My HA is not port forwarded and only accessible when connected to the home network.

I have a private backdoor tunneling into my network with self hosted vpn so i can use it away from home.

Integrations i use come in two types relative to your question. But all of them involve giving HA acces to the controls and data. Not the opposite. I have never heard of an integrations that required data from HA.

The biggest tell on what is what is does the intended way to control the device make use of any cloud. If your device does not require a cloud or account and you can connect it to the integration with just an ip it should all be local.

But many integrations will require you to provide the credentials for a cloud because it’s easier. In that case you are not any more exposed then if you use the vanilla apps.

For my solar panels i could use the cloud but i convinced the technician to give me admin rights enabling a local api i can use instead. That cloud stuff is still there, cant disable it but it means i can still read my solar panels in case of an internet blackout.

If i could all my devices would be blocked from talking to the outside and all use local apis for control but its sadly not how most stuff is build. For stuff like cameras i wont even consider it unless they do though.

Thank you for this. I consider myself technical and those words felt like a punch in the gut.