Talk to us
Talk to us

Documentation

Certifications, user manuals, compliance, safety standards, and cybersecurity.

Certifications

Controller PLUS

Controller

CE DoC =>link PDF
CE LVD VoC =>link PDF
CE RED VoC =>link PDF
CB LVD =>link PDF
UKCA DoC =>link PDF
UKCA LVD VoC =>link PDF
UKCA RED VoC =>link PDF
SAA =>link PDF
UL588/CSA22.2#37 =>link PDF
ETL webpage =>link PDF

Adapter

CE DoC adapter
UKCA DoC adapter
BS 1363-1 DoC adapter
UL1310 DoC adapter
SAA DoC adapter

Controller MAX – PLC

Controller

CE DoC =>link PDF
CE LVD VoC =>link PDF
CB LVD =>link PDF
UKCA DoC =>link PDF
UKCA LVD VoC =>link PDF
SAA =>link PDF

Adapter

CE DoC adapter
UKCA DoC adapter
BS 1363-1 DoC adapter
UL8750 DoC adapter
SAA DoC adapter

Controller MAX – SPI

Controller

CE DoC =>link PDF
CE LVD VoC =>link PDF
CB LVD =>link PDF
UKCA DoC =>link PDF
UKCA LVD VoC =>link PDF
SAA =>link PDF

Adapter

CE DoC adapter
UKCA DoC adapter
BS 1363-1 DoC adapter
UL8750 DoC adapter
SAA DoC adapter

String Lights PLUS & MAX

CE DoC =>link PDF
CE LVD VoC =>link PDF
CB LVD =>link PDF
UKCA DoC =>link PDF
UKCA LVD VoC =>link PDF
UL588 =>link PDF

Lightwall

Controller & Lights

CE DoC =>link PDF
CE LVD VoC =>link PDF
CE RED VoC =>link PDF
CB LVD =>link PDF
UKCA DoC =>link PDF
UKCA LVD VoC =>link PDF
UKCA RED VoC =>link PDF
SAA =>link PDF
UL588/CSA22.2#37 =>link PDF
ETL webpage =>link PDF

Adapter

CE DoC adapter
UKCA DoC adapter
BS 1363-1 DoC adapter
UL1310 DoC adapter
SAA DoC adapter

Music Dongle

CE DoC =>link PDF
CE LVD VoC =>link PDF
CE RED VoC =>link PDF
CB LVD =>link PDF
UKCA DoC =>link PDF
UKCA LVD VoC =>link PDF
UKCA RED VoC =>link PDF
SAA =>link PDF
UL62368-1 + C22.2#62368-1 =>link PDF
ETL webpage =>link PDF

Manuals

Controller PLUS

Use this text to answer questions in as much detail as possible for your customers.

Controller MAX – PLC

Use this text to answer questions in as much detail as possible for your customers.

Controller MAX – SPI

Use this text to answer questions in as much detail as possible for your customers.

String Lights PLUS & MAX

Use this text to answer questions in as much detail as possible for your customers.

Lightwall

Use this text to answer questions in as much detail as possible for your customers.

Music Dongle

Use this text to answer questions in as much detail as possible for your customers.

European Data Act

Information on Twinkly Pro Connected Products

In accordance with the European Data Act (Regulation EU 2023/2854), Illucere S.r.l. dba Twinkly Pro provides the following mandatory information regarding its connected Twinkly Pro smart lighting devices.

What type of data is stored?

Twinkly Pro devices and associated app collect and process the following data types.

Device metadata:

  • MAC address
  • Firmware version
  • Model (internal product code)
  • Active LEDs
  • Groups of devices
  • Mapping information

User profile:

  • User e-mail address
  • Twinkly Pro account information
  • Creation date and last access
  • User locale and region
  • User-generated content
  • List of light effects
  • Custom configurations
  • Content sharing informations

The data is stored in a structured, commonly-used, machine-readable format (typically JSON). The device does not generate data continuously. The generation of data may occur in real time as a result of user interaction (e.g. via Twinkly Pro App or voice assistants) or as a result of scheduled operations (timers or playlists).

The volume of data generated by the product, excluding content files, depends on its use and configuration (number of effects, devices, groups, etc.) and may range approximately from 1KB to 10MB.

Where is this data stored?

Depending on the type of data:

  • Certain data is stored locally on your device (e.g. personal effects, downloaded effects, layouts)
  • Other data may be stored on Twinkly Pro’s secure servers to support app functionality and user account management

Data comes directly from the device and from the Twinkly Pro App services that enable its functionality and may be stored locally in the user's device and/or in Twinkly Pro servers, depending on the data processed. The retention period for user data is outlined in our Privacy Policy.

How can I view, share, or delete my data?

Users may access the data generated by their device or request its deletion submitting a request through the Help Center.

At the user’s explicit and documented request, Illucere S.r.l. will enable data sharing with a designated third party, in accordance with Article 5 of the Data Act. Sharing will only occur with user consent or upon user direction, and only for lawful, specified purposes.

