Privacy Policy

1. Data Controller

The data controller for these apps is:

KiezelPay B.V. (Netherlands) acts as an independent data controller — not a data processor — for payment and license data. We do not instruct KiezelPay on how to process your data; they operate under their own privacy policy.

2. Introduction

This privacy policy covers two related apps developed by Xoens ApS:

• Samsung TV Remote — a Garmin smartwatch app (Connect IQ) that lets you control your Samsung TV from your wrist
• TV Command Hub — an Android companion app that relays commands from the watch to your TV over your local network

Both apps are designed with a privacy-first approach. We do not operate any servers that store your personal data. The only diagnostic data we receive is anonymous crash reports from the TV Command Hub Android app via Google Firebase (see section 6) — this is used solely to fix bugs and is not linked to your identity.

Questions? Contact us at support@xoens.dk.

3. What Data We Collect

Data stored locally on your devices

The following data is stored only on your own devices and never sent to us:

• TV IP address — stored on your phone to connect to your TV
• Samsung TV authentication token — stored on your phone after you approve the connection on your TV
• TV name — a label you choose, stored on your phone
• App preferences — color settings and mode preferences, stored on your watch via Garmin Connect

What we do NOT collect

• No email addresses or account registration
• No TV viewing history or content data
• No Samsung TV authentication tokens (stored only on your phone)
• No Wi-Fi network names (SSIDs) or Wi-Fi credentials
• No Garmin watch pairing data or health/fitness data
• No location or GPS data
• No voice recordings or audio data
• No advertisements, ad identifiers, or advertising SDKs
• No behavioral profiling or cross-app tracking

See section 6 for the limited diagnostic data the Android companion app sends to Google Firebase for crash reporting.

4. How the Apps Communicate

All communication stays within your local home network:

• Watch → Phone: Commands are sent via Bluetooth Low Energy (BLE) through the Garmin Connect app on your phone
• Phone → TV: Commands are forwarded over your local Wi-Fi network via WebSocket (port 8002) directly to your Samsung TV

No TV control data leaves your home network. No cloud servers are involved in controlling your TV, and no internet connection is required for TV control itself. An internet connection is used only for the initial app download, KiezelPay license verification (Garmin watch app), and — in the TV Command Hub Android app — sending anonymous crash reports to Google Firebase if the app crashes or encounters an error (see section 6).

5. App Permissions

The apps request the following device permissions and why:

TV Command Hub (Android)

• Internet: To communicate with your Samsung TV over your local Wi-Fi network and for KiezelPay license verification
• Bluetooth: To receive commands from your Garmin watch via the Garmin Connect app
• Foreground Service: To keep the TV connection alive while the app is in the background, so your watch remote works without opening the phone app
• Network State / Wi-Fi State: To detect whether your phone is connected to the same Wi-Fi network as your TV
• Notifications: To show a persistent notification while the service is running (required by Android for background services)
• Boot Completed: Optional — to automatically restart the service after your phone reboots, if enabled in settings

Samsung TV Remote (Garmin)

• Communications: To send commands to the companion app on your phone via Bluetooth
• Background: Required by KiezelPay for license verification

6. Third-Party Services

KiezelPay (License & Payment)

The Garmin watch app uses KiezelPay for license management. This is the only service that processes personal data in connection with our apps:

• What KiezelPay collects: Garmin device identifier, transaction records (purchase date, amount, license status), and your IP address during license verification
• When: The app contacts KiezelPay's servers periodically to verify your license status. This requires an active internet connection on your paired phone.
• Trial: The app offers a 24-hour free trial with full functionality. After the trial, a one-time purchase is required.
• Refunds: Refunds are handled by KiezelPay within their 30-day refund window. Contact KiezelPay directly for refund requests.
• Legal basis (GDPR): This data processing is necessary for contract performance (Article 6(1)(b) GDPR) — i.e., to fulfill your purchase and verify your license.
• We do not receive or store your payment details (credit card, PayPal, etc.).

See KiezelPay's Privacy Policy for full details on their data handling.

Garmin Connect

The watch app runs on the Garmin Connect IQ platform. Garmin may collect device and usage data per their own privacy policy when you install or use Connect IQ apps. See Garmin's Privacy Policy.

