1. Controller
The controller within the meaning of the GDPR is the provider named in the Imprint.
2. Hosting (DigitalOcean)
Our servers are located in a data center in Frankfurt am Main (Germany), operated by DigitalOcean, LLC (USA). Technical access data is stored in server log files with each access.
- Purpose: Technical operation, security, error analysis
- Legal basis: Legitimate interest (Art. 6(1)(f) GDPR)
- Third-country transfer: EU-US Data Privacy Framework; data center located in Germany
Automatic backups are stored in encrypted form, also at DigitalOcean in Frankfurt.
3. Cookies
We only use technically necessary cookies for authentication and session management. No tracking, analytics, or advertising cookies are used.
- Legal basis: Section 25(2) No. 2 TDDDG
4. User Account
- Data: Email address, password (stored in encrypted form)
- Purpose: Provision of the user account, authentication
- Legal basis: Performance of contract (Art. 6(1)(b) GDPR)
- Retention period: Until deletion of the account
5. Consumption Data
- Data: Meter readings, measurements, device configurations
- Purpose: Recording and analysis of your energy consumption data
- Legal basis: Performance of contract (Art. 6(1)(b) GDPR)
- Retention period: Until deletion of the account
6. Scanning Meter Readings (Anyline SDK)
For optical recognition of meter readings, we use the Anyline SDK by Anyline GmbH (Vienna, Austria). OCR processing takes place locally on your device; no images are transmitted.
- Resources: When loading the scan function, resources are loaded from Anyline servers. Your IP address is transmitted in the process.
- Usage report: After a scan, a technical license event is sent to Anyline.
- Legal basis: Legitimate interest (Art. 6(1)(f) GDPR)
- Privacy policy: anyline.com/imprint-and-legal
7. File Uploads
- Data: Uploaded file
- Purpose: Provision of the upload function
- Legal basis: Performance of contract (Art. 6(1)(b) GDPR)
- Retention period: Until deletion of the account
8. Contact Inquiries
- Data: Name, email address, subject, message content
- Purpose: Processing your inquiry
- Legal basis: Pre-contractual measures or performance of contract (Art. 6(1)(b) GDPR)
- Retention period: Until final processing, then deletion
9. Friendly Captcha
To protect our service, we use Friendly Captcha (Friendly Captcha GmbH, Germany).
10. Payment Processing (Stripe)
For paid features, we use Stripe, Inc. (USA).
- Data: Email address, payment information (transmitted directly to Stripe)
- Purpose: Processing payments
- Legal basis: Performance of contract (Art. 6(1)(b) GDPR)
- Third-country transfer: EU-US Data Privacy Framework
- Privacy policy: stripe.com/privacy
11. Email Delivery (mailbox.org)
Transactional emails are sent via mailbox.org (Heinlein Support GmbH, Berlin). Servers located in Germany.
- Data: Email address, message content
- Legal basis: Performance of contract (Art. 6(1)(b) GDPR)
12. Data Transfers to Third Countries
Some of our processors are based in the USA:
| Provider |
Safeguard |
| DigitalOcean, LLC |
EU-US Data Privacy Framework |
| Stripe, Inc. |
EU-US Data Privacy Framework |
13. Your Rights
You have the right to access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20), and objection (Art. 21 GDPR). To exercise your rights, please contact us via the details provided in the Imprint.
You also have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR).
14. Changes
We update this privacy policy as needed. The current version is available on our website.