SMART + APP PRIVACY POLICY

AS OF SEPTEMBER 2025

Table of contents
I.      Identity and contact details of the data controller
II.     Contact details of the data protection officer
III.    Permissions
IV.   Data processing in the SMART+ app in general
V.    Data processing when starting the app
VI.   Data processing when using a user account
VII.  Provision of the app an creation of log files
VIII. Hosting
IX.   Content delivery networks
X.    Telemetry data
XI.   Usage of firebase-crashlytics
XII.  Usage of sdk
XIII. Dataprocessing with special services
XIV. Data processing by backup services
XV. Rights of the data subject
XVI. Changes to this information

I. IDENTITY AND CONTACT DETAILS OF THE DATA CONTROLLER

The data controller responsible in accordance with the purposes of the General Data Protection Regulation (GDPR) of the European Union and other national data protection laws of the Member States as well as other data protection regulations is:

LEDVANCE GmbH
Parkring 1-5
85748 Garching
Germany
+49 89 780673-100
contact@ledvance.com
https://www.ledvance.com

II. CONTACT DETAILS OF THE DATA PROTECTION OFFICER

The designated data protection officer is:

Mr. Matthias Lindner
bDSB LEDVANCE
c/o  intersoft consulting services AG 
Beim Strohhause 17 
20097 Hamburg 
Germany
privacy@ledvance.com

III. PERMISSIONS

The following authorizations are required to implement the functions in the app:

  • Photos (iOS)
    Store photos and videos from connected devices
  • Location Services (iOS)
    Access to SSID information during the pairing process, set application location, condition settings (weather, automated rules)
  • Microphone (iOS)
    Enables the two-way voice control
  • Camera (iOS)
    QR Code scanner for pairing process, photo function for profile image creation
  • Bluetooth Sharing (iOS)
    Pairing with and control of devices
  • Media Sharing (iOS)
    Store photos and videos from connected devices
  • Camera (Android)
    QR Code scanner for pairing process, photo function for profile image creation
  • Location (Android)
    Access to SSID information during the pairing process, set application location, condition settings (weather, automated rules
  • Microphone (Android)
    Two-way voice control
  • Device memory (Android)
    Store photos and videos from connected devices

IV. DATA PROCESSING IN THE SMART + APP IN GENERAL

On this page we inform you about the privacy policy of the SMART + App for Android and iOS ("App"). The App is offered by LEDVANCE GmbH, Parkring 1-5, 85748 Garching near Munich, Germany ("LEDVANCE GmbH", "we" or "us").

Unless otherwise stated in this privacy policy the following applies:

1. Scope of processing 
The App is used for technical control of SMART+ devices and provides direct technical support for users. Multi-user access is enabled.


2.     Control of smart devices and information associated with these devices
 
With this App, you can control various smart products, provided that these devices are designed for this purpose.
 
Depending on which of these devices you want to control with this app, different data may be affected.
 
In some cases (e.g. if they are linked to a user account), this data may be assigned to you or third parties. If you use third-party data in the app, you are responsible for obtaining the appropriate usage rights. This is the case, for example, if you control smart video cameras with the app. In this case, you are responsible for ensuring that these video recordings are permitted.

A list and detailed description of the data used with our smart devices can be found on our website here.
 
3.     Personal reference and user account

When the app is installed, a unique ID is generated and stored on Ledvance servers. This ID cannot be linked to a specific person unless the user registers with their email address.
In principle, the use of the app does not require user registration.
Depending on the device to be controlled, user registration with an email address and password (user account) may be necessary in individual cases (e.g. for multiple users or camera integration).

A current list of products that require a user account can be found here.


4.     Purpose of processing in general

The general purpose of processing personal data with the app is to allow users of the App to have technical control of SMART+ devices and for technical support by LEDVANCE.


5.     Legal basis for the processing of personal data in the SMART+ App in general

Where the app uses personal data this is necessary for the execution of the user contract, which forms the basis for the use of the app and the related services. This includes processing in order to safeguard your data and error detection as well as supporting users. Therefore the legal basis for the processing of your personal data is Art. 6 (1) (b) GDPR.

