Privacy Policy

Last updated: April 22, 2026

1. Who We Are

Hungry Machines is operated by Encephalon Labs ("we," "us," or "our"). This Privacy Policy explains what data we collect, why we collect it, and how we protect it. We believe you should understand exactly what happens with your information — no fine print, no surprises.

2. Account Data

When you create a Hungry Machines account, we collect:

  • Email address — used for authentication and account-related communications.
  • Password — stored as a one-way bcrypt hash. We never store or have access to your plaintext password.
  • ZIP code (optional) — used to look up your local time-of-use electricity rates.
  • Home size in square feet (optional) — used to calibrate thermal models for your home.
  • Pricing location — your selected utility rate plan, used to calculate energy costs.
  • Timezone — ensures schedules align with your local time.

3. Sensor Data

If you connect a Home Assistant instance or other client, the integration sends sensor readings to our API approximately every 5 minutes. Each reading includes:

  • Indoor temperature and indoor humidity — from your thermostat or temperature sensor.
  • Outdoor temperature — from your weather sensor or integration.
  • HVAC state — whether your system is heating, cooling, running the fan, or off.
  • Target temperature — the current setpoint on your thermostat.
  • Power consumption (watts) — if available from your equipment.

For multi-appliance users (EV charger, home battery, water heater), we also collect device-specific readings including state, value, power draw, and device metadata.

4. Why We Collect Sensor Data

Sensor data serves one purpose: making your optimization schedules more accurate.

  • Thermal learning — over approximately 14 days, the system builds a per-user thermal model of your home, learning how fast it cools down, heats up, and responds to solar gain. More data means better predictions and greater savings.
  • Schedule generation — nightly optimization uses your recent readings, weather forecast, and electricity prices to generate the next day's appliance schedules.
  • Model refinement — weekly model refitting improves accuracy as seasons change and your home's thermal characteristics shift.

We do not use your sensor data for advertising, profiling, or any purpose unrelated to generating your energy optimization schedules.

5. Comfort Preferences

You set preferences that control how aggressively the system optimizes — including your base temperature, savings level, times you're home and away, and optimization mode. These are stored per-account and used solely to generate schedules that respect your comfort boundaries.

6. Billing Data

If you subscribe to a paid plan, payment processing is handled entirely by Stripe. We do not store your credit card number, bank account details, or other payment credentials on our servers.

We store a Stripe customer ID and subscription ID to track your plan status (free, premium, active, canceled). Stripe's own privacy policy governs how they handle your payment information.

7. Analytics

Our marketing website uses Umami, a privacy-focused analytics tool. Umami does not use cookies, does not collect personal information, and respects Do Not Track (DNT) browser settings. We use it to understand which pages are visited and how visitors find our site — nothing more.

8. Data Storage and Security

  • Account data, sensor readings, thermal models, and schedules are stored in a managed Supabase (PostgreSQL) database.
  • All API communication is encrypted via HTTPS/TLS.
  • Authentication uses JSON Web Tokens (JWT) with HS256 signing.
  • Passwords are hashed with bcrypt — we cannot reverse them.
  • Database access is scoped per user. Every query is filtered by your user ID, and row-level security policies prevent cross-user data access.

9. Data Sharing

We do not sell your data. We share data only with:

  • Supabase — database hosting (your data is stored on their infrastructure).
  • Stripe — payment processing (only if you subscribe to a paid plan).

We do not share sensor data, thermal models, or optimization results with any third party. Your data is never pooled across users — each account's thermal model is built exclusively from that account's own readings.

10. Data Retention

  • Sensor readings are retained as long as your account is active. Historical data improves model accuracy across seasons.
  • Thermal models are recalculated weekly. Previous model snapshots are retained for comparison.
  • Optimization schedules are retained for cost savings tracking and debugging.
  • If you delete your account, all associated data (readings, models, schedules, preferences) is permanently removed via cascading deletion.

11. Your Rights

You have the right to:

  • Access your data — your account dashboard shows your preferences, appliances, and schedules. Contact us for a full data export.
  • Correct your data — update your preferences, appliances, and account details at any time through the API or dashboard.
  • Delete your data — request account deletion and all associated data will be permanently removed.
  • Withdraw consent — you can stop sending sensor data at any time by disconnecting the Home Assistant integration or your custom client.

To exercise any of these rights, contact us at info@hungrymachines.io.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance of the revised policy.

13. Contact

Questions about your privacy or this policy? Reach us at info@hungrymachines.io.