Last updated: [27th Jan, 2026]
Applies to: Repenic Zigbee 3.0 Smart Dimmers, Repenic Wi-Fi Smart Thermostats
Repenic is committed to ensuring that consumer connectable products supplied to the UK market comply with the requirements of the Product Security and Telecommunications Infrastructure Act 2022 (PSTI) and the Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023.
This page describes how Repenic smart products are designed, supported, and maintained in line with these requirements.
This statement applies to the following Repenic products supplied to UK consumers, trade partners, designers, and distribution channels:
These products are consumer connectable products under UK PSTI legislation.
Repenic products do not contain any default usernames or default passwords.
Zigbee smart dimmers do not expose any local user accounts, login interfaces, or password-based access mechanisms.
Wi-Fi smart thermostats do not implement device-level default credentials.
This design complies with the PSTI requirement prohibiting universal or default passwords.
Repenic does not operate its own smart home control platform, cloud service, or gateway.
Remote control of Repenic smart products is performed via third-party platforms and mobile applications selected by the end user (for example, Zigbee hubs or Tuya-compatible applications).
Any user account registration, authentication requirements, password policies, or credential management are implemented and enforced by the relevant third-party platform provider.
Repenic selects and supports platform integrations that require user account registration and authentication as part of their normal operation, and monitors relevant platform changes where they may impact product security.
Repenic smart products support:
Remote control via compatible mobile applications, through hubs or cloud services chosen by the user.
Local manual control, allowing essential functionality to remain available independently of remote access.
Repenic devices do not provide unsecured local network interfaces such as open web interfaces or default-access services.
For the products listed on this page, Repenic provides security updates for a minimum of five (5) years from the date the product is first placed on the UK market (1st Nov, 2025).
Security updates may include:
Firmware updates addressing identified security vulnerabilities
Mitigation measures or configuration guidance where appropriate
Firmware updates are delivered using a Repenic-provided firmware update utility application.
The application connects to the device locally via Bluetooth after the user manually places the device into pairing mode.
The application does not require user account registration, does not use passwords, and does not provide remote access, cloud services, or ongoing device control.
The application is used solely for the purpose of installing firmware updates.
Firmware updates are delivered via Tuya-compatible mobile applications and update infrastructure.
The availability and installation of updates may depend on the user’s chosen platform, device connectivity, and network configuration.
Repenic supports responsible disclosure of security vulnerabilities.
Security vulnerabilities may be reported to:
Email:
security@repenic.co.uk
Please include, where possible:
Product model and version
Description of the issue
Any relevant information to assist investigation
Repenic will acknowledge receipt of vulnerability reports within a reasonable time.
Where appropriate, Repenic will assess reported issues and provide:
A firmware update, or
Mitigation guidance or other corrective actions.
Repenic acts as the manufacturer of the physical hardware products described on this page.
Third-party mobile applications, cloud services, gateways, and platform infrastructure used to operate Repenic products are provided and managed independently by their respective providers. Repenic does not control the internal security architecture, account management, or authentication policies of these third-party services.
Repenic monitors relevant changes to supported platform security requirements and assesses their potential impact on product security compliance.
Based on the design, implementation, and support measures described above, Repenic considers the products listed on this page to be compliant with the applicable security requirements of UK PSTI legislation at the time of supply.
This statement is provided in support of Repenic’s obligations under UK product security law.
For security-related enquiries or questions regarding this statement:
Email: security@repenic.co.uk
