Security

Habzeno treats privacy and security as product requirements, not polish. For Nexop, that starts with a simple rule: do not collect data we do not need, and do not move home data off the local device by default.

This page is not a warranty or audit report. It is a practical summary of the security posture for the Nexop website and the direction of the product as it moves toward launch.

Nexop is being built so routine learning, smart-home device state, occupancy context, and automation logic run locally on hardware the customer controls. The product is not designed around cloud accounts, ad profiles, or centralized home telemetry.

Some optional features may need external services in the future, such as update delivery, support diagnostics, integrations, or checkout. Where that happens, we will document the data involved and keep the flow as narrow as possible.

The Nexop website is hosted on managed infrastructure and uses HTTPS. Form submissions are processed through managed backend services and email systems so we can handle newsletter signups, contact requests, and demo scheduling without running a broad custom account system.

We use hidden anti-spam fields and submission timing to reduce abuse. We do not ask for passwords, router credentials, payment cards, or smart-home secrets through the contact or newsletter forms.

The website stores only the information needed for the action you take, such as an email address for launch updates or a message so we can reply. We avoid ad pixels and tracking cookies, and we keep website analytics focused on aggregate product and site measurement.

• Keep your home router, Home Assistant instance, and smart-home devices updated.
• Use strong unique passwords and multi-factor authentication where available.
• Do not expose local smart-home dashboards directly to the public internet.
• Review any automation that controls locks, alarms, appliances, or safety-relevant devices.
• Keep certified safety devices and manual controls in place for emergencies.

If you believe you found a security issue in the Nexop website, product materials, or launch infrastructure, email contact@habzeno.com with the subject "Nexop security disclosure".

Please include a clear description, affected URL or component, steps to reproduce, impact, and any relevant screenshots or logs. Do not include secrets, personal data, or third-party data unless necessary to explain the issue.

We ask researchers to act in good faith and avoid harm while reporting issues. Do not access, modify, delete, or exfiltrate data that is not yours. Do not perform denial-of-service testing, social engineering, physical attacks, spam, phishing, or attacks against third-party providers.

If you accidentally access data that is not yours, stop immediately, do not save or share it, and include only the minimum detail needed for us to investigate.

We aim to acknowledge credible security reports promptly, investigate based on severity, and provide updates where practical. We do not currently operate a paid bug bounty program.

We may update this page as Nexop matures, product architecture changes, or security practices evolve. The date at the top shows when this page was last updated.