Privacy and Security Policy

Last updated: June 17, 2026

Sensibo inc. ("Sensibo", "we", "us" or "our") respects your privacy and is committed to protecting the personal information you share with us. This Privacy and Security Policy ("Policy") explains what information we collect, how we use it, with whom we share it, and the choices and rights you have. It applies to:

  • Our websites and online stores, including sensibo.com and related pages;
  • Our mobile applications, including the Sensibo app and the anywAiR / myanywAiR Next app (the "App");
  • Our cloud services, APIs, web dashboards and connected devices, such as Sensibo Sky, Air, Air Pro, Elements, Pure, Room Sensor and smart sockets (together, the "Services").

Please read this Policy carefully. By using our Services, you acknowledge the practices described here. If you do not agree with this Policy, please do not use the Services.

1. The information we collect

1.1 Information you provide to us

  • Account information. When you create an account, we collect your email address, first and last name, and a password. Passwords are stored only in hashed form. You may sign in using a password, or passwordless using a one-time "magic link" sent to your email.
  • Website forms and lead information. When you fill in forms on our websites, request information, register interest, participate in promotions, request a demo, contact sales, or contact us, we may collect your full name, email address, phone number, company or organization name, country, and any additional information you choose to provide.
  • Purchase and order information. When you buy hardware or a subscription, we and our payment, commerce and fulfillment partners collect order details, billing and shipping information, phone number, purchase history, refund and warranty information, and related transaction records. Card and payment details are processed by our payment providers; Sensibo does not store full payment card numbers.
  • Subscription information. For Sensibo Plus and similar paid plans, we store your subscription status, plan, platform (iOS / Android / coupon), purchase and expiry dates, transaction identifiers, and any discount or coupon codes you use.
  • Support and communications. When you contact support, request a warranty, leave feedback, or otherwise communicate with us, we collect the content of those communications, including email and chat threads, attachments, troubleshooting information, and internal notes related to your account or request.
  • Marketing and text-message information. If you subscribe to marketing emails, SMS/text messages, promotions or other communications, we collect the contact information and preferences needed to send those messages and manage your opt-out choices.
  • AI Assistant content. If you use our Indoor Climate Assistant or other AI-powered features, we collect the text prompts, voice recordings, transcripts, custom instructions, device context and related information you provide or authorize us to use so we can respond, make suggestions, and operate your devices on your behalf.

1.2 Information from your devices and use of the Services

  • Device and sensor data. Our connected products report environmental and operational data, which may include temperature, humidity, "feels-like" temperature, air-quality readings such as PM2.5, CO₂, TVOC, eTOH and a computed indoor-air-quality index, motion and room-occupancy signals, Wi-Fi signal strength, power and energy usage, air-conditioner state and mode changes, filter-cleaning counters, firmware and connection status.
  • Device identifiers. We collect identifiers needed to operate your products, such as device serial numbers, device UIDs, MAC addresses, QR identifiers, product model, mobile device identifiers and push-notification tokens.
  • Location and geofencing data. If you enable location-based automations, including "Geofencing" or "Climate React," we collect your home or device location, latitude and longitude, derived country and city, the geofence radius you set, your saved Wi-Fi network name (SSID) and identifier (BSSID), and enter/exit events as you and other members of your household come and go. On mobile devices, this may require access to your location in the background so we can turn your air conditioner on before you arrive and off after everyone leaves. You can disable this at any time in the App and in your device's system settings.
  • Account and app settings. We collect settings such as temperature units, selected language, notification preferences, device-sharing settings, organization membership, app version, registration source (Sensibo or anywAiR), and similar preferences.
  • Usage and diagnostic data. We collect app and service event logs, interactions with features, in-app messages, crash reports, performance and diagnostic data to operate, secure, troubleshoot and improve the Services.
  • Technical, browser and log data. When you use our websites and Services, we automatically receive technical information such as IP address, browser and device type, operating system, referring URLs, pages viewed, session information, cookie identifiers, digital identifiers, advertising identifiers where available, approximate location derived from IP address, and other information about how your browser or device interacts with our websites and Services.