There may be situations where we do not only use your data to fulfil the contract (e.g., to fulfil obligations to public bodies). The legal basis in those cases is either your consent or, depending on the situation, another legal basis within the meaning of Art. 6 GDPR.

In some cases the processing of technical data serves to safeguard a legitimate interest of our company in providing a functional application for users and is therefore based on Art. 6 para. 1 sentence 1 lit.  f GDPR as the legal basis for the processing.


6.     Duration of storage
 
Your personal information will be retained for as long as necessary to fulfill the purposes described in this Privacy Policy or as required by law. In addition, data will not be deleted if and as long as we have an overriding legitimate interest in doing so (e.g. to protect our rights or defend ourselves against legal claims).

V. DATA PROCESSING WHEN STARTING THE APP

The following data is processed when the app is started:


·       Information about the type and version of the app
·       Operating system of the user
·       Date and time of access
·       Language settings
·       Time zone of the device


The servers automatically collect and store information in so-called server log files, which your device automatically transmits when you use the app. The stored information is:


·       smartphone type and model number
·       Operating system used
·       Referrer-URL
·       Date and time of the server request
·       IP address


Third parties do not have access to server log files. This data is not merged with other data sources.

 

VI. DATA PROCESSING WHEN USING A USER ACCOUNT

The following data is processed when using a user account:



·       Username (optional)
·       Password
·       E-Mail-address
·       Profilepicture (optional)
·       Timezone location
 
Deleting a user account will result in the deletion of all associated data.
 
Regular users can delete their accounts themselves. Instructions on how to do this can be found here.
Guest accounts can only be deleted by regular user.


In addition, authorised account holders can also request the deletion of their accounts by sending an email to the following address: privacy@ledvance.com
 
Please note that certain functions (e.g. video storage from smart video cameras in the cloud) require a valid user account. If such accounts are deleted, these functions will no longer be available.


 

VII. PROVISION Of the app and creation of log files

1. Description and scope of data processing
Each time our app is accessed, our system automatically collects data and relevant information from the computer system of the calling device.
The following data is collected:
 

  • Browser type and version used
  • The user's operating system
  • The IP address of the user
  • Date and time of access
  • language settings, time zone, app-version
This data is stored in the log files of our system. This data is not stored together with other personal data of the user.


2. Purpose of data processing

The temporary storage of the IP address by the system is necessary for the delivery of the app to the device of the user. For this purpose, the user’s IP address must be kept for the duration of the session.

The storage in logfiles is done to ensure the functionality of the app. The data is also used to optimise the app and to ensure the security of our IT systems. An analysis of the data for marketing purposes does not take place.

3. Legal basis for data processing

The processing of the aforementioned data is necessary for the execution of the user contract, which forms the basis for the use of the app and the related services.  Hence the legal basis for the processing of your personal data is Art. 6 (1) (b) GDPR. In addition for the aforementioned purposes, our legitimate interest lies in the processing of data in compliance with Art. 6 para. 1 s. 1 lit. f GDPR.

4. Duration of storage

The data will be deleted as soon as it is no longer necessary for the purpose of its collection. The session is complete when the collection of data for the provision of the app is accomplished.

If the data is stored in log files, this is the case after seven days at the latest. Storage beyond this is possible. In this case, the IP addresses of the users are deleted or alienated so that an assignment of the calling client is not possible.

5. Objection and erasure

Pursuant to Article 21 (1) GDPR, you have the right to object at any time to the processing of personal data concerning you on the basis of Article 6 para. 1 lit. f GDPR (data processing to protect a legitimate interest), this also applies to profiling based on this provision. Whether or not the objection is successful, shall be determined through the balancing of interests.
The user is given the opportunity to object to the processing by e-mail request.
In order to do so, please send an email to: privacy@ledvance.com

VIII. HOSTING

A) general cloud data (e.G. app ID pls see above IV 3)
This is active as log the app is used
b) optional Cloud storage for video
This only applies if this service is booked within the app

In any event the app cloud is hosted on servers of a service provider commissioned by us.
However, in order to book this Cloud storage option for video, you must agree to the paid user agreement with the cloud storage provider for this service (Tuya).
Our service providers Cloud built on AWS – Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109, United States

The servers automatically collect and store information in so-called server log files, which your browser automatically transmits when you use the app. The stored information is:


Browser type and version
Used operating system
Referrer URL
Hostname of the accessing computer
Time and date of the server request
IP address of the user's device
 
This data will not be merged with other data sources.

