Should your AV integrator be the Owner of your network?

The two dominant remote-monitoring platforms in residential AV are explicit about who they are for.

OvrC (Snap One)

Snap One's own end-user notice for OvrC states plainly: “OvrC is a SaaS support platform owned and operated by Snap One and used by Snap One dealers to provide remote assistance and management to the IP enabled devices on their customers' networks.”¹ The same notice describes the data relationship in equally direct terms: “Your Dealer acts as the data controller, and you are the data subject or data owner.”¹

That is the model in one sentence. The dealer holds the controlling organisation; the homeowner is a subject inside it. OvrC supports a separate, limited “Connect” homeowner app for things like rebooting devices and viewing status, but the admin plane — claiming devices, changing configuration, seeing what's on the network — sits in the dealer's account.

Domotz

Domotz is the most common alternative to OvrC and uses a closely related model. Pricing is published at “$1.50 per managed device per month”— billed to the integrator, with the homeowner's network as a “site” under the integrator's root account.⁶ Domotz markets the platform directly to MSPs, commercial integrators, residential integrators, and security professionals — not to homeowners.⁶

Dealer-channel networking hardware

The networking brands an AV integrator most often installs — Snap One's Araknis and Pakedge, Legrand AV's Luxul — are sold through dealer registration rather than retail. They share their respective vendors' dealer cloud planes (OvrC for Araknis / Pakedge; ProWatch for Luxul) by default. A homeowner who later wants to administer that hardware themselves is usually starting from no credentials, because the credentials were never theirs.

None of this is hidden — it is how the platforms are designed. What is missing in the typical install is the conversation about whether that is the right arrangement for the household.

Snap One has built explicit workflows for moving a home's claimed devices from one OvrC dealer to another. The System Takeover documentation describes the move precisely: “This allows you to add a customer's previously claimed OvrC devices to your OvrC account when requested by a customer to provide continued service.”² What transfers: “The entire customer Location, including: Claimed devices (even offline devices) and their configuration. Notes taken in the OvrC location. OvrC Connect users.”²

For Control4 specifically there is a parallel homeowner-initiated process at customer.control4.com. The result is the same shape: “This moves the customer's OvrC account from the previous integrator to a Holding account… The customer's Location remains in the original integrator's account, but the device list, configuration, and client services are no longer available.”³

Snap One's own announcement of the Dealer-of-Record change enhancements gives the everyday use case in their words: “There are times when one of your customers wants to transfer account ownership to a new customer. For example, an existing customer has sold their residence or retail/commercial space, along with their system, to a new homeowner or business.”⁴ The infrastructure exists. The path it paves, however, is from one integrator to another. The path from integrator to homeowner-as-admin is not part of the same workflow.

On the AV-controller side specifically, several vendors already have a homeowner Owner role designed into the product. Crestron Home is the clearest example. The Settings > Users documentation describes the role in exactly the terms a homeowner would want: “The Owner can edit their account information, reclaim the home, sign out, and delete their account. The Owner can also invite and remove members and assign their user roles.”⁵

That is the IT-style model. The Owner is the homeowner. Members — including the integrator's technicians — are invited, with explicitly assigned roles, and can be removed. The vendor designed it that way. What varies in the field is whether the home was actually handed over to the homeowner in the Owner role at sign-off, or whether the integrator stayed in the Owner seat and the homeowner was added as a regular User.

That distinction is invisible from the app. Both roles open the same screen. The first time a homeowner discovers which one they are is usually when they try to do something only the Owner can do — invite a new installer, remove an old one, transfer the home.

The corresponding question on the IT side — “who is the admin of record on the customer's Microsoft 365 tenant, on their AWS organisation, on their Google Workspace?” — was settled more than a decade ago. The customer is the tenant. The MSP or consultancy holds time-bound delegated admin during the engagement. A clean offboarding ends with the provider's admin rights revoked and the customer's super-admin still in place.

Microsoft makes the model unambiguous by publishing the recovery path for the case where it goes wrong. If an MSP-controlled tenant is genuinely orphaned, the customer can prove domain ownership and reclaim the tenant through a documented “internal admin takeover” flow.⁸ AWS Organizations and Google Workspace publish analogous customer-of-record recovery paths. The norm is shared across the industry: the customer owns the tenancy.

The residential-AV industry has not converged on the same norm. CEDIA's own published guidance on securing the residential network is detailed on firewalls, segmentation, WPA3, and remote-access hygiene, but is silent on credential handover, admin-of-record assignment, or what the homeowner should hold when an engagement ends.¹⁰ The absence is not a CEDIA failing in particular — no widely-cited industry standard mandates this yet. It does mean that whether the homeowner finishes the project as the Owner of their own network is, today, a per-integrator choice.