1.3 Device permissions on mobile

The App may request the following permissions. You can grant or revoke them in your device settings; some features will not work without them:

  • Bluetooth – to set up and provision devices and configure their Wi-Fi.
  • Camera – to scan a device's QR code during setup.
  • Location, including background location and motion – for geofencing automations as described above.
  • Microphone – to enable voice interactions with our AI Assistant.
  • Notifications – to send you alerts, such as air-quality or automation notifications.
  • Photos / storage – to save diagnostic logs if support is needed.
  • Local network / Wi-Fi – to discover and provision devices on your network.

2. How we use your information

We use the information we collect to:

  • Provide, operate and maintain the Services, including controlling your devices and running your automations;
  • Create and manage your account and authenticate you;
  • Process purchases, subscriptions, warranties, refunds, discounts and fulfillment;
  • Provide the Indoor Climate Assistant and other AI-powered features and suggestions, including schedule, Climate React and energy optimizations;
  • Send transactional messages, push notifications and service-related communications;
  • Send marketing communications, including email and SMS/text messages, where permitted, and personalize them;
  • Provide customer support and respond to your requests;
  • Administer promotions, referral programs, partner campaigns, distribution activities and affiliate programs;
  • Monitor, troubleshoot, secure and improve the Services, including analytics and crash diagnostics;
  • Measure the effectiveness of our advertising, affiliate, referral and marketing campaigns;
  • Detect, prevent and respond to fraud, abuse, security incidents and technical issues;
  • Comply with legal obligations, respond to lawful requests, and enforce our terms.

3. Legal bases for processing (EEA/UK users)

Where the EU General Data Protection Regulation (GDPR) or UK GDPR applies, we process your personal data on the following legal bases: performance of a contract, to provide the Services you request; your consent, for example for marketing, SMS/text messages, location/geofencing, microphone access and certain cookies or similar technologies; our legitimate interests, to secure, maintain, analyze and improve the Services, prevent fraud, support business operations and measure marketing effectiveness; and compliance with legal obligations.

Where we rely on consent, you may withdraw consent at any time. Withdrawing consent will not affect processing that occurred before withdrawal.

4. How we share your information

We do not sell your personal information for money. We may share information as described below. Some disclosures for cross-context behavioral advertising may be considered "sharing" under California law, and California residents may opt out as described in Section 10.

4.1 Service providers and sub-processors

We use trusted third parties to operate the Services. They process data on our behalf or help us provide business functions under contract. These include, among others:

  • Cloud infrastructure and hosting: Amazon Web Services (AWS) data centers certified to ISO 27001, where our data is stored and processed.
  • Payments, commerce and fulfillment: Shopify, payment processors, shipping and fulfillment providers, and the Apple App Store and Google Play for in-app purchases and subscriptions.
  • Transactional email: Mailgun, to send account, order and support emails.
  • Marketing and lifecycle messaging: Klaviyo and similar providers, to manage marketing profiles and send communications you have opted in to.
  • SMS/text-message delivery: messaging platforms, telecommunications providers, phone companies and vendors that help us deliver and manage text-message programs.
  • Push notifications: Google Firebase Cloud Messaging and Apple Push Notification service.
  • Analytics and diagnostics: Google Firebase, Firebase Analytics, Crashlytics, Google Analytics and Sentry, to understand usage and diagnose crashes and errors.
  • Maps: Google Maps and OpenStreetMap, to display and select locations within the Services.
  • AI providers: OpenAI and similar providers, which process prompts, voice transcripts and related context to power the Indoor Climate Assistant and AI suggestions.
  • Customer support: Plain, Slack and similar tools, to manage and respond to support requests and internal support notifications.
  • Weather data: OpenWeather and similar providers, to provide weather-aware features for your device location.
  • Security / anti-abuse: Cloudflare Turnstile and similar tools, which may receive your IP address and browser information to verify that sign-ups or form submissions are not automated.
  • Advertising, affiliate and attribution partners: advertising networks, social media platforms, affiliate networks and attribution providers, including Rakuten Advertising where applicable, to measure advertising performance, attribute referrals and support commercial campaigns.

4.2 Smart-home and voice integrations you choose to connect

If you link your account to a third-party integration, we share the data necessary to make it work — typically your device list, device state and room or location names. Available integrations may include Amazon Alexa, Google Assistant / Google Home, Apple HomeKit and Siri, IFTTT, Google Nest, Ecobee and Tuya. When you connect one of these, the third party's own privacy policy also applies.