Google Play Store

The companion app is distributed via Google Play. Google may collect data per their privacy policy when you install the app. See Google's Privacy Policy.

Google Firebase — Crashlytics & Analytics (TV Command Hub Android app only)

The TV Command Hub Android companion app uses Google Firebase Crashlytics and Firebase Analytics to help us identify and fix bugs and understand how the app is used. Neither service is used by the Samsung TV Remote Garmin watch app.

Firebase Crashlytics automatically collects and sends the following when the app crashes or when a handled error occurs (for example, a Samsung TV WebSocket failure or a Garmin SDK error):

• The stack trace and exception details of the crash or error
• Device manufacturer (e.g. "Samsung"), device model (e.g. "SM-S918B"), and Android SDK version
• App version name
• For Samsung TV connection failures: the local IP address of your TV on your home network (e.g. 192.168.x.x), the HTTP response code, and the reconnect attempt counter. This local IP is only meaningful within your home network and is attached so we can diagnose connection failures.
• For Garmin SDK errors: the Garmin SDK error status code, the Garmin app ID (a fixed identifier of the watch app, not of you), and the friendly name of your paired Garmin watch (e.g. "fenix 7")
• A Firebase installation ID (IID), which is a pseudonymous identifier generated by Firebase. It is not linked to your Google account, email, or any personal identifier held by us.

Firebase Analytics collects default automatic events only (app opens, session starts, session data). We do not add custom analytics events. Firebase Analytics may access the Android Advertising ID for aggregated usage counting. We do not read the advertising ID directly in our code and we do not use it for advertising or marketing — we display no ads in this app. You can reset or delete the advertising ID at any time via Android Settings → Privacy → Ads.

Crashlytics data collection is disabled in debug builds and is only active in the release build published to Google Play.

Legal basis (GDPR): Legitimate interests (Article 6(1)(f) GDPR) — specifically, our legitimate interest in diagnosing crashes and maintaining the stability and security of the app. You have the right to object to this processing under Article 21 GDPR (see section 10).

Data controller / processor: Xoens ApS is the data controller. Google Ireland Limited acts as our data processor for Firebase services. Data may be transferred to Google servers in the United States under the EU-US Data Privacy Framework and/or Standard Contractual Clauses.

Opt-out: You can stop Firebase crash and analytics collection for this app at any time by uninstalling the app, or by clearing its data via Android Settings → Apps → TV Command Hub → Clear Data. An in-app toggle to disable Firebase collection may be added in a future release.

See Firebase's Privacy and Security Information and Google's Privacy Policy for details on how Google processes this data.

Apart from Firebase Crashlytics and Firebase Analytics in the TV Command Hub Android app (as described above), we do not use any advertising SDKs or tracking technologies. The Xoens website itself and the Samsung TV Remote Garmin watch app do not use Firebase.

7. Legal Basis for Processing (GDPR)

Under the EU General Data Protection Regulation (GDPR), we rely on the following legal bases:

• Contract performance (Article 6(1)(b)): KiezelPay license verification is necessary to fulfill the purchase agreement
• Legitimate interests (Article 6(1)(f)): Local device storage (TV IP, token) is necessary for the app to function

We do not rely on consent for any data processing, as we do not collect optional personal data.

8. Data Retention

• Local device data: TV IP, token, and preferences are stored on your devices until you uninstall the apps or clear app data
• KiezelPay data: Transaction and license records are retained by KiezelPay per their retention policy. We do not have access to this data.
• Firebase Crashlytics: Crash reports are retained by Google for up to 90 days per Firebase's default retention policy.
• Firebase Analytics: Event and user data is retained for 2 months (Firebase default). We only view aggregated analytics data via the Firebase console.
• Our servers: We do not operate any servers that store your personal data.

