HA·Fleet·Manager
All posts
Privacy · Argument · 6 min read · Denny Ovčar

Why "local stays local" is the best sales argument an integrator has

Home Assistant ties together cameras, door locks, heating, presence data — sometimes medical devices. What the customer actually gets when the house isn't piped into the cloud, and why solo integrators have an argument here that big platforms structurally can't answer.

The question that lands in the living room

It’s the question almost every customer asks at some point, usually in passing, usually over the first coffee after the walk-through: “And where do the camera feeds actually go?”

If you’ve sat through this scene a few times you know what happens next. This is where the job gets decided. Not at the quote. Not at the feature list. Right here. Because behind that question sits a second one the customer rarely says out loud but is very much thinking: “Who can get in there without me noticing?”

Home Assistant isn’t a tinkering project anymore. An average install talks to door locks, knows when the bedroom light goes on, watches the dishwasher’s power draw, tracks who’s in the house through phones, and in some setups even sees medical data — a connected scale, a blood-pressure cuff, glucose readings synced from a partner’s health app. That’s not a device list. That’s a behavioural database.

What “local” actually means

Local doesn’t mean “runs on a box in the basement but quietly streams everything to the cloud anyway”. Local means the camera talks to the HA host on the same subnet. The motion sensor sends its Zigbee message to the coordinator in the living room. The last 48 hours of footage sit on the NVMe in the HA box, not in a datacenter in Virginia. If the upstream router dies, the house keeps running — maybe with rough edges, but it runs. That’s the property that gets quietly underrated in privacy debates: local data isn’t only more private, it’s more resilient.

And more importantly: local data has no second home. No party between the device vendor and a cloud provider ever saw it. No training dataset absorbed it. No data broker resold it. It was never anywhere else.

When you say that out loud — “Your camera footage doesn’t leave the house.” — you can watch shoulders drop. That’s not a marketing trick. That’s the relief of finally getting a clean answer to a question most people have been carrying around for years without putting words to it.

The open port that isn’t

The second thing I like to address early is the port. Classic remote maintenance over VPN or port forwarding always means the same thing: somewhere on the router there’s a door to the outside that’s either open or listens for a knock. Open door means anyone passing can see it. Shodan crawls half the internet looking for exactly those doors. Brute-force bots try passwords for hours without anybody noticing — until the logs fill up, or until it’s too late.

A setup where the HA install exposes nothing outward is, in exactly that sense, undiscoverable. There’s no door to find. The box in the basement only speaks when it has something to say — and only ever to one counterpart, one that the customer knows by name.

This is the point where architecture and sales argument fold into each other. An outbound connection from the customer device to the integrator’s server (rather than the other way around) is technically CGNAT-friendly, which is the obvious property, but it’s also something else: it’s a connection the customer controls. They’re the caller, not the one being called.

The bouncer sits with the customer

Here comes the third point, and to me it’s the one that matters most. In a classic maintenance arrangement — “I’ve still got a VPN credential from way back, let me have a quick look” — the customer has no switch. They don’t know whether the integrator is connected right now. They don’t know whether the employee who originally set the system up — and quit two years ago — was ever fully unprovisioned. They’d have to ask, blind, and trust the answer.

A model where the customer actively opens the door inverts that. There’s a toggle in the interface they open every day anyway. They see: nobody’s connected right now. They see: if I flip this switch, the integrator gets access for a defined window — say twelve hours. After that, the door closes again on its own. And they can pull the plug any time by flipping the toggle back. No call, no email, no asking nicely.

That sounds like a small technical detail. It isn’t. It’s a wholly different basis for trust. The customer isn’t the one who has to believe something anymore. They’re the one who sees the state and decides.

Why the big players can’t say this

This is the argument I keep handing to solo integrators and small smart-home shops: the position is structurally defensible. A large cloud-only platform whose business model is collecting data and turning it into value-add services can’t honestly make the same promise. Not because the people there are bad, but because “data stays with the customer” reads as a deficit in that business model, not a feature.

An integrator who sets up and looks after Home Assistant offers the opposite. They aren’t selling a data model, they’re selling craft. Their business is maintenance and care, not analytics. They can say “Your data stays here” without an asterisk. That’s not nothing. On a market where everybody else needs exactly that asterisk, it’s actually a fair amount.

And the gap is widening. Every new GDPR fine against an American provider, every news cycle about a leaked baby monitor, every TikTok thread about robot vacuums uploading floor plans pushes potential customers toward people who can build this differently. Anybody who has the architecture for it — outbound connection, visible consent, local data — just needs to say so.

A sentence worth rehearsing

I’d argue the best sales conversation contains, somewhere in it, a sentence like this — paraphrased, in your own words. “Your camera footage doesn’t leave your house, and if I need to look in remotely it only happens when you explicitly allow it — and you can see at any moment whether I’m connected.”

Anybody who can say that without lying owns an argument that’s become rare on the consumer market. Anybody who can then show the customer what that switch actually looks like has effectively won the conversation — even against vendors with marketing budgets ten times larger.

The tool has to back the claim up. That’s exactly why HA Fleet Manager is built as an outbound connector architecture, with the toggle sitting on the customer’s side and time-boxed sessions. Not because the engineering is pretty, but because it’s what makes that sentence above sayable in the first place.

DO
Denny Ovčar
Founder · ha-fleet-manager.com
Reply
Share

More from the blog

Soon
A Home Assistant business: can you build a living on open source?

No vendor behind you, forever at the customer site, updates that wreck everything — the three big fears about going pro with Home Assistant. Why WordPress carried exactly the same fears and still spawned an entire service industry.
Soon
CGNAT and Home Assistant — why your port forwarding is about to stop working

If you sit behind Carrier-Grade NAT you no longer have your own public IPv4 — port forwarding silently dies. What CGNAT is, how to spot it, and which remote-access options for Home Assistant still work.