.

Promotion. If you do not want us to use your email address to promote our Products and/or Services, you can opt out by the method provided in the message (such as the unsubscribe link at the bottom of an email), or by emailing us at support@nurmina.ai.

• To change information we collect through the Products and/or Services, please email support@nurmina.ai.

• You may opt out of future communications at any time by the method provided in the message.

We do not control third parties' collection or use of your information to serve interest-based advertising. However, these third parties may provide ways to opt out. You can opt out of targeted ads from members of the Network Advertising Initiative ("NAI") on the NAI's website.

Your Rights Regarding Your Personal Information

Depending on where you reside in the US, your state may have enacted privacy laws (e.g., as of the date of this Policy, California, Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Montana, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah, and Virginia) that allow you to request that we:

• Disclose the sources, categories, and specific pieces of personal information we have collected about you, how it is used, and with whom we share it;
• Disclose the purpose for collecting personal information;
• Disclose the categories of third parties with whom we share personal information;
• Delete, rectify, or restrict your personal information, subject to applicable exceptions.