On request, all available data will be provided via email in JSON format, supporting data portability and sharing. Information about terms of use, service quality, speed, reliability, and support is available on our Help Center.

Illucere S.r.l. is the holder of trade secrets contained in the data that is accessible from the connected Twinkly Pro devices or generated during the provision of the Twinkly Pro App.

Users have the right to lodge a complaint alleging an infringement of any of the provisions of Chapter II of the Data Act with the competent authority designated. 

Identification System for Packaging Materials

Pictograms List of the Twinkly Pro Products

(Commission Decision 97/129/EC)

TWDJxxxx

TWPLUSxxx / TWPROxxx / TWPLCxxx

TMD01USB

AGEC Law

‘QCE’ information relate the environment provisions: 'QCE’ questionnaire (link)

Cybersecurity

Vulnerability Disclosure Policy

Introduction

Illucere S.r.l., a leading company in smart decorative lighting, has been attentive to IoT security issues since the inception of its operations.

For this reason, we have drafted a page summarizing our rights and responsibilities in this area.

This vulnerability disclosure policy applies to any vulnerabilities you are considering reporting to us (the "Organisation").

We recommend reading this vulnerability disclosure policy fully before you report a vulnerability and always acting in compliance with it. We value those who take the time and effort to report security vulnerabilities according to this policy. However, we do not offer monetary rewards for vulnerability disclosures.

Reporting

If you believe you have found a security vulnerability, please submit your report to us using the following link: [https://help.twinkly.com/hc/en-gb/requests/new]

In your report please include details of:

  • The website, IP or page where the vulnerability can be observed.
  • A brief description of the type of vulnerability, for example; “XSS vulnerability”.
  • Steps to reproduce. These should be a benign, non-destructive, proof of concept. This helps to ensure that the report can be triaged quickly and accurately. It also reduces the likelihood of duplicate reports, or malicious exploitation of some vulnerabilities, such as sub-domain takeovers.

What to expect

After you have submitted your report, we will respond to your report within 5 working days and aim to triage your report within 10 working days. We’ll also aim to keep you informed of our progress.

Priority for remediation is assessed by looking at the impact, severity and exploit complexity. Vulnerability reports might take some time to triage or address.

You are welcome to enquire on the status but should avoid doing so more than once every 14 days. This allows our teams to focus on the remediation. We will notify you when the reported vulnerability is remediated, and you may be invited to confirm that the solution covers the vulnerability adequately. Once your vulnerability has been resolved, we welcome requests to disclose your report. We’d like to unify guidance to affected users, so please do continue to coordinate public release with us.

Guidance

You must NOT:

  • Break any applicable law or regulations.
  • Access unnecessary, excessive or significant amounts of data.
  • Modify data in the Organisation's systems or services.
  • Use high-intensity invasive or destructive scanning tools to find vulnerabilities.
  • Attempt or report any form of denial of service, e.g. overwhelming a service with a high volume of requests.
  • Disrupt the Organisation's services or systems.

Submit reports detailing non-exploitable vulnerabilities, or reports indicating that the services do not fully align with “best practice”, for example missing security headers.

  • Submit reports detailing TLS configuration weaknesses, for example “weak” cipher suite support or the presence of TLS1.0 support.
  • Communicate any vulnerabilities or associated details other than by means described in the published security.txt.
  • Social engineer, ‘phish’ or physically attack the Organisation's staff or infrastructure.
  • Demand financial compensation in order to disclose any vulnerabilities.

You must always comply with data protection rules and must not violate the privacy of the Organisation’s users, staff, contractors, services or systems.

You must not, for example, share, redistribute or fail to properly secure data retrieved from the systems or services. Securely delete all data retrieved during your research as soon as it is no longer required or within 1 month of the vulnerability being resolved, whichever occurs first (or as otherwise required by data protection law).

Legalities

This policy is designed to be compatible with common vulnerability disclosure good practice.

It does not give you permission to act in any manner that is inconsistent with the law, or which might cause the Organisation or partner organisations to be in breach of any legal obligations.

Support Period

Illucere S.r.l. is committed to managing ticket support for various components until no later than what is stated by the manufacturer (Espressif) of the Wi-Fi / BT module on which all Twinkly Pro devices are based.

A detailed roadmap is as follows: https://www.espressif.com/en/products/longevity-commitment 

All the following models utilizing  ESP32-WROVER32-E have a support period until: January 1st, 2028:

  • TWPLUSxxxxxx-xx
  • TWDJxxxxxx-xx

The official Twinkly  Pro iOS / Android  application shall provide support for security-related matters until January 1st, 2033.

PSTI Certification

Below it is possible to download the VoC regarding the PSTI normative issued by Intertek:

PSTI VoC
UK PSTI – Connectable Devices Statement of Compliance

Security Advisories

This page lists all product security advisories for Twinkly Pro.

Each entry summarizes the issue, the products affected, and links to the full advisory.