Privacy Policy GRID App
DISCLAIMER: This is a machine translation provided for convenience only. The German version is the legally binding document.
When using GRID (hereinafter the App), we process your personal data. Personal data means any information relating to an identified or identifiable natural person. Because the protection of your privacy is important to us, we would like to inform you with the following information about which personal data we process when you use the App and how we handle this data. We also inform you about the legal basis for processing your data and the disclosure of your personal data to third parties.
The entity responsible for data collection is:
HomeRun GmbH
Harvestehuder Weg 18
20149 Hamburg
represented by its managing directors: Daniel Grünthal and Philipp Illies
Contact: hello@homerun-gmbh.de
Your Role and Our Role in Data Processing
For the data processing described in this privacy policy that relates to your use of the App as our contractual partner (e.g., your user account, usage data, support requests), we, HomeRun GmbH, are the controller within the meaning of the GDPR.
However, the core function of the App is to enable you to manage data of your tenants. For all personal data that you upload and manage in the App yourself (hereinafter "tenant data"), you act as the controller within the meaning of the GDPR. In this case, we process this tenant data on your behalf as a processor according to Art. 28 GDPR. The details of this processing, including the categories of tenant data processed and the technical and organizational measures, are regulated in our separate Data Processing Agreement, which is part of your usage contract. This privacy policy primarily refers to the data processing in which we act as the controller, but for transparency also mentions aspects of the processing on your behalf.
Information on Data Processing When Using the App
We have listed below which personal data is processed directly through the use of the App:
Information Processed During Download
When downloading the App, certain required information is processed by the App Store you select (Google Play or Apple App Store). The processing of your personal data is carried out exclusively by the respective App Store and is outside our sphere of influence.
When the App is first launched, an App ID is generated to ensure identification during the installation of the App on your device. When a user account is later created, the App ID is assigned to the respective user account.
If no user account is created, the collected data will be deleted after 14 days.
Information Processed Through User Account Creation
Information provided during registration is necessary for the conclusion of the usage contract. If you do not provide the required data, you cannot create a user account.
The required personal data are:
Name
Email address
Password
We process this personal data during the creation of the user account in order to:
verify your authorization to manage the user account,
enforce the terms of use of the App and all associated rights and obligations,
contact you to send technical or legal notices, updates, security messages, or other messages concerning the management of the user account (hereinafter transactional emails).
In addition, the App requires the following necessary permissions on your device:
Internet access: This is needed to store your entries on our servers.
Access to the camera and media library: This is needed so you can take photos of your documents (which may contain personal data of third parties, e.g., your tenants) and store them in the App and on our servers as part of the processing on your behalf.
This data processing is justified by the fact that the processing is necessary for the performance of the contract between you as the data subject and us according to Art. 6 Para. 1 lit. b) GDPR for the use of the App. The processing of tenant data that you upload takes place on the basis of the Data Processing Agreement concluded between you and us.
Information Automatically Collected When Using the App
When using the App, we process certain data automatically in log files (hereinafter log files) to ensure the functionality, security, and stability of the App. This also includes accesses that occur during the processing of tenant data you have uploaded. This processing takes place on the technical infrastructure of our hosting provider, Google Cloud Platform (especially through components such as Cloud SQL and Kubernetes Engine).
The log files regularly contain the following data from you:
IP address
Device ID
Version of your operating system
Time of access
Accessed resource/path
Status code
Amount of data transferred
The temporary storage of the complete IP address in the log files is technically necessary for the detection and defense of attacks, for ensuring system security, and for error analysis.
We base this data processing on our legitimate interest in ensuring the secure and error-free operation of the App in accordance with Art. 6 Para. 1 lit. f) GDPR. In addition, the error-free functionality of the App serves to fulfill the contract between you as the data subject and us in accordance with Art. 6 Para. 1 lit. b) GDPR.
The complete IP addresses in the log files are deleted or anonymized (e.g., by truncation) after a maximum of 14 days. Other log data without direct personal reference or already anonymized data may be retained longer for statistical purposes or to improve the App.
