Privacybeleid

Privacy Clause Processing of Personal Data:
- Miggy BV collects and processes personal data from the customer in accordance with Miggy BV's privacy policy and applicable data protection laws. By using Miggy BV's products and services, the customer consents to the processing of their personal data as described in Miggy BV's privacy policy.
Purpose of Data Processing:
- The customer's personal data is processed for purposes such as providing the products and services, improving the user experience, providing customer support, and complying with legal obligations.
Data Security:
- Miggy BV implements appropriate technical and organizational measures to protect the confidentiality, integrity, and availability of the customer's personal data against unauthorized access, disclosure, alteration, or destruction.
Access to Personal Data:
- Only authorized personnel of Miggy BV and third parties involved in providing the products and services have access to the customer's personal data, and only to the extent necessary for the performance of their duties.
Customer Rights:
- The customer has certain rights with respect to their personal data, including the right to access, correct, delete, restrict processing, data portability, and object to processing, as described in Miggy BV's privacy policy.

Standard sales terms

View our sales terms by clicking on the following link Terms & Conditions | Miggy

Data storage

Gegevensopslag my.miggy.nl

Your data is stored within the European Union. We use two different data centers to connect the Miggy platform (my.miggy.nl):

Frankfurt, DE (main data center)
Amsterdam, NL (back-up)

Frankfurt

All servers required for the functioning of the Miggy platform and the storage of measurement data are located in Frankfurt, Germany.

Amsterdam

The data center in Amsterdam is used exclusively for storing backups and as a failover in the event of damage to the Frankfurt data center (e.g. due to fire), although the likelihood of this happening is low.

Back-ups

We make daily backups of the entire infrastructure, but have different priorities.

Metrics are given the highest priority in backups. Data such as usernames or tenant information is only backed up once a day, as we assume that this data hardly changes once it is created.

I accidentally deleted my data. Can you restore them?

Yes, but if you delete data or devices despite warnings, you'll be charged a fee to recover the data.

So make sure you only delete data when you're sure you don't need it anymore.

Do you still want to use this repair service? Please contact us.

How we handle your data

Ownership

If you use our platform as the basis for your devices and their measurement data (and all other data), they remain your full property.

Access control

When you create a workspace on our platform (which happens automatically with the first login), you are the only one who has access to this workspace. No employee of Miggy or any other person can view the data in your workspace.

Do you want to share access to your workspace with others? Then you must explicitly invite these people. This also applies if you ask for help from a member of the Miggy support team. This person will only have access to your workspace if you add them as a member.

Scope

These principles (ownership and access control) apply to all components within your workspace, including:

All devices in your workspace
All sub-workspaces and their data/devices
In short, everything within your workspace

How we handle data from your devices

You can use the following integrations to connect your devices to the Miggy portal:

MQTT
REST-API
LoRaWAN
Particle.io

Anonymous data transfer

The following is true for all integrations and describes how data from your devices gets into the portal and how we process it:

When your device sends data to our system using one of the methods listed, it is always anonymous. No personal data or workspace-related data is sent.

An ID number is used to link measurement data to your device and workspace. This ID has a high entropy, making it indecipherable and does not contain any personal data.

Even if someone were to intercept this information, it would be useless because it doesn't include a description of the type of data being transmitted.

When you access the portal via the web interface or mobile app, the ID number of your workspace is sent to the server as a request. The server then sends back a list of all devices, but the data in this list remains anonymous.

The actual linking of data to your workspace only happens in the front-end of the portal and not on our servers.

In other words, all data from your devices and measurement data always remains anonymous and does not contain any personal information.

Frequently Asked Questions (FAQs)

Do you share my data?

No. The data of your equipment remains your property, and Miggy will never share it with third parties.

Who can see my data?

On the Miggy platform, every action requires an access token.

Each token has a specific scope, which determines which devices it can manage and what workspaces and permissions it has.
Users within Miggy work on the basis of these tokens, so each user has their own token.

Can another user see my data?

No. Unless you explicitly give permission to another user to view your data, no one else can view your data.

Where are the vulnerabilities?

The biggest risks are related to the use of tokens, for example:

API tokens on IoT devices can be incorrectly secured. We have no control over the security measures that customers apply to their devices, which could result in a third party gaining access to a token.
Unencrypted connections: Some third-party IoT devices do not encrypt communications, so a token is sent in plain text and can be intercepted by a "man-in-the-middle" attack.

Please note: Miggy does not accept unencrypted incoming connections. But we cannot influence what happens with external MQTT brokers or third parties.

What is Miggy doing about this? What measures have been taken?

Miggy supports the creation of individual tokens per workspace, using the following security measures:

✅ Automatically generated unique tokens per registered device (via API).

✅ Fine-grained access settings, so that a token is only granted specific permissions (e.g., read-only or read/write for certain devices).

✅ Disconnected data and permissions per device, so that tokens can be disabled and replaced in a targeted manner.

What about LoRaWAN or other IoT platforms?

LoRaWAN network servers or external IoT platforms send us data through webhooks.

Although we always enforce encrypted connections, risks can still arise such as replay attacks or the collection of falsified measurement data.
That's why the Miggy platform offers an extra layer of security: validation of incoming webhooks with its own token.
This token can only access the specific devices for which it is intended, so that other devices or data cannot be read if the token is lost.

Use of Cookies

Website may use cookies to personalize and facilitate maximum navigation of the User by this site. The User may configure his / her browser to notify and reject the installation of the cookies sent by us.

Links to other websites

Although this Website may be linked to other websites, we are not, directly or indirectly, implying any approval, association, sponsorship, endorsement, or affiliation with any linked website, unless specifically stated herein.

You should carefully review the legal statements and other conditions of use of any website which you access through a link from this Website. Your linking to any other off-site pages or other websites is at your own risk.

Privacy terms