|
Google Nest
Learning Thermostat |
Ecobee Smart
Thermostat Premium |
Amazon Smart
Thermostat |
Mysa Smart
Thermostat |
| Is a user required to create a login/account in order to use this product? |
Yes |
No, but you have to login to use the Ecobee mobile app and web portal. |
Yes. An Amazon account is required for setup. |
Yes, unless using Apple HomeKit, but access to more advanced features are in the Mysa app. |
| Is two-factor authentication available, and if so, is it required? |
Yes/No |
Yes/No |
Yes/No |
No |
| Is a user’s identifying data (such as email addresses or Wi-Fi credentials) encrypted when stored in the cloud? |
Data is encrypted at rest and in transit. |
All traffic is encrypted as it is sent to the cloud and stored in databases. Wi-Fi credentials remain on the device. |
All customer data is stored securely in Amazon’s cloud. |
Email address and account password are encrypted. Wi-Fi info isn’t stored in the cloud. |
| What specific user data does the company collect? |
System info like settings, schedules, and activity for heating, cooling, and fan. User info such as user account, Wi-Fi details, location/address, and language. |
Email address, password, device info (such as settings, schedules and login history, address, and phone number).
Customers can view items by selecting “download your data.” |
The comprehensive list can be found here |
Name, state/province, email address, zip code, electricity rate, and marketing consent. If customer is using a geofence, the latitude and longitude of the fence, as well as a radius, phone system info, and the IP address. |
| Where is that data stored, and what measures are taken to secure it? |
On device and on Google servers. Access is protected by authentication, authorization, and anti-abuse controls. |
In one of three cloud locations, all in North America. Users can opt in to share anonymized data via “Donate Your Data.” |
It does not sell data, but may share it with third parties. |
Encrypted and stored on Amazon Web servers in the North Virginia region. User ID and contact info is separated. Some data is stored in customer.io and access is limited. |
| Do you share customer data with third parties, affiliates, and partners? If so, what and for what purposes? |
Yes, for opt-in utility discount programs (such as Rush Hour Rewards); when a utility (or DERMS) has a demand response event. Customer data is used for energy-savings claims and is aggregated or anonymized. |
No, unless the user has opted to. Ecobee does not sell user data. |
Users are alerted when personal information is to be shared with third parties and are given an opportunity
to opt out. |
Yes, but only with customers’ consent. It may be shared to comply with the law; with subsidiaries and affiliates for operational services; with contractors and service providers, or to protect the rights or property of Mysa or Mysa users. |
| Are customers able to opt out of sharing some or all of their data—and if so, how? |
Yes, customers must opt in to share data. To see what data, Google accounts can go to takeout.google.com; Nest accounts go to mynestdata.nest.com. |
Yes, users can opt out via the Ecobee web portal or mobile app, under “Donate Your Data” in the main menu. |
Control over a variety of permissions can be found here. |
Yes, using an opt-out tool created by the Network Advertising Initiative. |
| If customer data is shared or sold, are customers notified, and are there provisions to secure that data after it has been transferred to a third party? |
Customers opt-in to share data. To access that data, third parties must pass a Google security audit. |
Ecobee does not sell customer information. It is only shared with consent, and is aggregated and anonymized. |
Amazon does not sell user data, but may share it with partners. |
Mysa does not sell customers’ personal Information. If Mysa itself is sold, it will request that user data will be used in accordance with its privacy policy. |
| Does the device or its hub/bridge contain inactive or active but unadvertised hardware? |
No |
Ecobee has some inactive chips and sensors for possible future applications |
No |
Yes, ambient light sensors and a short-range proximity sensor are installed but currently inactive. |
| Does the device or app record or share location data? What is this data used for, and can the user disable this feature? |
No. Customers can choose to enroll in the Home & Away Routines feature or the Home/Away Assist feature, which relies on location data. Users can disable them. |
Only if the user has enabled geofencing, which is required to work. Data is not tracked by Ecobee. |
Yes, but you can delete location history here. |
The app records user location for geofencing. It can be disabled. |