Disclosure of Data to Third Parties
We only disclose your personal data to third parties if this is legally permitted or you have consented. Insofar as we engage third parties to process data on our behalf, this is done on the basis of Art. 28 GDPR. Below we list the recipients or categories of recipients:
Hosting Provider
The hosting provider for this cloud-based App is the Google Cloud Platform. This company provides the server infrastructure for data processing by the App. The provider is Google Cloud EMEA Limited, 70 Sir John Rogerson's Quay, Dublin 2, Ireland. The primary data processing takes place on servers in the EU (Frankfurt region, europe-west3). Due to Google's global network architecture (especially when using the Premium Network Tier to optimize latency), a technical forwarding of data traffic via servers outside the EU/EEA (including the USA) cannot be completely ruled out. For any transfers to the USA, Google relies on the EU-U.S. Data Privacy Framework or Standard Contractual Clauses according to Art. 46 GDPR.
The hosting provider acts as a processor. The Data Processing Agreement required by Art. 28 Para. 3 S.1 GDPR has been concluded.
Authentication and User Management
For the secure authentication and management of your user account, we use the services of Auth0 Inc., 10800 NE 8th Street, Suite 600, Bellevue, WA 98004, USA. Auth0 processes your email address and password hashes for this purpose. Data processing by Auth0 takes place primarily in the EU region of the service configured by us. Since Auth0 Inc. is a US company, data transfers to the USA (e.g., for support purposes or due to legal obligations) may take place. Auth0 participates in the EU-U.S. Data Privacy Framework, which ensures an adequate level of data protection. In addition, Standard Contractual Clauses according to Art. 46 GDPR may apply.
Auth0 acts as a processor and appropriate agreements have been concluded.
Sending Transactional Emails
When using the App, you may trigger the sending of transactional emails. This happens, for example, when resetting your password. This is necessary communication between you and the App to ensure your ability to use the App.
For sending these emails, the App is supported by Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin. The processing of your email address and your name takes place on Sendinblue (Brevo) servers in Germany.
Sendinblue (Brevo) acts as a processor in this context, and the Data Processing Agreement required by Art. 28 Para. 3 S. 1 GDPR has been concluded.
Sentry (Error Analysis)
This App uses Sentry, a product of Functional Software, Inc., 45 Fremont Street, 8th Floor, San Francisco, CA 94105, USA, to analyze anonymized crash reports and improve the stability of the App. Data processing by Sentry takes place primarily on servers in the EU. However, a transfer of data to the provider in the USA cannot be ruled out, particularly for support or administrative purposes. A crash report is only sent to Sentry after your explicit consent. The legal basis for this data processing is therefore your consent according to Art. 6 Para. 1 lit. a GDPR. You can revoke your consent at any time in the settings of the App or in the settings of your device. For any data transfers to the USA, Functional Software, Inc. relies on Standard Contractual Clauses according to Art. 46 GDPR.
Sentry acts as a processor according to Art. 28 GDPR.
Internal Administration and Communication
For internal administration, communication, and to support the provision of the App, we use Google Workspace. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Personal data (e.g., your contact details for support requests) may also be processed here. Data processing takes place primarily in data centers within the EU, but due to Google's global structure, it may also take place outside the EU/EEA. For transfers to the USA, Google relies on the EU-U.S. Data Privacy Framework or Standard Contractual Clauses according to Art. 46 GDPR.
Google Workspace is used in the context of data processing according to Art. 28 GDPR.
AI Support for Internal Processes
To support internal processes, such as data analysis or text creation to improve our services, we may use AI services from OpenAI, L.L.C., 3180 18th Street, San Francisco, CA 94110, USA (provider of ChatGPT). We take care to limit the processing of personal data to the absolute minimum necessary and to anonymize or pseudonymize data where possible. Processing of plain data from your user account or tenant data uploaded by you through OpenAI only takes place if this is necessary to fulfill a specific function initiated by you (if offered in the future and appropriately labeled) or for internal error analysis in exceptional cases, and if appropriate protective measures have been taken. Data processing by OpenAI takes place primarily in the USA. OpenAI participates in the EU-U.S. Data Privacy Framework. In addition, Standard Contractual Clauses according to Art. 46 GDPR may apply.
OpenAI is used in the context of data processing according to Art. 28 GDPR.
Payment Processing
The payment processing regarding your usage fee for the App is carried out by the payment service provider Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA.
You have set up a user account with Stripe for this purpose. Necessary transaction data is exchanged between the App and Stripe for processing and assigning payments. Stripe provides us with information to confirm receipt of payment. We do not transmit any personal data to Stripe beyond what is immediately necessary for payment processing.
