Data protection homee
Your data belongs to you – especially as sensitive data as that from your Smart Home, this is also very important to us, and that is why we have set data protection as the center of our system architecture.
Our principle: We do not process or save anything that is not necessary for the functioning of your system. If processing or storage is necessary, this should not be attributable to you or your homee.
Here you will find everything you need to know about data protection if you use one of our homees.
homee GmbH
Viktoria-Luise-Platz 7
10777 Berlin
030 81458823
hello@homee.de
Represented by the CEOs:
Mario Weißensteiner, Waldemar Wunder.
Data storage
Each homee works independently, which means that all data is saved locally on your homee. No one except you has access to this data, unless someone gives it directly (by login) or indirectly (by activating a feature that requires access).
Proxy server
In order to enable access to your homee from outside your own home network, the data is encrypted and transmitted over the Internet (via a proxy server operated by us). The data is not stored anywhere, but only transferred between your homee and the respective application (e.g. the homee apps). Our proxy server is hosted by AWS (Amazon Web Services) in Frankfurt (https://aws.amazon.com/de/). Information about their privacy policy can be found here (https://aws.amazon.com/de/compliance/data-privacy/).
We can theoretically read all communication that takes place between the app and the core. If you don’t want to use the proxy server, you can also run your homee in stand-alone mode.
Time
As soon as you have connected a homee to the Internet, it updates its time. This is important for different features (time Homeegrams, position of the sun, etc.) and security-related aspects (validity of SSL certificates, etc.). homee uses for this NTP (http://www.ntp.org) (industry standard). You can use your homee in stand-alone mode to prevent your homee from getting the correct time at NTP. Then you can transfer the time of your device to homee using the app.
Location (Brain Cube)
For different features (current time, position of the sun, weather) homee needs data about its location. By default, he gets this via an interface provided by Google (industry standard). homee sends this interface the SSIDs of the scanned WLAN network and thereby obtains its location. Here you can find Google’s privacy policy (https://policies.google.com/privacy).
If you don’t want homee to use this interface, you can switch off the automatic location detection in the privacy settings.
Location (Apps)
If you create a geofence in the app for presence detection, entering and leaving the area will be reported to your homee, even if the app is in the background. The location is only stored on the device to enable the geofence function and is not transmitted at any time.
Weather
In order to show you the weather and to be able to use it in the Homeegrams, your homee must get this information from the Internet. The weather information is provided by Dark sky (https://darksky.net). So that not every homee has to get the weather data directly from Dark Sky, we operate our own weather server. Here we save the weather for certain locations. Your homee therefore only reports to our weather server with its location and then receives the weather for this location. We do not store anywhere an assignment between homee and the location. Our weather server is hosted on AWS (Amazon Web Services) in Frankfurt (https://aws.amazon.com/de/). Information about their privacy policy can be found here (https://aws.amazon.com/de/compliance/data-privacy/).
If you don’t want your homee to get the weather data, you can simply turn off the weather feature in the privacy settings.
Webhooks
In the Homeegrams we offer the possibility to send webhooks. Please be aware that depending on where you send it to, data may be stored there.
Push notifications / Email notifications
Messages are routed through our notification server. This is hosted by AWS (Amazon Web Services) in Frankfurt (https://aws.amazon.com/de/). You can find information about their privacy policy here (https://aws.amazon.com/de/compliance/data-privacy/).
Since we forward all messages to the respective (iOS/Android/Mail) notification services, we can theoretically see the complete message content. Including homee ID and IP address. However, we have reduced the logging to the bare minimum and only store the homee ID to which the message is sent for 3 months. The content of the messages is not stored by us at any point.
Third party web services
Devices that you connect to homee via one of the radio cubes all communicate locally with your homee.
When connecting other devices (e.g. Netatmo devices), your homee may not be communicating directly with the device, but with a web service behind the respective device. If this is the case, you give homee access data to these services when adding them. If the service makes it possible (a good person should), it will not save the access data, but only an access token generated with it. With this you can withdraw access at any time from the respective service homee.
Voice assistants (Amazon Alexa, Google Assistant)
If you link one of the voice assistants to your homee, the other side (Amazon, Google) will have access to an access token to your homee. That means there is complete access to your homee. You can revoke this access in the homee app at any time by deactivating the respective service. In order to be able to connect homee and the voice assistants, data is stored in different places. When linking (oAuth) your homee ID and an access token with a short validity of one hour are stored on a server provided by us.
This server is hosted by AWS (Amazon Web Services) in Frankfurt (https://aws.amazon.com/de/). Information about their privacy policy can be found here (https://aws.amazon.com/de/compliance/data-privacy/).
During the operation of the voice assistant, your homee ID and an access token are stored at Amazon (AWS – https://aws.amazon.com/de/). You can find their privacy policy here (https://aws.amazon.com/de/privacy/). We (homee GmbH) cannot hear your spoken words.
homee analytics
In order to be able to further develop homee in a targeted manner, homee (if you have activated homee beta or activated homee analytics) sends analysis data to a server provided by us. This data is anonymized and cannot be traced back to your homee. We are not interested in that at all. We only collect the following statistics:
- Total number of users and distribution among the roles (chief homee, homee and minor homee).
