Chipolo ONE

Chipolo ONE

Chipolo
Bluetooth

Fecha de la reseña: 1 de noviembre de 2023

|
|

Mozilla dice

|
La gente votó: Muy siniestro

If you're forgetful, spacy, or just anxious you're going to lose something, trackers are great. Plop one of these little, colorful trackers in your bag, car, or favorite hoodie and keep track of it through the Bluetooth on your phone and the Chipolo app up to 60 meters around you. Because its a close-range tracker, it works best for things you want to keep near you and take with you -- like your wallet or keys. And hey! It fits on a keyring. There's even a wallet-friendly one shaped like a card called, appropriately, the Chipolo CARD. How handy. Yay for never (well, probably not never) losing anything ever again. How is Chipolo at privacy...well, they are OK, but they do share your data for advertising purposes, so, yeah.

¿Qué podría pasar si algo falla?

The original Chipolo ONE was designed to keep track of things at close range -- about 60m (or 200 feet) away. That's the length of a hockey rink, in case you were wondering. So if you lose something in your house, or even your backyard, you should definitely be able to find it with a Chipolo ONE tag. Unless you live in a very very large house -- in which case you can probably just buy another one. Because bluetooth trackers don't leverage a huge network to find your stuff, they don't raise the same privacy concerns -- that they could be used to track people's movements -- that other trackers do, like AirTags and Chipolo's AirTag alternative, the Chipolo ONE Spot.

As for Chipolo's privacy practices, they're just OK. They may share some of your personal information, including name and device IDs with third parties like advertisers Google, Facebook, TikTok, and Rakuten for advertising purposes. They also indicate they may use your location information to provide you with personalized offers with your explicit consent. Another thing we don't like to see is that Chipolo says they "... may also release your information as permitted by law, such as to comply with a subpoena, or when we believe that release is appropriate to comply with the law; ... respond to a government request." We really wish they'd have a higher bar for sharing with law enforcment that just a "request" . One cool thing is that it seems like Chipolo extends the rights afforded by Europe’s stronger privacy law, GDPR, to all its users, so it seems everyone can delete their data no matter where they live. We do like to see that.

So what’s the worst that could happen? Well, you are sharing a lot of location data with Chipolo. And that data can be used in lots of ways you might not like -- to track you, to learn about your habits, by law enforcement to see if you've visited a reproductive health clinic -- and so that data is out there in the world. You hope Chipolo does a good job of protecting it, but as they themselves say in their privacy policy, "Although we make good faith efforts to store the information collected on the Service in a secure operating environment that is not available to the public, we cannot guarantee the absolute security of that information during its transmission or its storage on our systems. Further, while we attempt to ensure the integrity and security of our network and systems, we cannot guarantee that our security measures will prevent third-party "hackers" from illegally obtaining access to this information. We do not warrant or represent that your information will be protected against, loss, misuse, or alteration by third parties. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, we cannot guarantee its absolute security." This is a good reminder folks, nothing is absolutely secure so be careful out there!

Consejos para protegerte

- Check the tips on how to know if someone is tracking you without your consent.
- Do not sign up with third-party accounts. Better just log in with email and strong password.
- Chose a strong password! You may use a password control tool like 1Password, KeePass etc
- Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless neccessary)
- Keep your app regularly updated
- Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
- Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data.
- When starting a sign-up, do not agree to tracking of your data if possible."

  • mobile

¿Me puede espiar? Información

Cámara

Dispositivo: No

Aplicación:

Micrófono

Dispositivo: No

Aplicación: No

Rastrea la ubicación

Dispositivo:

Aplicación:

¿Qué se puede usar para registrarse?

You can register for the use of services by manually creating a Chipolo account or by using an existing third party account, such as Apple, Google or Facebook, to create one.

¿Qué datos recopila la empresa?

¿Cómo utiliza la empresa estos datos?

We ding this product for sharing personal data for advertising partners for their own advertising purposes.

Privacy Policy

"We may share your data (including Personal Information) with our affiliates or Data Processing Partners, which are: <...>
Third Party Advertising Providers
Google Ads
Facebook
TikTok
Microsoft Advertising
Rakuten...

This list may change from time to time. We may share information that can be used to personally identify your device (e.g. persistent identifiers such as IDFA, IDFV, advertising ID and IP address) for the purposes of delivering our Services, displaying advertisements, conducting analysis and research and for measuring our Data Processing Partners’ advertising campaign performance.

The privacy policies of Data Processing Partners may include additional terms and disclosures regarding their data collection and use practices and tracking technologies, and we encourage you to check those privacy policies to learn more about their data collection and use practices, use of cookies and other similar tracking technologies.

We cannot guarantee that the Data Processing Partners will adhere to the contractual obligations or acceptable business practices. We strive to protect the information provided to our Data Processing Partners. We have no direct control over their use of the collected information. Therefore you acknowledge that we are not liable for any third-party privacy breach and that our liability for Data Processing Partners is limited to the amount we are able to receive as indemnification from Data Processing Partners."

"Although we make good faith efforts to store the information collected on the Service in a secure operating environment that is not available to the public, we cannot guarantee the absolute security of that information during its transmission or its storage on our systems. Further, while we attempt to ensure the integrity and security of our network and systems, we cannot guarantee that our security measures will prevent third-party "hackers" from illegally obtaining access to this information. We do not warrant or represent that your information will be protected against, loss, misuse, or alteration by third parties. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, we cannot guarantee its absolute security."

