Kohler’s Dekota toilet camera, launched in October as a $600 health-monitoring device, is facing significant scrutiny over its privacy claims.
The device promises to track gut health, hydration, and other wellness metrics by analyzing bowel contents. However, the investigation reveals the company’s assurances about data protection are misleading.
Kohler prominently advertises “end-to-end encryption” across its website and marketing materials for the Dekota device and accompanying app.
The company’s homepage, product pages, and support documentation repeatedly emphasize this protection as a privacy safeguard.
Major tech media outlets, including CNET, The Verge, and TechCrunch, amplified these claims in coverage of the October launch.
However, confidential communications with Kohler’s privacy team reveal a fundamental disconnect between the company’s marketing language and the actual technical implementation.
The critical issue: Kohler itself retains access to all data collected by users’ devices.
What Kohler Actually Does
Kohler’s application of the term “end-to-end encryption” becomes questionable when examined in the context of the product’s structure.
Traditional E2EE applies to user-to-user communication, yet Kohler Health lacks user-to-user sharing features. This raises an obvious question: what is the second “end” being encrypted?
The company’s response clarified this mystery in emails with their privacy contact. According to Kohler: “Data in transit is encrypted end-to-end, as it travels between the user’s devices and our systems, where it is decrypted and processed to provide our service”.
According to Simon, the company also noted that it “designed our systems and processes to protect identifiable images from access by Kohler Health employees.”
What Kohler describes as E2EE is actually standard HTTPS encryption between app and server, combined with encryption-at-rest basic security practices implemented routinely for over two decades.
This falls far short of actual end-to-end encryption, which would prevent Kohler from accessing data on their own servers.
Data Usage and AI Training
With Kohler retaining access to decrypted data, the question becomes: how is this information used? Company responses indicate purposes extending beyond simple service delivery.
When questioned about encryption practices, Kohler stated, “Our algorithms are trained on de-identified data only.” Users accepting the app’s terms consent to Kohler using collected data for “research, develop, and improve its products and technology, and to de-identify data for lawful purposes.”
The privacy policy further specifies that data may be used “to create aggregated, de-identified and/or anonymised data, which we may use and share with third parties for our lawful business purposes, including to analyse and improve the Kohler Health Platform and our other products and services, to promote our business, and to train our AI and machine learning models.”
While data de-identification provides some protection, Kohler’s mischaracterization of their security practices remains problematic.
Consumers purchasing the device based on “end-to-end encryption” promises receive a fundamentally different privacy model than such terminology suggests. The distinction matters significantly when sensitive health information is involved.
For users concerned about privacy, Kohler’s actual security implementation, while reasonable for typical cloud applications, represents substantially weaker protection than the company’s marketing suggests.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.