Device metadata (eg. model, battery status, features)

User interaction logs (on/off, patterns, intensity)

Session logs (duration, connected devices, authorized user)

Error telemetry/debugging require for each session (opt-in)

Explicit consent for metadata collection at registration or device pairing

Session logs and usage stats default to disabled opt-in required for each session

No recording or analysis of audio, video, or biometric data

No persistent identifiers from BLE (eg. MAC address, serial port)

GDPR/CCPA-compliant data access and deletion endpoints required

Deletion request must wipe all telemetry and logs associated with user/device

Telemetry and pairing logs are deleted automatically after 30 days unless extended with consent

Explicit opt-in for any telemetry

Consent must be revocable at any time via app or API

All endpoints log consent state at time of interaction