The server of the app is geographically located in Frankfurt, Germany. Nevertheless, we cannot rule out the possibility that your data may also be processed in the USA. The USA currently does not have an adequate level of protection, which may result in security risks.

We make sure that the requirements under the GDPR concerning transfers to third countries are met. Therefore, transfers may only take place if the special requirements of Art. 44 - 49 GDPR are fulfilled.
 
Amazon.com, Inc. including Amazon Web Services, has certified itself under the Data Privacy Framework (DPF) program. This means that Amazon has publicly committed to complying with the DPF obligations and the data transfer to the USA is based on this currently valid adequacy decision of the European Commission. Insofar as data is otherwise processed outside the EU/EEA, we have concluded the standard data protection clauses (SSCs) defined by the EU Commission in accordance with Art. 46 GDPR in order to create a secure level of data protection.

To protect data, AWS uses, among others, Standard Contractual Clauses (SCC). These were provided by the EU Commission and are intended to ensure that the data transfer complies with the protection standards even if your data is transferred to and stored in third countries such as the USA.
The data is collected on the basis of Art. 6 para. 1 lit. f GDPR.
The apps operator has a legitimate interest in the technically error-free presentation and optimization of his app - for this the server log files must be recorded.

IX. CONTENT DELIVERY NETWORKS

Amazon CloudFront
1. Description and scope of data processing


We use functions of the Amazon CloudFront content delivery network of Amazon Web Service Inc, 410 Terry Avenue North, Seattle WA 98109, USA (hereinafter referred to as Amazon CloudFront). A Content Delivery Network (CDN) is a network of regionally distributed servers connected via the Internet to deliver content, especially large media files such as videos. Amazon CloudFront provides web optimization and security services that we use to improve the load times of our app and protect it from misuse. When you use our app, a connection will be established to Amazon CloudFront's servers to retrieve content, for example. This allows personal data to be stored and evaluated in server log files, in particular the user's activity (in particular which pages have been visited) and device and browser information (in particular the IP address and the operating system).

This data can be transferred to servers of AWS Cloudfront in the USA and to AWS. The USA currently does not have an adequate level of protection, which may result in security risks.

Amazon.com, Inc. including Amazon Web Services, has certified itself under the Data Privacy Framework (DPF) program. This means that Amazon has publicly committed to complying with the DPF obligations and the data transfer to the USA is based on this currently valid adequacy decision of the European Commission.
Insofar as data is otherwise processed outside the EU/EEA, we have either concluded the standard data protection clauses (SSCs) defined by the EU Commission in accordance with Art. 46 GDPR in order to create a secure level of data protection or
otherwise ensured that the requirements under the GDPR concerning transfers to third countries are met. Therefore, transfers may only take place if the special requirements of Art. 44 - 49 GDPR are fulfilled.
For more information on Amazon CloudFront's collection and storage of data, please visit: 

 https://aws.amazon.com/de/privacy/

2. Purpose of data processing

Amazon CloudFront features are used to deliver and accelerate online applications and content.

3. Legal basis for data processing

The data is collected on the basis of Art. 6 para. 1 lit. f GDPR. The app´s operator has a legitimate interest in the technically error-free presentation and optimization of his app - for this the server log files must be recorded.

4. Duration of storage

Your personal information will be retained for as long as necessary to fulfill the purposes described in this Privacy Policy or as required by law.

5. Objection and erasure

Information about objection and erasure options regarding Amazon CloudFront can be found at:

https://aws.amazon.com/de/privacy

X. TELEMETRY DATA

1. Description and scope of data processing

We collect telemetry data in our app. In the course of telemetry data processing, the behaviour within the app and device information such as

  • Model
  • and OS version
of the user, but no personal data whatsoever.


