TOMMY

Privacy Policy

Privacy policy for TOMMY

Data Collection Practices

TOMMY does not maintain marketing lists, require marketing opt-ins, or operate analytics or behavioral-usage databases. The only data we store on our license servers is the minimal information required to enforce your license, such as your license key, a machine identifier, the number of active zones, and the timestamps of license checks. This data is used solely for license activation and validation, never for marketing or profiling. The optional Online Coordination service for device discovery (described under Network Communication below) stores nothing to disk; it holds only your server's local address (e.g. 192.168.1.100:8547) briefly in memory. Additional data may be collected by our third-party service providers, Paddle and Keygen, as described below.

Third-Party Service Providers

Paddle Inc.

Purchase transactions are processed by Paddle Inc., our payment processor and reseller. Paddle collects minimal user information necessary to complete transactions. For comprehensive details about Paddle's data collection and privacy practices, please review Paddle's Privacy Policy.

Keygen LLC

License management and activation services are provided by Keygen LLC. Keygen stores only your email address as personally identifiable information. To understand how Keygen handles your data, please consult their privacy policy at https://keygen.sh/privacy/.

Network Communication

TOMMY runs on your own hardware, and all sensing data flows peer to peer on your local network. TOMMY needs an active internet connection for two things.

License verification. TOMMY verifies your license when it starts and periodically while running.

Online Coordination (optional). Your TOMMY server registers its local network address (e.g. 192.168.1.100:8547) with our coordination service so your devices can find it using a pairing code and establish a direct local connection. This helps in setups where mDNS doesn't reach across the network, or where the server and devices don't have fixed addresses for manual setup. It is enabled by default and can be disabled in the dashboard under Settings > Discovery.

The fields transmitted in each case are listed below.

License activation and validation

The server communicates with https://activation.tommysense.com. Only the fields listed below are transmitted. We never collect or transmit any sensing data. These fields are used solely for license enforcement.

During activation (when you activate or add a license key):

  • License key: The license key you are activating
  • Existing license key: The license key already on this device, if any (used for consolidation)
  • Machine fingerprint: A non-personal per-machine identifier
  • App version: The version of TOMMY you are running

On application start (when TOMMY starts up, and again if it reconnects to the license server):

  • Previous machine ID: The machine ID previously assigned on a prior run. Used to request that the activation server releases the old claim on the license if it is stale
  • Machine fingerprint: A non-personal per-machine identifier
  • License key: Your license key
  • App version: The version of TOMMY you are running
  • Active zones: The number of zones currently in use

Heartbeat (periodically while the application is running):

  • Machine ID: The per-machine identifier assigned by the activation server when your device was registered
  • License key: Your license key
  • App version: The version of TOMMY you are running
  • Active zones: The number of zones currently in use

On application stop (when TOMMY shuts down):

  • Machine ID: The per-machine identifier assigned by the activation server when your device was registered. Sent so the server releases this device's claim on the license

Online Coordination (optional)

Your TOMMY server and devices use our coordination service at https://coordination.tommysense.com. The server registers its local network address (e.g. 192.168.1.100:8547) so your devices can find it using a pairing code and establish a direct local connection. This helps in setups where mDNS doesn't reach across the network, or where the server and devices don't have fixed addresses for manual setup. It is enabled by default and can be disabled in the dashboard under Settings > Discovery. Only the metadata listed below is transmitted.

From the TOMMY server (registers so devices can find it):

  • Pairing code: The code that links your devices to your server
  • Role: server
  • Local addresses: The server's local network IP address(es) and port, used to establish a direct connection

From each device:

  • As of version 5.3.0, devices look up the server using the pairing code only. No device identifier, MAC address, or device IP is transmitted to the coordination service.
  • On versions before 5.3.0, devices still transmit a MAC-derived identifier (e.g. esp32-<mac>) and their local IP address. The coordination server now ignores and never stores device registrations. Updating to 5.3.0 stops the device sending it entirely.

The server's entry is held in memory on the coordination server only while registered; it expires about 90 seconds after the server stops heartbeating, and is lost if the coordination service restarts. The coordination server does not store device entries.

All other operations occur locally on your network without external data transmission. We run a Network Bounty Program that rewards anyone who finds an undocumented external connection. Findings are fixed and published.

Terms and Conditions

Previous Page

Refund Policy

Next Page

On this page

Data Collection PracticesThird-Party Service ProvidersPaddle Inc.Keygen LLCNetwork Communication