Canary Flex Privacy Report

Privacy Rating

6.3

/10

The Canary Flex does a lot of things right when it comes to ensuring its users privacy, from requiring users to use a strong password to pushing regular firmware updates. However, we know for a fact that Canary logs personal data of users, the location of each Canary device they own, payment information, and activity logs. Canary also reserves the right to share those pieces of data with third parties, which is why the Canary Flex received a significant point deduction.

Encryption

In Transit	Yes
At rest?	Yes
All network communications and capabilities?	Yes

Security Updates

Automatic, regular software/ firmware updates?	Yes
Product available to use during updates?	No

Passwords

Mandatory password?	Yes
Two-Factor authentication?	Yes
Multi-Factor authentication?	Yes

Vulnerability Management

Point of contact for reporting vulnerabilities?	security@canary.is
Bug bounty program?	No

Privacy Policy

Link	https://canary.is/legal/privacy-policy/
Specific to device?	No
Readable?	Yes
What data they log	Name, email, address, phone number, location of each piece of equipment, number of people in your home, payment information, username and password, IP address, device activity logs, historic and current product configuration, mobile device ID, device type, operating system, mobile service carrier, location if you activate automatic mode switching, analytics data, cookies, video feeds, audio data, air quality, humidity, temperature, ambient light.
What data they don’t log	N/A
Can you delete your data?	Yes
Third-party sharing policies	Shares information with third parties

Surveillance

Log camera device/ app footage	Yes
Log microphone device/ app	Yes
Location tracking device/ app	Yes if enabled

Parental Controls

Are there parental controls?	No

Company History

Any security breaches/ surveillance issues in past?	No
Did they do anything to fix it?	n/a

Additional Security Features

Anything like privacy shutters, privacy zones, etc.?	No