2. Purpose of data processing

The data are processed for the following purposes:

  • Infrastructure monitoring
  • Application monitoring
  • Resource optimisation
  • Troubleshooting
  • Functional data analysis of the Smart Device
  • User behaviour
  • Analysis of the app performance:
     
    • Launch speed of the app
    • Charging times
    • Times for jumps between pages
    • Usage of the buttons
 

3. Legal basis for the data processing

These data are recorded on the basis of Art. 6 para. 1 lit. f GDPR. The app operator has a legitimate interest in the technically error-free display and optimisation of his app - for this purpose the server log files must be recorded.

4. Duration of storage

Your personal information will be stored for as long as necessary to fulfill the purposes described in this privacy policy or as required by law.

5. Objection and erasure

Pursuant to Article 21 (1) GDPR, you have the right to object at any time to the processing of personal data concerning you on the basis of Article 6 para. 1 lit. f GDPR (data processing to protect a legitimate interest), this also applies to profiling based on this provision. Whether or not the objection is successful, shall be determined through the balancing of interests.
To make the objection valid, users can write an informal e-mail to privacy@ledvance.com, or remove the data by deleting the account and the app.

  XI. Usage of Firebase Crashlytics

1. Description and scope of data processing

We collect telemetry data in our App for error reporting. To do this, we use the Firebase Analytics tool by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, and its representative in the European Union, Google Ireland Ltd, Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland (hereinafter referred to as: Google), in particular, Firebase Crashlytics.
Firebase Crashlytics can be used to determine the impact of a crash and investigate its cause. This immediately improves the stability and performance of the application for the users. Therefore, we use Firebase Crashlytics for the security and stability of the App application.These services are an integral part of our offer and cannot be deactivated. Data is transmitted anonymously and not personalized to Google.
The use of Firebase Analytics, in particular Firebase Crashlytics can result in data transmission to US servers. The USA is currently considered an insecure third country under the European data protection law. It is possible that personal data may be subject to access by U.S. authorities for control and monitoring purposes, against which neither effective legal remedies nor data subject rights may be enforceable.
To ensure adequate safeguards for the protection of the transfer and processing of personal data outside the EU, data are transferred to and processed by Google on the basis of appropriate safeguards in accordance with Art. 46 et seq. GDPR, in particular through the conclusion of the so-called standard data protection clauses set out in Art. 46(2)(c) GDPR.

You can find more information on data processing by Firebase Analytics here: https://firebase.google.com/support/privacy
and in the Google Privacy Policy.

Firebase Crashlytics is used for Android and iOS crash reporting und integrated in the firebase tool. Information on data processing by Crashlytics can be viewed here:
https://firebase.google.com/terms/crashlytics-app-distribution-data-processing-terms https://firebase.google.com/terms/crashlytics-app-distribution-mcc https://support.google.com/chromecast/answer/6076570?hl=de

To ensure the App's functionality, the following authorisations are requested or the hardware components of the end device are used:
  • Camera
  • Local area network
  • External memory


2. Purpose of data processing

The purpose of the processing is to ensure the App's functionality and to generate error reports in the event of errors.

3. Legal basis for data processing

The legal basis for the processing of your personal data is Art. 6(1)(1)(f) GDPR. We have a legitimate interest in providing a functional App and continuous improvement in the event of malfunctions.

4. Storage duration

Personal data shall be stored for as long as it is necessary to fulfil the purposes described in this Privacy Policy or as required by law, e.g., for tax and accounting purposes.

5. Objection and erasure

Pursuant to Article 21 (1) GDPR, you have the right to object at any time to the processing of personal data concerning you on the basis of Article 6 (1) (f)GDPR (data processing to protect a legitimate interest), this also applies to profiling based on this provision. Whether or not the objection is successful, shall be determined through the balancing of interests.
In order to do so, please send an email to: privacy@ledvance.com 

XIII. USAGE OF SDK

1. Description of the use of SDKs

We use SDKs to provide functional modules. For this purpose, the used code is embedded into the SDKs.