Since Stripe is a company based in the USA, a transfer of personal data to the USA may take place. Stripe participates in the EU-U.S. Data Privacy Framework, which ensures an adequate level of data protection. Alternatively or additionally, Standard Contractual Clauses according to Art. 46 GDPR may apply.
Subscription Management
For the management of subscriptions, we use the service RevenueCat Inc., 1032 E Brandon Blvd, #3003 Brandon, FL 33511, USA. RevenueCat supports us in managing subscriptions that are concluded via the App Store, Google Play Store, or Stripe. The following data is processed in this context:
Information about the status of your subscription
Transaction data
Device and app information
Identifiers (e.g., App Store ID, Google Play ID, or Stripe Customer ID)
The processing of this data is necessary for the proper management of your subscription and the provision of the corresponding functions of the app. RevenueCat acts as a data processor and corresponding agreements have been concluded.
Since RevenueCat is a company based in the USA, a transfer of personal data to a third country without an adequacy decision pursuant to Art. 45 GDPR takes place. To ensure an adequate level of data protection, we have concluded the standard contractual clauses pursuant to Art. 46 Para. 2 lit. c GDPR published by the EU Commission with RevenueCat. Where necessary, we additionally implement additional technical and organizational protective measures (e.g., encryption, pseudonymization).
Push Notifications
If you want to be informed about activities in the App at any time, you can receive push notifications. The use of these push notifications is optional and requires your consent according to Art. 6 Para. 1 lit. a GDPR.
For the creation of push notifications, we work with Google Firebase, a service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The data necessary for sending (e.g., a token to identify your device) is transmitted to Google Firebase. In the settings of the App and your device, you can decide at any time whether you want to receive the messages and revoke your consent.
Data processing by Google may take place on servers in the USA. For the transfer of data to the USA, we rely on appropriate guarantees, such as Google's participation in the EU-U.S. Data Privacy Framework or the conclusion of Standard Contractual Clauses according to Art. 46 GDPR, in addition to your consent to the processing.
Change of Purpose
Processing of your personal data for purposes other than those described will only occur if a legal provision permits this or if you have consented to the changed purpose of data processing. In the case of further processing for purposes other than those for which the data was originally collected, we will inform you before the further processing about these other purposes and provide you with all other relevant information.
Duration of Data Storage
We delete or anonymize your personal data as soon as it is no longer necessary for the purposes for which we collected or used it according to the above sections. As a rule, we store your personal data for the duration of the usage or contractual relationship regarding the App plus a period of 30 days, during which we keep backup copies after deletion, unless this data is needed longer for criminal prosecution or to secure, assert, or enforce legal claims.
Shorter retention periods specified in this privacy policy for certain types of data (e.g., for log data or when no user account is created) take precedence.
Statutory retention periods, especially those for tax reasons, remain unaffected.
Your Rights as a Data Subject
You have the right to request information (Art. 15 GDPR) about the data stored about you and, under certain conditions, the correction (Art. 16 GDPR) or deletion (Art. 17 GDPR) of your data.
You may also have a right to restriction of processing (Art. 18 GDPR) of your data and a right to receive (Art. 20 GDPR) the data you have provided in a structured, commonly used, and machine-readable format.
You can revoke your consent to the processing of personal data for specific purposes at any time with effect for the future. Please note that in this case, it may no longer be possible to process a request.
You also have the right to object, for reasons arising from your particular situation, to lawful data processing based on legal grounds. The right to object does not exist if there is a compelling public interest in the processing that overrides your interests or if a legal provision requires the processing.
You also have the right to lodge a complaint with the competent supervisory authority. The competent supervisory authority is:
Hamburgischer Beauftragter für Datenschutz und Informationssicherheit
Ludwig-Erhard-Str. 22
20459 Hamburg
Contact
If you have questions or comments about our handling of your personal data or would like to exercise the rights mentioned in Section 7 as a data subject, please contact us directly at the following email address:
Changes to the Privacy Policy
We keep this privacy policy up to date. Therefore, we reserve the right to change it from time to time and to update changes in the collection, processing, or use of your data. The current version of the privacy policy is always available under "Privacy Policy" within the App.
Version: June 16, 2025