I went through various stages of this myself and got an Sonoff RF Bridge, that allowed me to capture and replay RF via Home Assistant. In the end though, it was always easier to use an off the shelf solution, especially for boilers. OpenTherm with Tado worked perfectly.
Shame I can't give it a go (android user) as it looks great but noticed a typo on the App store screenshots, where it says "re-ceate", instead of "re-create".
You can easily verify by simply logging all data in/out of your network that the monitor is connected to and seeing if there is any unexpected traffic etc.
Some manufacturers are known to have added backdoors or methods to access data on remote devices but the internet community love tearing things apart, dumping firmware etc to see how things work and someone ends finding it in the end.
Not that it's the correct way of thinking, but if you have anything actually worth capturing in that respect and you believe you're being watched, you'd need to findn alternative ways to access it.
Commonly it's because emails are not being sent from mycompanydomain's own SMTP server and via the service provider's own.
When setting up the service, account owners are required to setup DNS records that authorise the service providers SMTP server to send on behalf of mycompanydomain so that the emails don't get rejected or end up in the spam folder.
To prevent Zendesk's email from being consider spam, my company's SPF record contains include:mail.zendesk.com, but I still don't understand why, when they send email to my company, they say Zendesk "via" an email address at my company. There really doesn't seem to be any reason to not just use their own email address in the "From" header.
Thank you for your reply, but I think there is something I'm missing ...
They've probably just setup that once you've opted in for them to send emails on behalf of your domain, they will use it for everything relating to your account.
If setup properly, they'll follow what Recaptcha done in the early days and use multiple sources and use the common answer rather than relying on a single source.
The only issues is that if people know this, they could simply flood the internet etc with fake information and if used, it could skew the results.
Recaptcha suffered from this in the early days when people found the first word was the control (known) word and the second was the word they wanted to convert to text.
People then started putting the same offensive word in for the second word, which was accepted and is likely to have affected the results.
I have it set to "Nothing" but whenever I have the window open, I can see the orange notification conter popping up on several channels (even if I mute them).
I tried leaving channels but I get invited back whenever people tag my team, so I gave up and muted all of them (but still get the notification counter, which makes muting useless for me).
EDIT: Whenever someone tags my team, the little Slack icon on the tray bar goes red... and I don't know if that's a direct message (usually important) or someone tagging my team just "fyi". I have to check it always.
I joined a company to help modernise it as the stack was based upon ColdFusion and they struggled to find/retain developers to maintain it.
The previous developers done a great job of documenting and structuring the system in a way that made it easy for me to migrate it onto something maintainable.
If there was enough developers floating around to make it viable to maintain in ColdFusion it would still be going now and doing a great job too!
