HearthPilot
Type "every night at 11, if everyone's asleep, lock up and set Night mode" — and HearthPilot drafts an editable automation, grounded in the real devices in your house, for you to approve (in beta). One AI-first iPhone app across 110+ premium brands HomeKit ignores: Lutron, Navien, SPAN, Pentair, Hikvision, Vestaboard, and the rest.
And it runs on your hardware, not our cloud. Your credentials live only on a Mac, NAS, or Pi you own — we run no server that can read them, so there's nothing to subpoena.
What it does
Today: capability dashboards that roll up every brand you own, Scenes you run with a tap, and whole-home Modes — all typed, never spoken (no microphone, no recording, no always-listening layer). Rolling out in beta: an AI you can ask in plain English, and an Automation Author that turns a sentence into an editable routine you approve. Real screens from the TestFlight beta — the kind of detail you can't fake with mockups.
110+ brands integrated 12 dashboards 1 safety gate 0 telemetry
Every system at a glance. Scenes, lights on, indoor temp, device count, mode grid.
Scenes the brain understands — run them, schedule them. In beta: ask for new ones in plain English.
Pressure, temperature, leaks, water heaters, pool chemistry — five vendors, one view.
Per-circuit consumption, monthly trends, category breakdowns. Live from your panel.
Hikvision, DoorBird, Luma — every camera, every PTZ, in one grid. Tap once.
Seven more dashboards not shown here: Climate · Network · Pets · Audio · Activity · Rooms · Settings. Every adapter you have, in the tab your hand reaches for.
The pitch
You spent twenty years assembling the home of your life. Lutron in the walls, hydronic floors in the slab, a Navien cascade in the mechanical room, a Vestaboard in the foyer, a Pentair on the pool, a SPAN behind the meter. Twenty manufacturer apps, each convinced it's the center of the universe. None of them talk. HomeKit ignores the half you care about.
You don't want to become a Home Assistant sysadmin. You don't want a Crestron programmer's phone number. You want the gear you already paid for to act like one house.
What it pilots
Three layers, most-recognized to most-niche. 110+ brands are integrated today — water heaters, smart panels, heated floors, pro cameras, pool controllers — the kind of gear no other app touches. The green dot marks the ones already running live in the founder's own home.
Already running.
Why HearthPilot
01
The headline feature, rolling out in beta: tell the Automation Author what you want in a sentence and it composes an editable Trigger or Mode, grounded in the real capabilities of your house — no rule editor, no scripting. You review every step and approve it before anything is saved. In the same beta wave: ask the brain a plain-English question and get a grounded answer or a previewed plan.
Plain-English authoring · you approve every step
02
We ship LAN-native integrations for Lutron LEAP, Navien NaviLink, Schluter Ditra-Heat, RTI XP processors, SPAN panels, WattBox UPS systems, and the long tail of installer-class hardware HomeKit and Matter ignore. 110+ are built today, every one rolled up by capability so a brand you pair shows up on the right dashboard automatically — and new ones land every week.
110+ integrations · capability-unified
03
The Brain runs on hardware you own and encrypts every vendor credential at rest with a key derived from your household master key. The only copy of that root key lives in your iCloud Keychain — Apple end-to-end encrypted, which we can't read. We run no server in your data path, so there's no Schalliol database to seize and nothing to subpoena.
Zero staff access · Self-hosted by design
Privacy by architecture
Your credentials never leave hardware you own. The HearthPilot Brain — a small Node.js runtime — runs on your Mac, NAS, or Pi. It encrypts every vendor credential at rest with a key derived from your household master key. Schalliol Automation operates no server that stores or can read those credentials.
The only copy of your root key is in your iCloud Keychain. Apple encrypts iCloud Keychain end-to-end; we can't read it. Your Brain's working key is derived from it on demand and held in memory only.
Nothing to subpoena. Because we run no server in your data path, there's no Schalliol-held database, credential store, or log of your home for a subpoena to reach. (Honest limit: anyone with physical access to your powered-on, unlocked Brain hardware can read its working memory — the same caveat that applies to any computer in your home.)
One gate stands between the AI and your locks. Every high-consequence action — unlock a door, disarm security, open a water valve, ignite a gas fireplace — routes through a single safety gate on your Brain that no AI plan can bypass. Whether a step comes from a tap, a Scene, or an AI-drafted automation, it's held for your explicit confirmation. The AI proposes; you approve.
The AI sees names, not your home. Room association sends only device and room names to Anthropic's API — never device state, credentials, IPs, or telemetry — and you can turn it off entirely in Settings. The app requests no microphone or camera permission; there is no always-listening layer.
How it ships
v1 is self-hosted: the app is free during beta, and the Brain runs on hardware you already own. We'll set pricing before v1.0 based on what the beta tells us.
App
Free during beta
The AI-first iPhone app: capability dashboards, Scenes, whole-home Modes, and AI room association across every brand you connect — with plain-English Ask and the Automation Author rolling out in beta. No microphone, no camera, zero telemetry.
Brain
Runs on your hardware
A small Node.js runtime on your own Mac, NAS, or Pi. Holds your encrypted credentials, runs the premium-gear integrations, and keeps your home off any Schalliol server. Mac primary; NAS in beta.
Your keys
In your iCloud Keychain
The household root key lives only in your iCloud Keychain — Apple end-to-end encrypted. The Brain's working key is derived on demand and held in memory only. We never see it.
Planned · not yet shipped
Everything below is on the roadmap — none of it ships in v1, and none of it is live today. We're listing it so you know where HearthPilot is headed, not describing what runs now.
Planned
Hosted Brain
A Schalliol-operated option for households without their own always-on hardware. Candidate pricing around $19/mo or $190/yr — a planning estimate, not a live price. Until it ships, v1 is self-hosted only.
Planned
Attested enclave
The hosted option's planned design runs the LLM-intent path inside an attested confidential-compute enclave (AWS Nitro) with a published, independently verifiable binary hash — the pattern Apple uses for Private Cloud Compute. Not built yet.
Planned
Hub & more
A dedicated HearthPilot Hub appliance, a one-command Linux installer, validated NAS installs, and broader recovery options are all future phases. Android and Web are not planned; iOS, iPad, and CarPlay only.
Who builds it
HearthPilot is built by Jonathan Schalliol, a venture investor who got tired of his own twenty-app home running like ten disconnected houses. The first integrations on the platform are the ones in his own walls.
Schalliol Automation, LLC is independent. No platform vendor, no installer, no integrator owns any equity. The business model will be a paid product, never a data sale — and during beta it's free.
Waitlist
Join the waitlist to be among the first 5–10 households at TestFlight (August 2026). No spam. One launch announcement, plus occasional architecture decisions worth sharing.
Reads as: an email to hello@hearthpilot.com. Loops form coming when the launch list goes public.