9. No Advertising or Profiling

• No advertisements in either app
• No behavioral profiling or tracking
• No data sold to third parties
• No cross-app tracking

10. Your Rights (GDPR)

Under GDPR, you have the following rights regarding your personal data:

• Right of access (Article 15): Request information about what data is processed
• Right to rectification (Article 16): Request correction of inaccurate data
• Right to erasure (Article 17): Request deletion of your data
• Right to restriction (Article 18): Request limited processing
• Right to data portability (Article 20): Receive your data in a portable format
• Right to object (Article 21): Object to processing based on legitimate interests (such as Firebase crash and diagnostic collection — see section 6)
• Right to lodge a complaint: Complain to your national supervisory authority (for Denmark, Datatilsynet — address below)

How to exercise these rights in practice — the process depends on which category of data you are asking about, because we hold different categories under different identifiers:

Website data (contact form, any support emails, cookies)

If you have contacted us by email or via the website, we can identify your data by your email address. Email support@xoens.dk from the same address and we will action your request within 30 days.

Firebase crash and diagnostic data (TV Command Hub Android app)

For the anonymous crash reports and diagnostics described in section 6, we do not hold your name, email, Google account, or any other directly identifying information. The only identifier attached to this data is the Firebase Installation ID (FID) — a pseudonymous identifier that Firebase generates per app install. Because we cannot link an FID to a person, we do not operate a manual deletion workflow for this data. Instead, deletion happens automatically, and you can trigger it yourself:

• Automatic deletion: All Firebase crash and diagnostic data for this app is automatically deleted within 90 days (Crashlytics default retention). No action is required on your part — old data expires on its own.
• Erasure by uninstall and reinstall: Uninstalling the app and reinstalling it causes Firebase to generate a new Installation ID. The old FID is no longer associated with your device and its records expire within 90 days.
• Erasure by clearing app data: Android Settings → Apps → TV Command Hub → Storage → Clear Data also rotates the FID and stops further collection until you re-open the app.

Because we hold no identifier that can link Firebase records to you as a person, we cannot fulfil access, portability, or restriction requests for this data — we physically cannot locate only your records within the aggregated data. The auto-deletion timeline above is the practical equivalent of erasure.

KiezelPay license and transaction data

KiezelPay is an independent data controller (see section 1). Contact KiezelPay directly to exercise your rights over purchase and license data they hold.

Supervisory authority

If you are in the EU, you have the right to lodge a complaint with your national data protection authority. For Denmark, where Xoens ApS is established, the competent authority is:

11. International Data Transfers

Xoens ApS itself does not operate servers that store personal data. All TV control communication happens locally on your home network. Diagnostic data from the TV Command Hub Android app is sent directly from your device to Google Firebase and is not routed through any Xoens server.

Third-party services connected to our apps may process data internationally:

• KiezelPay B.V. is based in the Netherlands (EU). Their servers and payment processors may operate in other jurisdictions. See their privacy policy for transfer safeguards.
• Garmin International is based in the United States. Garmin Connect may transfer data to the US under their own data transfer mechanisms.
• Google LLC / Google Ireland Limited is based in the United States and Ireland. Google Play, Firebase Crashlytics, and Firebase Analytics may transfer data to the US under the EU-US Data Privacy Framework and/or Standard Contractual Clauses.

We have no control over these third-party transfers and are not responsible for their data handling practices beyond our processor agreement with Google for Firebase services.

12. Children's Privacy

These apps are general-purpose TV remote controls and are not directed at children under 13. We do not knowingly collect personal data from children under 13, and the limited Firebase crash and diagnostic data described in section 6 is not linked to any individual or age. If you believe a child has used the app and you want the corresponding Firebase Installation ID deleted, follow the steps in section 10.

13. Security

• TV communication uses secure WebSocket (WSS) with token-based authentication
• Your TV must explicitly approve the connection before commands are accepted
• All communication stays on your local network
• No data is transmitted over the internet (except KiezelPay license checks)

14. Samsung TV Disclaimer

Samsung TV Remote and TV Command Hub are unofficial third-party applications. They are not developed, endorsed, or affiliated with Samsung Electronics. "Samsung" is a trademark of Samsung Electronics Co., Ltd. These apps use Samsung TV's local network API which may be affected by TV firmware updates.

15. Policy Changes

We may update this policy if we add new features that affect data handling. The "Last updated" date at the top will reflect any changes. Since we do not collect email addresses, we cannot notify you directly — please check this page periodically.

16. Contact Us

For privacy questions:

• Email: support@xoens.dk
• Company: Xoens ApS
• Location: Vanløse, Copenhagen, Denmark
• CVR: 46225430

We will respond to privacy inquiries within 30 days.