Privacy Policy – CSI Home

Last update: [December 4th, 2025]

This Privacy Policy describes how the CSI Home skill (hereafter “the Skill”), developed and managed by Centro Sicurezza Italia SPA (hereafter “CSISPA”), collects, uses, stores and protects user data during its use through Google Assistant / Google Home.

1. Data collected

During the use of the Skill, only the following technical data are collected and stored:

Control panel UID: an identifier necessary to associate the user’s control panel with the service.
System functions: names of system components used to operate functions on CSI systems.
OAuth tokens and refresh tokens: used to authenticate the user, enable authorized access to the control panel, and keep the secure connection active between Google Assistant and CSISPA systems.

No other personal data are collected or stored, such as: voice data, location data, or personal information not strictly necessary for the Skill to function.

2. Purpose of data processing

The collected data are used exclusively for:

Secure authentication of the user;
Associating the control panel with the user’s Google account through the Skill;
Enabling the execution of voice commands via Google Assistant;
Maintaining a secure and active connection between the user and the control panel.

The data are not used for marketing, analytics, profiling, or advertising purposes.

3. Authorizations and user consent

To operate correctly, the Skill requires the following authorizations:

User OAuth authorization: required to link the user’s account with the CSISPA service. The user can revoke this authorization at any time from the “Linked Accounts” section of their Google profile.
Access to the associated control panel data: limited exclusively to the functionalities provided by the Skill (e.g. checking status or performing allowed commands).

No additional access is performed without explicit consent or outside the intended use of the Skill.

4. Data security and HTTPS/TLS connections

All communications between Google Assistant, the Skill and CSISPA systems are protected through HTTPS/TLS and AES protocols, ensuring:

Encryption of data transmitted through the Skill;
Additional AES encryption for communication with CSI systems;
Integrity of transmitted content.

Data stored in CSISPA systems are protected with adequate technical and organizational measures, including:

Restricted access to authorized personnel only;
Secure storage on protected servers.

5. Data retention

Data are stored only for the time strictly necessary to ensure the proper functioning of the Skill.

When the user revokes OAuth access or disconnects the Skill from their Google account, all associated data (control panel UID and authentication tokens) are securely deleted from the Skill's systems.

No sensitive data are stored such as: email addresses, phone numbers, identifiers, or CSI system access codes.

6. Data sharing

CSISPA does not sell, share, or transfer user data to third parties.

Data are not shared with commercial partners, advertisers, or external systems, except in cases required by law or by legitimate requests from competent authorities.

7. User rights

The user may at any time:

Revoke Skill access through the “Linked Accounts” section of their Google account;
Request information about the processing of their data;
Request data deletion as described below.

7.1 Data deletion request

To request deletion of data associated with the Skill (specifically, control panel UID and related authentication tokens), the user must send an email to: info@csispa.it.

The request must clearly include:

The control panel UID for which data deletion is requested;
Any additional information useful to identify the associated account.

CSISPA will handle the request and delete the data within the timeframes required by applicable regulations, confirming the deletion to the user.

8. Contacts

For privacy questions, data deletion requests or further information, you may contact:

Centro Sicurezza Italia SPA

Email: info@csispa.it

Website: www.csispa.it