- Number of end devices logged on to homee (smartphone, tablet and WebClients).
- Number of programs
- Number and type of triggers
- Number and type condition
- Number and type of actions
- Number of groups
- Number of devices broken down by wireless technology
- Amazon Alexa linked
- Time zone in which homee is located
We store this data for a period of 3 months and then delete it.
This data helps us to further develop homee and the homee apps in the right direction. We host our analytics server at AWS (Amazon Web Services) in Frankfurt (https://aws.amazon.com/de/). Information about their privacy policy can be found here (https://aws.amazon.com/de/compliance/data-privacy/). If you don’t want this, it’s best not to activate homee Analytics at all – they are switched off in the factory settings. If you have turned them on and don’t want to send them anymore, simply turn them off again. You can do this conveniently in the privacy settings.
homee updates
Since we are constantly developing homee, we have updates regularly. homee checks every day whether there is an update available. To do this, it connects to our update server. This is hosted by AWS (Amazon Web Services) in Frankfurt (https://aws.amazon.com/de/). Information about their privacy policy can be found here (https://aws.amazon.com/de/compliance/data-privacy/).
If there is an update, your homee receives the download link and then downloads the update. We host the updates at Amazon (AWS – https://aws.amazon.com/de/). [You can find their data protection declaration here] (https://aws.amazon.com/de/privacy/). Since the currently installed homee version is also sent during the update check, we collect statistics here on how many homees are running on which version.
Support access
In order to be able to solve a problem on your homee, it is sometimes necessary to have direct access to your homee. Of course, we cannot and do not want to activate this remotely – you have to do this yourself in the homee apps when requested. As soon as we have received the access data from you, we of course have full access to your homee (SSH). We then use it to find and solve the existing problem. If you no longer want us to have access to your homee, you can withdraw it from us at any time by switching off the support access.
App Analytics
If you use one of the homee apps, we collect some statistics about it. These cannot be attributed to you or your homee. For us it is important, for example, which version of the respective operating system you are using or whether your device is a smartphone, tablet or desktop computer (browser). We use this data to be able to better decide which operating systems etc. we still have to support, since they are still being used significantly.
As a service to collect statistics we use Amplitude (https://amplitude.com), you can find their privacy policy here (https://amplitude.com/privacy).
We collect the following statistics:
- End device: manufacturer, model, operating system, language, country.
- App: version number, name, environment (beta/stable)
- Number of connected homee Cubes in the app.
- App settings: Dashboard welcome text active yes/no, dark mode
- App events: opening of certain screens
If you don’t want your homee app to send this data, you can switch off the Analytics app in the data protection settings.
App Crash Reporting
When your homee app crashes, it sends us a crash report so we can investigate the reason for the crash. We can only see in which function the crash happened, what kind of device you are using and which version of the homee app you have. This data cannot be traced back to you or your homee.
As a service to collect the reports we use Bugsnag (https://www.bugsnag.com), you can find their privacy policy here (https://docs.bugsnag.com/legal/privacy-policy).
If you do not want your homee app to send this data, you can disable app crash reporting in the privacy settings.
General
Data is only passed on to third parties within the framework of legal requirements. We pass this on if, for example, this is necessary for contractual purposes in accordance with Art. 6 Para. 1 lit. b) DS-GVO, we are obliged to do so due to legal requirements in accordance with Art. 6 Para. 1 lit. c) DS-GVO or we have a legitimate interest in the economic and effective operation of our business operations in accordance with Art. 6 Para. 1 lit. f) DS-GVO. This includes the transfer of this data to companies affiliated with us.
Within the scope of a data protection-related commissioned processing pursuant to Art. 28 DS-GVO, we use service providers for the operation and maintenance of our information technology systems, who may obtain knowledge of your personal data in this context. We have therefore taken appropriate legal, technical and organizational measures with the service providers to ensure the protection of your personal data in accordance with legal requirements. Your personal data will not be transferred to a third country or to an international organization.
If we process personal data of you, you are a data subject within the meaning of the General Data Protection Regulation (GDPR) and have the following rights: right to information (Art. 15 GDPR), right to rectification (Art. 16 GDPR), right to erasure (Art. 17 GDPR), right to restriction of processing (Art. 18 GDPR), right to data portability (Art. 20 GDPR) and right to object to processing (Art. 21 GDPR). Furthermore, you have the right to complain to a data protection supervisory authority. In the case of a request for information that is not made in writing, we ask for your understanding that we may then require evidence from you that proves that you are the person you claim to be.
You can contact our data protection officer by e-mail at datenschutz@afriso.de or via our postal address with the addition of “The Data Protection Officer”.
Delete data
We are happy to delete data that can be traced back to you or your homee on request. Just send an email with the subject “Deletion request” to support@homee.de
Have fun using your homee
Your homee team
