Skip to main content

Privacy Policy

(In force from 20 November 2024)

1. Introduction

Shelly API Integrator connectivity Cloud-to-Cloud API for integration, control and telemetry collection from our devices.
This documentation is intended for third-party integrators who would like to monitor and control Shelly devices connected to our cloud systems.
It allows centralized streaming of status data from many Shelly accounts to a single point for data ingest. Basic control over the devices is also possible.

When users interact with Shelly API Integrator, Shelly Europe Ltd. processes their data as detailed herein, ensuring compliance with applicable data protection laws like the European Union’s GDPR.

2. Controller

The data controller for Shelly API Integrator is Shelly Europe Ltd., UIC: 202320104.
Registered Address:
51 Cherni Vruh Blvd., Sofia, Bulgaria

3. Personal Data

Personal data refers to any information that identifies or could identify a natural person, as defined under GDPR. Examples include:

  • Name
  • Identification number
  • Location data
  • Online identifiers

4. Data Subject

The data subject under this policy is any registered user of the Shelly API Integrator service, categorized as either an Admin User or Account User.

5. Data Protection Officer

For inquiries about the processing of personal data, contact the Data Protection Officer:
Email: dpo@shelly.com

6. About the Shelly API Integrator Service

Integrator API is a Cloud-to-Cloud connectivity API for integration, control, and telemetry collection from our devices.
It allows centralized streaming of status data from many Shelly accounts to a single point for data ingest.
Basic control over the devices is also possible.

7. Types of Personal Data That We Process for the Provision of the Service

7.1 Account Data

We process data such as:

  • Email address
  • Name
  • Company name
  • Phone number

Purpose: Ensure secure service access, communication, and support.

7.2 Device Data & Service Usage

Collected data includes:

  • Shelly device identifiers
  • Network/server credentials
  • Terminal device information (IP addresses, OS version)

Purpose: Enable device control, user interaction tracking, and system diagnostics.

Includes personalized marketing emails and push notifications.
Users can withdraw consent anytime via their account settings.

8. Cross-Border Data Transfers

Data is processed primarily in Bulgaria, EU.
For providers outside the EU, measures like Standard Contractual Clauses (SCCs) ensure compliance with GDPR.

9. Retention of Data

Data retention depends on:

  • Contractual obligations: Retained while the account is active.
  • Consent: Data deleted upon withdrawal of consent.
  • Legal compliance: Retention per statutory requirements.

10. The Service User’s Rights as Data Subject

10.1 Right to Access

Users may request a free copy of their personal data.

10.2 Right to Rectification

Users may correct inaccurate information through their account or by contacting support.

10.3 Right to Erasure (Right to be Forgotten)

Users may delete their account (if there is such) and associated data via account settings.

11. Information Security Measures

We employ technical, contractual, and organizational measures to protect user data against unauthorized access.
Regular reviews ensure system security compliance.

12. Privacy Policy Updates

This Privacy Policy is subject to updates.
Users are notified of changes via email or on the platform.

13. Further Information

For additional queries, contact us at: dpo@shelly.com