"Location Information ...
While the app is running on your device, it periodically transmits your Location Information (even while running in the background). This allows us to show you, on your map, the last place your Chipolo was seen by your device. It is one of the primary ways Chipolo helps you find your lost items.

We may also collect and update location information for your Chipolo(s) "anonymously" (i.e., we will not disclose your identity to the other user and not disclose the other user's identity to you) from other Chipolo users who are running the app within Bluetooth range of your device. We do this to provide you with the most recent and accurate location of your Chipolos, even if they are out of your devices’ Bluetooth range. The Location Information associated with your Chipolo(s) is never made available to these users.

If you use a computer, phone, or other device in relation to the Services, we use the IP address of that computer or device to determine an approximate location (only to the country level). We do this so that we can provide you with a better, more-personal experience.

We may also use your Location Information to promote the Services or provide you with personalized offers if you agree to such usage with separate consents. However, your Location Information is never shared with other users unless you choose to share it yourself through the use of the sharing features part of our Services."

"We use information collected through our Service for purposes described in this Privacy Policy or disclosed to you in connection with our Service. For example, we may use your information to: ...
Deliver marketing and promotional information:
Communicate with you about our offers, promotions, rewards, upcoming events, and other news about our Services and products only upon your explicit consent.

For statistical and research purposes:
We will anonymize your data and use them for our legitimate interests of processing Personal Information for research purposes, including market research, better understanding of our respective customers, and tailoring our respective products and Services to their needs;
Sharing aggregated data with business partners."

"Activity Recognition (Physical Activity and Health Data)
Chipolo app uses activity recognition (physical activity recognition) features on your phone to help with triggering the Out of Range Alerts and to help keep the Chipolo app running in the background. In terms of Out of Range Alerts, this data is used to reduce the number of false alerts and to reduce the latency of the alerts. Chipolo app never stores or sends your health data (collected via the activity recognition mechanisms on your mobile device) to the Chipolo servers or any 3rd party services. In other words - your health data collected via the Chipolo app never leaves your mobile device and we never see or process this data."

¿Cómo puedes controlar el uso de tus datos?

Privacy Policy

"You have the following rights in relation to your personal information, which you can exercise by writing to the following address [email protected]:
To request access to your personal information and information related to our use and processing of your personal information;
To request the correction or deletion of your personal information;
To request that we restrict our use of your personal information if technically viable;
To receive personal information which you have provided to us in a structured, commonly used and machine-readable format (e.g. an Excel spreadsheet) and the right to have that personal information transferred to another data controller (including a third party data controller);
To object to the processing of your personal information for certain purposes (for further information, see the section below entitled “Your right to object to the processing of your personal information for certain purposes”);
To withdraw your consent to our use of your personal information at any time where we rely on your consent to use or process that personal information. If you withdraw your consent, this will not affect the lawfulness of our use and processing of your personal information on the basis of your consent before the point in time when you withdraw your consent."

"We retain your information:
For as long as you have not deleted your account;
For any legal obligation to continue to process your information, such as any record-keeping and tax obligations imposed by applicable law or whether we have any legal basis to continue to process your personal information, such as your consent;
To retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
As indicated above we will store your information for no longer than necessary. When information is no longer needed, we shall delete it using reasonable measures to protect the information from unauthorized access or use."

¿Qué historial tiene la compañía en cuanto a la protección de los datos de los usuarios?

Promedio

No known incidents in the last 3 years.

Información sobre privacidad infantil

Privacy Policy

"Our policy regarding children

We do not knowingly collect or solicit personal information from or direct or target interest based advertising to anyone under the age of fourteen (14) or knowingly allow such persons to use our Services. If you are under 14, please do not send any information about yourself to us, including your name, address, telephone number, or email address. No one under the age of 14 may provide any Personal Information. In the event that we learn that we have collected personal information from a child under age 14, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under the age of 14, please contact us at [email protected]."

¿El producto se puede usar sin conexión?

Bluetooth connection is still required to use the device.

¿La información de privacidad es fácil de entender?

Enlaces a información de privacidad

¿El producto cumple nuestros estándares mínimos de seguridad? Información

Cifrado

A security researcher says that Chipolo app is using static keys, which is weak. (https://blog.d204n6.com/2020/08/ios-chipolo-app-research-and-encrypted.html) According to the company, the physical devices (Chipolos) "communicate with the owner's phone via a Bluetooth Low Energy connection and they don't use any extra encryption except what is already provided by the Bluetooth Low Energy's transport layer. There are, however, no personal information included in this communication - it is basically just a mechanism for the app to detect if a specific Chipolo is nearby and to make it ring on demand. Our apps use TLS for encrypting data in transit to the servers."

Contraseña fuerte

"Only our mobile apps require users to login. We don't require a password if people use their Google, Facebook or Apple account to sign in (and we encourage this way of logging in due to simplicity). We do basic checks for password strength when people decide to use a login with a password."

Actualizaciones de seguridad

The latest Chipolo devices does not have a firmware update mechanism. The Chipolo app has regular updates.

Gestiona las vulnerabilidades

Manage security vulnerabilities. Bug bounty is in the process of creation. "We can easily be reached via our support channels at support.chipolo.net or via our privacy email - [email protected]."

Política de privacidad

¿El producto usa IA? Información

No

*Privacidad no incluida

Profundiza más

Comentarios

¿Tienes algún comentario? Queremos escucharte.