Visibility into the home network

A dealer's OvrC organisation is, by design, able to enumerate the home network. Snap One's own end-user notice describes the scope: “through OvrC your Dealer may be able to see whether your network is on and functioning and which devices are connected to your network, but he or she cannot access any content shared over the network or access or view any files on any devices connected to your network without additional authorization by You.”¹ Device names, MAC addresses, manufacturers, uptime, interface statistics — that is the dealer's window. The homeowner's Wi-Fi traffic and file contents are not. The line is real, but it sits further down the stack than most homeowners assume.

The remote-management plane is a real attack surface

In November 2024, Claroty's Team82 published research disclosing ten vulnerabilities in OvrC, describing the affected device footprint as “around 10 million devices world-wide.”⁷ Eight were addressed in May 2023 (ICSA-23-136-01); the remaining two were patched ahead of disclosure. The point is not that OvrC is uniquely insecure — any cloud platform with that much reach will surface serious findings sooner or later — but that a dealer-mediated remote-management plane is a surface. If it is on the home network, the homeowner inherits its risk whether or not they are the administrator.

Regulatory standing in jurisdictions that care

In the UK and EU, GDPR's “household exemption” for personal data processing — the rule that keeps a homeowner's own CCTV out of regulatory scope — does not extend to the installer.⁹ A residential AV integrator with admin access to cameras, occupancy sensors, or door locks is acting in a professional capacity on personal data. In practice, that means a written data-processing agreement is owed to the homeowner, whether or not one is in place today. The homeowner who is also the Owner of the underlying network has the cleanest story; the homeowner who isn't may not even know which party owes them what.

Lock-in and continuity

Trade press treats ongoing service contracts as the primary recurring-revenue source in residential integration — CE Pro's 2025 State of the Industry reports service contracts as the single largest recurring-revenue line for participating firms.¹¹ That model is not wrong on its face. The continuity-of-service value an integrator provides is real. The question is whether that value depends on the integrator holding the only set of admin credentials — or whether the same value can be delivered with the homeowner clearly seated in the Owner role and the integrator working as a delegated administrator under written terms. The IT-side answer is the latter.

None of the following is adversarial — a good integrator will already have answers, and the conversation is easier before the engagement ends than after.

1. Which cloud platform is monitoring the network — OvrC, Domotz, ProWatch, BakPak, something else? Whose organisation is it under?
2. On the AV controller, what role does the homeowner hold— Owner, or User? On Crestron Home specifically, ask to see the Settings > Users screen.
3. What email address is registered to each cloud accountcreated during the install — homeowner, household admin assistant, or integrator's back office?
4. The admin credentials on the gateway, switches, access points, and NVR— does the homeowner have a current, written set, stored somewhere outside the integrator's password manager?
5. If the integrator becomes unreachable, what is the recovery path? For OvrC and the Control4 ecosystem, the System Takeover and Dealer-of-Record change processes are real and documented;²³ for other platforms, a written answer should exist.
6. What does the integrator see, and what is logged?The OvrC end-user notice is one vendor's answer; the homeowner is owed an equivalent statement from whichever platform is in use.¹

The answers don't have to lead to the homeowner taking over day-to-day administration. Most don't want to. The point is that the answers exist on paper — and that the homeowner finishes the project knowing which seats are theirs and which are delegated.

• Not an attack on the integrator channel. The reason residential AV integrators end up administering the network is usually that nobody else is going to. The platforms they use are built around that reality. The argument here is for an explicit choice, not for a different one.
• Not a claim that every home should self-administer.Most homeowners should not, and don't want to. The IT-side norm is exactly that — the customer owns the tenancy, the provider operates it. The day-to-day admin work still belongs with the professional.
• Not an industry-wide condemnation. Many integrators already hand over a complete, written network credential set at sign-off. Where this article is louder is about the cases — common enough that Snap One built a Dealer-of-Record change workflow for them²³ — where the handover never happened.
• Not a substitute for legal advice. The GDPR / data-controller framing in § 06 is the outline. Specific homes — multi-jurisdiction households, public figures, anyone with a real threat model — should get written advice that reflects the actual installation.
• Vendor documentation moves. Every citation in this piece points to a page that was current at publication. Snap One, Crestron, Domotz, and the rest update their docs on their own schedules. If a detail matters for a real decision, re-read the source.

The plain summary: the network underneath an AV install is now a load-bearing piece of household infrastructure. The question of who is named as its Owner deserves the same care as the question of who is named on the deed.