Privacy Policy App

Privacy Policy for the 21energy Applications

Effective from:

Last updated:

This privacy policy describes how 21energy GmbH (“we,” “us,” “our”) collects, processes, and protects personal data when users interact with 21energy applications and hardware products.

By using the app, you confirm that you agree to the processing of your personal data in accordance with this policy.

1. Data Collected and Processed

1.1. Application-Related Data

We store device-related data in our database, including:

  • Device type: (e.g., “MOBILE,” “CONTROL”)
  • Bonding token: Identifier for authentication (non-personal)
  • Connection status: Whether the device is connected
  • Timestamps: Time of creation and update
  • Device-specific information: API version, hardware ID, order number (optional)
  • Technical information: System status, network connection, device logs, hashrate, power consumption
  • Mining pool: Mining pool configuration (username, pool URL)

1.2. Cluster Level (Temporary Connection Data)

We temporarily store connection data for system functionality and error analysis:

  • IP address
  • Connection time
  • Service logs: Requests to the app backend

1.3. Cloudflare Level

To ensure security and minimize risks (e.g., DoS attacks), we use Cloudflare as a proxy. Cloudflare processes and logs:

  • IP address
  • User-agent string
  • Metadata required for Cloudflare services

Data processing by Cloudflare is subject to its own privacy policy, available at: https://www.cloudflare.com/privacypolicy/

1.4. Google Firebase

Our app uses Firebase Cloud Messaging (a Google service) to send push notifications. Firebase may collect information such as device identifiers, app instance IDs, and usage data required for message delivery and performance improvement. This data is used solely to provide notification services and improve app performance.

  • IP address
  • User-agent string
  • Connection data required for Google Firebase

Data processing by Google Firebase is subject to Google’s privacy policy, available at: https://policies.google.com/privacy

1.5. Support Mode

When the support mode is enabled, we may collect:

  • Customer IP address
  • Remote access logs (SSH): Includes diagnostic data from connected 21energy applications and mining devices

1.6. Data Collection via Website

Data collected through our website and APIs is processed separately. For more information, please refer to our general privacy policy: https://21energy.com/de/policies/privacy-policy

1.7. Mining Pool Account Data

To display performance and earnings data within the app, users can optionally link their mining pool accounts. In this case, we process:

  • API key or account data for authentication with the mining pool provider
  • Account ID and mining statistics (e.g., hashrate, shares, earnings, etc.)
  • Pool provider: Depending on user choice (e.g., Braiins Pool, etc.)

This data is processed solely for in-app display purposes and is not shared with third parties. Processing is based on Art. 6 (1)(b) GDPR (performance of a contract) or Art. 6 (1)(a) GDPR (consent), if the link is made voluntarily.

1.8. Zendesk Support System

We use the Zendesk ticketing system to manage support inquiries and customer communication. Zendesk helps us organize, manage, and respond to support requests efficiently.

Depending on the content of a support request, the following personal data may be collected and processed:

  • Name (if provided by the user)
  • Email address (for communication and ticket assignment)
  • Support content: Messages, screenshots, log files, or other user-provided information
  • Device and app information: If necessary for technical analysis (e.g., device type, app version, operating system, serial number, hashrate, connection status)
  • Timestamps of the request and communication history

This data is processed solely for the purpose of responding to and documenting support requests. The legal basis is Art. 6 (1)(b) GDPR (contract performance or pre-contractual measures) and Art. 6 (1)(f) GDPR (legitimate interest in efficient customer communication).

Zendesk may process data on servers located in the United States. To ensure an adequate level of data protection, Standard Contractual Clauses (Art. 46 GDPR) are in place.

For more information, please refer to Zendesk’s privacy policy:
https://www.zendesk.com/company/agreements-and-terms/privacy-notice/

1.9. Remote Desktop Software

For specific support inquiries, remote desktop software (e.g., AnyDesk or similar programs) may be used to diagnose or resolve technical issues directly on the user’s device. Remote access occurs only with the user’s explicit consent and only for the duration of the respective support session.

During a remote session, the following data may be temporarily viewed or processed, depending on the issue:

  • Screen contents (temporary view of the user’s desktop or app interface)
  • System information (e.g., operating system version, hardware status, network settings)
  • Device identifiers (e.g., device ID, connection ID of the remote software)
  • Support session logs (duration, timestamp, IP address of the device)

No personal data is stored or recorded beyond what is necessary for support purposes. Access automatically ends when the session is closed.

Data processing for remote support is based on Art. 6 (1)(a) GDPR (consent) and Art. 6 (1)(b) GDPR (contract performance). Access without prior user consent is not possible.

For more information about data processing by AnyDesk, please refer to their privacy policy:
https://anydesk.com/en/privacy

2. What data we process, why, and the legal basis

We only process what is necessary to provide and secure the services (GDPR Art. 5). Overview:

  • Account & device relationship (device type “MOBILE/CONTROL”, API version, hardware ID/serial, bonding token, connection status, timestamps, optional order number, mining-pool configuration such as username and pool URL) – to provide core features, device pairing, telemetry, configuration. Legal basis: Contract Art. 6(1)(b) and Legitimate interests Art. 6(1)(f).
  • Operational telemetry (system status, network state, device/app logs, hashrate, power consumption) – diagnostics, uptime, service quality. Legal basis: Legitimate interests Art. 6(1)(f).
  • Backend/cluster logs (IP address, connection time, request metadata) – security, abuse prevention, troubleshooting. Legal basis: Legitimate interests Art. 6(1)(f).
  • Push notifications (Firebase Cloud Messaging) (app instance ID/device token and minimal delivery metadata) – operational/service notices; marketing only with opt-in. Legal basis: Contract/Legitimate interests for strictly necessary operational notices; Consent Art. 6(1)(a) for marketing.
  • Support mode / remote assistance (user IP, remote-session metadata, diagnostics; screen contents may be viewed during a session) – on-demand technical support. Legal basis: Consent Art. 6(1)(a) and Contract Art. 6(1)(b). Access ends when the session ends.
  • Support tickets (Zendesk) (name, email, ticket content/attachments, device/app information, timestamps) – respond to and document support. Legal basis: Contract Art. 6(1)(b) and Legitimate interests Art. 6(1)(f).
  • Mining-pool linking (optional) (API key/token or account data; account ID; statistics like hashrate/shares/earnings) – show performance/earnings in the app. Legal basis: Contract Art. 6(1)(b) or Consent Art. 6(1)(a) if optional.

3. Data Sharing and Storage

  • We do not sell or share personal data with third parties for advertising purposes.
  • Connection data is stored only temporarily and deleted after system-relevant use.
  • Cloudflare processes data as an independent controller under its own GDPR-compliant policies.

4. User Rights

Under the GDPR, you have the following rights:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data (subject to legal obligations)
  • Objection: Object to certain data processing activities
  • Data portability: Receive your data in a structured, commonly used format

To exercise these rights, please contact us at: privacy@21energy.com

5. Contact Information

For privacy-related inquiries, you can reach us at:

21energy GmbH
Wilhelm-Greil-Straße 21
6020 Innsbruck
Austria

Email: support@21energy.com

6. Changes to this Policy

This policy may be updated as needed. The most recent version is always available in the app and at: https://21energy.com/pages/privacy-policy-app

By using the app, you agree to this privacy policy.