4.3 Energy and demand-response programs

If you enroll in an energy-saving or demand-response program, we share relevant device and thermostat state with the applicable program partner or utility, for example Alarm.com, Virtual Peaker or participating utilities, to deliver the program.

4.4 Other users and organizations

You can share a device with other people in your household, and devices may have multiple users with different permission levels. If you transfer ownership or share a device, related account and device information may be visible to those users. For business, Airbend or anywAiR deployments, organization administrators can manage and access devices, locations and members within their organization.

4.5 Brand partner

For users of the anywAiR / myanywAiR Next App, we may share relevant information with Fujitsu General (FGA) as a co-controller, independent controller or commercial partner, depending on the product, region and relationship.

4.6 Distributors, resellers and business partners

We may share personal information with our business partners, distributors, resellers, installers and other commercial partners where necessary to promote, distribute, sell, install, support or service our products, or to respond to inquiries submitted in connection with partner campaigns. These partners may contact you in connection with Sensibo products and services where permitted by law.

4.7 Advertising, retargeting, affiliate and social media pixels

We may use advertising, retargeting, affiliate, attribution, analytics and social media technologies on our websites, including pixels, tags, cookies, SDKs, server-side events and similar tools provided by advertising networks, social media platforms, affiliate networks and analytics providers. These technologies may collect or receive information such as your IP address, device and browser information, digital identifiers, cookie identifiers, pages viewed, referring URLs, interactions with our ads or website, shopping activity, approximate location, and other information about your use of our websites and campaigns.

Where applicable, these partners may include Meta/Facebook, TikTok, LinkedIn, X/Twitter, Criteo, Quantcast, Google, Rakuten Advertising and other advertising, analytics, affiliate, social media or attribution providers. These partners may use the information to help us measure advertising performance, attribute referrals, deliver or personalize ads, create or infer audiences, prevent fraud, and understand how users interact with our website and campaigns, subject to their own privacy policies and applicable law.

We treat disclosures of personal information for cross-context behavioral advertising as "sharing" where required by California law. California residents may opt out of such sharing as described in Section 10.

4.8 Text-message marketing providers

If you participate in our SMS/text-message marketing program, we use the information you provide to transmit mobile messages, respond to you when necessary, and manage your preferences and opt-outs. We may share this information with platform providers, telecommunications providers, phone companies and other vendors who assist us in delivering text messages. We do not sell, rent, loan, trade, lease or otherwise transfer for profit the phone numbers or customer information collected through our SMS/text-message program, except as necessary to provide the program or as required by law.

4.9 Legal and corporate disclosures

We may disclose information when required by law, to comply with legal process, to protect our rights, users or the public, or in connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets.

5. Cookies, pixels and similar technologies

5.1 Types of technologies we use

Our websites and web dashboards use cookies, pixels, tags, SDKs, local storage, session storage, server-side events and similar technologies. These technologies may be set by Sensibo or by third parties that provide services to us.

5.2 Categories of cookies and similar technologies

  • Strictly necessary technologies. These are required for the website, store, checkout, account login, security, fraud prevention, consent management and core Services to function.
  • Functional technologies. These help remember preferences and improve website or app functionality.
  • Analytics and performance technologies. These help us understand how users interact with our websites and Services, diagnose issues and improve performance.
  • Advertising, retargeting, affiliate and social media technologies. These help us measure campaigns, attribute referrals, understand ad performance, build or measure audiences, and deliver or personalize advertising where permitted by law.

5.3 Consent and control

Non-essential analytics, advertising, retargeting, affiliate and social media cookies or pixels are not required for the website to function. Where required by law, we use these technologies only after obtaining your consent. You may manage your preferences through our cookie banner or preference center, where available, and through your browser or device settings.

Our online store is operated on Shopify, which sets cookies necessary for the store and checkout to function. Shopify and apps installed on the store may also support analytics, advertising, attribution, fraud prevention or similar functions, depending on your choices and applicable law.

