Kohler’s Smart Toilet Camera Isn’t Actually End-to-End Encrypted

Despite being advertised with end-to-end encryption (E2EE), Kohler’s Dekoda smart toilet camera falls short of that standard, prompting concerns about the protection of users’ intimate health data.

“Kohler is able to access data collected by the device and associated application,” said security researcher Simon Fondrie-Teitler.  

Smart Health Insights, But Weak Data Protection

The device, launched in October, attaches to the toilet rim and captures internal bowl images to generate hydration and gut-health insights. 

Kohler promotes end-to-end encryption across its product pages, app documentation, and support materials. 

But according to Fondrie-Teitler’s analysis, the company’s implementation provides only standard HTTPS transport encryption and encryption at rest — far from true E2EE, where only the user holds the keys.

The distinction is critical for users and security teams evaluating smart health devices. 

If Kohler can decrypt and process data on its servers, then highly sensitive images and biometric signals become accessible to employees, contractors, and third-party services — and potentially exposed during a data breach.

Why Kohler’s Encryption Isn’t Actually End-to-End

True end-to-end encryption ensures that data is encrypted on the user’s device and remains unreadable by the service provider. 

That is not what Kohler is doing. The company confirmed via email to the researcher that  the data is decrypted and processed to provide their service, meaning the toilet camera’s images and metadata are accessible inside Kohler’s infrastructure.

This implementation mirrors standard cloud-app behavior, not a zero-knowledge architecture. 

Unlike messaging tools such as Signal or iMessage — which store only encrypted blobs — Kohler’s servers actively process user images and health outputs. 

That introduces risk: if those servers were compromised, attackers could obtain clear-text toilet images, AI-generated health metrics, user timestamps, and device identifiers.

Compounding the issue, Kohler’s privacy policy states that collected data may be used “to train our AI and machine learning models” and can be shared with third parties after de-identification. 

For visual biological data, however, de-identification is not always reliable because machine-learning models can sometimes reconstruct or correlate sensitive features even from anonymized datasets.

What Consumers Should Check Before Buying Smart Health Devices

Because this is not a software vulnerability but a design-level privacy flaw, mitigation options are limited. However, consumers evaluating smart health devices should:

• Review whether the device implements client-side or true end-to-end encryption
• Verify whether the vendor can decrypt data stored on its servers
• Check whether collected data is used for AI training or shared with partners
• Consider whether the sensitivity of the data justifies the functionality
• Disable cloud-backup features when possible or opt out of nonessential analytics

Organizations advising patients or wellness consumers should also discuss the risks of IoT health devices that claim strong encryption but rely on server-side processing.

Smart Device Security: Marketing vs. Reality

Kohler’s mischaracterized security claims reflect a broader trend in which smart device vendors use security-sounding language as marketing, even when real cryptographic protections may be lacking. 

This blurring of technical definitions can undermine consumer trust, complicates meaningful risk assessment, and normalizes weak privacy safeguards for sensitive data people generate.

As smart wellness products evolve to include AI-driven insights and cloud-based processing, clear transparency around encryption, data handling, retention policies, and model-training practices will become essential — not a nice-to-haves.

With AI increasingly shaping how data is processed and interpreted, detecting deepfakes becomes essential to preserving the integrity of both user information and digital systems.