2. Third party libraries used for iOS

  • AFNetworking
  • CocoaAsyncSocket
  • CocoaLumberjack
  • DACircularProgress
  • FBSDKCoreKit
  • FBSDKLoginKit
  • FBSDKShareKit
  • FLAnimatedImage
  • FMDB
  • IQKeyboardManager
  • Libextobjc
  • lottie-ios
  • Masonry
  • MBProgressHUD
  • MJRefresh
  • MMKV
  • MQTTClient
  • OCMock
  • OpenSSL-Universal
  • Reachability
  • SDWebImage
  • SQLCipher
  • SSZipArchive
  • TPCircularBuffer
  • TZImagePickerController
  • UICKeyChainStore
  • YYModel
  • SVProgressHUD
  • SDWebImageSwiftUI
  • SwiftyBeaver
  • RealmSwift
  • Realm
  • MJExtension
  • Charts
  • PhoneNetSDK
  • PromisesObjC
  • PromisesSwift
  • Alamofire
  • MediaPipeTasksVision
  • MMKV
  • FLEX
  • Firebase
  • glog
  • ThingSmartCryption, :th =>
  • ThingSmartHomeKit
  • ThingSmartBusinessExtensionKit
  • ThingSmartSweeperKit
  • ThingSmartLockKit
  • ThingSmartCameraKit
  • ThingSmartMatterKit
  • ThingSmartMatterKit
  • ThingSmartDeviceDetailBizBundle
  • ThingSmartSkillQuickBindBizBundle
  • ThingSmartHelpCenterBizBundle
  • ThingSmartActivatorBizBundle
  • ThingSmartMessageBizBundle
  • ThingSmartSceneBizBundle
  • ThingSmartMallBizBundle
  • ThingAdvancedFunctionsBizBundle
  • ThingSmartMarketingBizBundle
  • ThingSmartGroupHandleBizBundle
  • ThingSmartDeviceSyncBizBundle
  • ThingSmartPanelBizBundle
  • ThingSmartShareBizBundle
  • ThingSmartCameraRNPanelBizBundle
  • ThingSmartCameraPanelBizBundle
  • ThingSmartLangsExtraBizBundle
  • ThingSmartFamilyBizBundle
  • ThingSmartHomeKitBizBundle
  • ThingSmartOTABizBundle
  • ThingSmartCameraSettingBizBundle
  • ThingSmartCloudServiceBizBundle
  • ThingSmartThemeManagerBizBundle
  • ThingSmartActivatorExtraBizBundle
  • ThingSmartBusinessExtensionKitBLEExtra
3. Third party libraries used for Android
  • Firebase messaging
  • Google map
  • Google speech
  • Google play services location
  • Gson
  • recyclerview-swipe
  • recyclerview-animators
  • SwitchButton
  • Flexbox
  • Openssl
  • Fastjson
  • Eventbus
  • OKHttp
  • RxJava
  • Lottie
  • Systembartint
  • adapterdelegates3
  • MPAndroidChart
  • TextLayoutBuilder
  • android-jsc
  • mqttv3
  • Fresco
  • React-native
  • DSBridge-Android
  • Grpc
  • Libevent
  • Mars
  • MMKV
  • Litho
  • LDNetDiagnoService_Android
  • LoopView
  • grpc-java
  • react-native-svg
  • react-native-image-picker
  • wcdb
  • zxing
  • commons-compress
  • soloader
  • bouncycastle
  • Android-BluetoothKit
  • Android-nRF-Mesh-Library
  • Kotlin
  • Android Support
  • Matrix
  • Mbedtls
  • Libuv
  • Libsrtp
  • Cjson
  • Kcp
  • Curl
  • FFmpeg
  • Rapidjson
  • Google service related
  • Firebase series:
  • firebase-crashlytics - crash analysis
  • firebase-analytics - data analysis
  • firebase-messaging - push messages
  • firebase-perf - performance monitoring
  • Google Play Services:
  • play-services-maps - Google Maps
  • play-services-location - location services
  • play:app-update - application updates
  • Google Others:
  • android-maps-utils - map tool library
  • mediapipe:tasks-vision - media pipeline visual tasks
  • Tuya Smart SDK series (core business)
  • thingsmart - Tuya Smart Core SDK
  • thingsmart-theme-open - theme components
  • thingsmart-ipcsdk - IPC camera SDK
  • thingsmart-lock-sdk - smart lock SDK
  • thingsmart-outdoor-sdk - outdoor equipment SDK
  • thingsmart-expansion-sdk - Extended SDK
  • Various business packages (bizbundle):
  • Family management, device activation, device control, scene management
  • Group management, OTA upgrade, camera, cloud storage
  • Message center, feedback, voice skill binding, etc.
  • Network and data processing
  • Retrofit + OkHttp - Network request
  • Gson - JSON parsing
  • MMKV - High-performance key-value storage
  • DataStore - Data storage
  • Room - Database ORM
  • UI and interface
  • Material Design - Material design components
  • ConstraintLayout - Constraint layout
  • MPAndroidChart - Chart library
  • Glide - Image loading
  • CameraX - Camera function
  • ExoPlayer - Media playback
  • Development tools and debugging
  • Hilt - Dependency injection
  • Kotlin Coroutines - Coroutines
  • LeakCanary - Memory leak detection (debugging)
  • Debug DB - Database debugging tool
  • Special function library
  • GreenDAO - Database ORM (used by Mesh module)
  • SpongyCastle - Encryption library
  • Huawei HMS - Huawei Mobile Services
  • Country Picker - Country Selector
  • PermissionX - Permission Management
  • Localization and Internationalization
  • Localazy - Localization Service
  • Other Tool Libraries
  • Commons Compress - Compression Tool
  • Tukaani XZ - XZ Compression
  • Work Manager - Background Task Management
  • Custom Modules
  • Bleaars - Bluetooth Related (Local AAR)
  • XLog - Log System
  • Gesture Recognition - Gesture Recognition
  • Reorderable - Reorderable Components
  • Build Tool Plugin
  • KSP - Kotlin Symbol Processing
  • Room Gradle Plugin - Room Database Plugin
  • Secrets Gradle Plugin - Key Management Plugin
The SDK are used on the basis of Art. 6 para. 1 lit. f GDPR.