5.4 Do Not Sell or Share / targeted advertising opt-out

Where required by law, including California law, you may opt out of the sale or sharing of personal information for cross-context behavioral advertising by using our "Do Not Sell or Share My Personal Information" link, adjusting your cookie preferences where available, or contacting privacy@sensibo.com.

We also honor browser-based opt-out preference signals, such as Global Privacy Control, where required by applicable law and where we can reasonably associate the signal with your browser or device.

6. International data transfers

Sensibo operates globally and our service providers, personnel, affiliates and partners may be located in countries other than your own, including Israel, the United States, the European Union, India and Ukraine. Some of these countries may not provide the same level of data protection as your country of residence. Where we transfer personal data internationally, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses, an adequacy decision, or other lawful transfer mechanisms.

7. Data retention

We retain personal data for as long as your account is active and as needed to provide the Services, and thereafter as required to comply with our legal obligations, resolve disputes and enforce our agreements. Live device measurements are retained for a short period for real-time control, while aggregated or historical measurement data may be retained longer to provide usage history and improve the Services. Marketing, SMS, consent, cookie-preference and advertising-preference records may be retained as needed to honor opt-outs and comply with applicable law. When data is no longer needed, we delete or anonymize it.

8. Security

We implement technical and organizational measures designed to protect your information, including encryption in transit, hashing of passwords, access controls, and hosting on ISO 27001-certified AWS infrastructure. Internal access to personal data is restricted to authorized personnel and is logged. No method of transmission or storage is 100% secure, but we work continuously to safeguard your information.

To report a security concern, vulnerability or suspected misuse, contact security@sensibo.com. We aim to acknowledge security reports within ten business days.

9. Your rights and choices

Depending on where you live, you may have the right to:

  • Access the personal data we hold about you and request a copy;
  • Correct inaccurate or incomplete data;
  • Delete your data, sometimes called the "right to be forgotten";
  • Restrict or object to certain processing;
  • Data portability;
  • Withdraw consent at any time, for example for marketing, SMS/text messages, location or microphone access;
  • Opt out of certain advertising, affiliate, analytics, targeted-advertising or marketing uses where applicable;
  • Not be subject to a decision based solely on automated processing, including profiling, that produces legal effects or similarly significant effects, where this right applies;
  • Lodge a complaint with your local data-protection authority.

You can manage many settings — including geofencing/location, notifications and device sharing — directly in the App. You may unsubscribe from marketing emails using the unsubscribe link included in those emails, opt out of SMS/text messages using the instructions provided in the message, and manage mobile push notifications through the App or your device settings.

To exercise your rights, or to request deletion of your account and associated data, contact privacy@sensibo.com. We will respond within the timeframe required by applicable law.

10. California privacy rights

If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act (CCPA/CPRA), may provide you with additional rights, including the right to know, access, delete, correct, obtain a copy of certain personal information, limit certain uses of sensitive personal information where applicable, and opt out of the sale or sharing of personal information.

We do not sell personal information for money. We may disclose identifiers, internet or other electronic network activity information, commercial information, approximate location information and inferences to advertising, analytics, affiliate, attribution and social media partners in ways that may be considered "sharing" for cross-context behavioral advertising under California law.

California residents may opt out of such sharing by using our "Do Not Sell or Share My Personal Information" link, adjusting cookie preferences where available, enabling a legally recognized opt-out preference signal such as Global Privacy Control, or contacting privacy@sensibo.com.

We will not discriminate against you for exercising your privacy rights.

11. Children's privacy

The Services are not directed to children under the age of 16, and we do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

12. Marketing communications

With your consent where required, we may send you marketing emails, SMS/text messages and notifications. You can opt out at any time using the unsubscribe link in our emails, the opt-out instructions in our SMS/text messages, or by adjusting your notification settings. Transactional and service-related messages are not promotional and will continue as needed to operate your account.

13. Third-party links and services

The Services may contain links to, or integrations with, third-party websites and services that are not operated by us. This Policy does not apply to those third parties, and we encourage you to review their privacy policies.

14. FGA End of Support and End of Service

For the myanywAiR Next App and related FGA product line, Fujitsu General may announce an End of Support date or End of Service date for certain products or services. Where applicable, FGA normally announces End of Support at least three months in advance, and End of Service is normally one year from the End of Support date, unless otherwise stated by FGA or required by applicable law.

15. