Security & Privacy
Privacy Policy
Our privacy policy is hosted on our website. You can view it via the following link:
Data Storage
Your data is stored within the European Union. We use two different data centers to run the Datacake platform:
Frankfurt, DE (main data center)
Amsterdam, NL (Backup)
Frankfurt
All servers for the operation of the Datacake platform and the data storage of the measurement data are located on servers in this location (Frankfurt, Germany).
Amsterdam
The data center in Amsterdam is used solely for the outsourcing of backups and as a failover if the Frankfurt site is damaged (e.g. by fire), although this is rather unlikely.
Backups
We run backups of the entire infrastructure on a daily basis, but we do vary slightly in priority.
Measurement data is backed up with priority. Data such as user name or tenant information is only backed up once a day since we assume that hardly any data is changed once the data is created.
I have deleted my data by mistake. Can you restore them?
Yes, but if you delete data or devices despite being warned that the data will be deleted afterward, the recovery of the data will be charged by a fee.
Therefore, please make sure that you only delete the data if you are really sure that you want it to be deleted.
If you still want to use this service, please contact us.
How we handle your data
Ownership
If you use our platform as a basis for your devices and their measurement data (and all other data), the data remains completely in your ownership.
Access Control
If you create a workspace on Our Platform, as it happens automatically the first time you log in, then only you will have access to this workspace. Neither employees of Datacake nor any other person can view the data of your workspace.
If you want to share access to your workspace with other people, you must explicitly invite those people to your workspace. This also applies if you ask a member of the Datacake support team for advice and assistance. This person will only have access to your workspace if you add them as members of that workspace.
Scope
This behavior (ownership and access control) applies to all things within your workspace, including
All devices in your workspace.
All sub-workspaces and their data / devices.
Simply everything within your workspace.
How we handle the data coming from your Devices
You can use the following integrations to connect your devices to the Datacake Portal:
MQTT
REST-API
LoRaWAN
Particle.io
You can read more about Integrations here:
IntegrationsAnd about LoRaWAN here:
LoRaWANAnonymous data transmission
The following description applies equally to all integrations and describes how the data flows from your devices into the portal and how we handle this data:
If your device records data into our systems via one of the mentioned device types above, this is always done anonymously. This means that no personal or workspace-related data is transferred during transmission.
For the association of the measurement data to your device and its workspace, an ID number is used, which has high entropy and therefore cannot be decoded and thus contains no personal data.
This means that even if someone would be able to read out this information it would still be useless as it would not contain any description of what kind of data this is.
When you open the portal via the front-end or the smartphone app on your mobile device, the ID number of your workspace is transferred to the server as a request. The server then transmits a list of all devices. The data in this list is still anonymous.
This information is then combined in a table in the frontend. This assignment does not take place on our servers, it is only implemented using the graphical arrangement of the front-end.
All data of your devices and their measurement data are always anonymous and do not show any personal information.
FAQs
Do you share my data?
No. The data on your equipment remains your property and Datacake will never share this data with any third party.
Who can see my data?
On the Datacake platform, every action requires an access token. Each token has a scope, i.e. an area that this token can control.
The token defines which devices are assigned to it (with corresponding rights), but also which workspaces it is allowed to view and which different roles this token has in the portal.
In Datacake, the users are based on this token, which means that each user has their own token.
Can another user see my data?
No. As long as you do not explicitly allow another user to view the data of your (single or multiple) devices, it is not possible for a user to view your data.
Where are the vulnerabilities?
Basic vulnerabilities are the use of tokens, e.g. as API tokens on your IoT devices. Here we cannot see what security our customers implement on their devices and this can then lead to a third party gaining access to the access tokens of the device.
Also, third-party IoT devices may not use encryption to transport your data. This means that the token is potentially transmitted in plain text and can be tapped by a "man in the middle".
However, Datacake itself does not allow any incoming connections from unencrypted connections. However, what happens e.g. on foreign MQTT brokers or third-party services, we cannot influence.
What does Datacake do about it? What measures are in place?
Datacake supports the creation of individual tokens (per workspace), which in the ideal case (automated via API) are then created individually per registered device, i.e.: each device on Datacake gets its own token.
In addition, we allow fine-grained settings on the tokens. Thus, for example, only read or read-write permissions for one (or more) device can be determined, while at the same time the permissions for other devices and actions in the workspace are deactivated.
In this way, we separate the data and permissions of the devices from the platform. And when using per-device tokens, we can selectively disable and swap tokens.
What does this look like with LoRaWAN or other IoT platforms?
LoRaWAN network servers or third-party IoT platforms send us data via webhook. Even if we only allow encrypted connections here, there can be so-called replay attacks or it comes to the import of false measurement data.
The Datacake platform offers the option of validating an incoming webhook. Here again a token is created for each webhook.
This token then only has access to the respective devices, which also ensures that no other devices or data can be read if the token is lost.
Last updated