We have a legitimate interest in the technically error-free display and optimization of our app - for this purpose the SDK must be used.

XIii. DATA PROCESSING with SPECIAL SERVICES

Certain functions of the app require additional or different processing of personal data. You will find the relevant information below
 
 
Smart video camera services

When using smart camera devices with the App, the following special features apply.
You are responsible for ensuring that the video and audio data itself is processed and used by you in a lawful manner.
 
1. Use without cloud storage
Video and audio files are stored on your device.
You have full access to them and can also delete the data yourself.


2. Use of the cloud storage option

To do this, you need a user account and must
activate the corresponding cloud storage option in the app
This involves confirming a corresponding paid usage agreement with Tuya.
You can then also use the booked cloud storage via the app for video and audio files (save and delete).

XiV. DATA PRocessing by backup services

You can use backup services to back up settings and data from apps on your device. Backed-up information is transferred to and stored on the server of the backup service you are using and can be restored to the original device or another device. The scope of data collection depends on the backup service used, but in particular, app settings and data, the user name, the email address, the customer number of your account, the time of the backup and the individual device ID can be processed. The processing of this data is carried out exclusively by the provider of the backup service used and is beyond our sphere of influence.
 
With regard to the option offered in the app for storing video data in the cloud, please note the information under ‘XV. DATA PROCESSING WITH SPECIAL SERVICES’.

 XV. RIGHTS of the data subject

As far as your personal data is processed, you have the following rights as a data subject, provided that the legal requirements are met
(Cited provisions of the GDPR refer to the EU GDPR):


·       Right to information and disclosure (Art 15 GDPR).
·       Right of rectification and erasure (Art 16, 17 GDPR); if erasure is not possible,
processing may be restricted (see below).
·       Restriction of processing (Art 18 GDPR)
·       Objection to data processing (Art 21 GDPR)
·       Data portability (Art 20 GDPR)
·       Withdrawal of consent (Art 7(3) GDPR)
·       Right to lodge a complaint with a supervisory authority (Art 77 GDPR)
 

XVI. Changes to this information

 
If the purpose or manner of processing your personal data changes significantly, we will update this information in time.
 

SMART+ SUPPORT

Do you have problems with one of our SMART+ products? We are happy to help you.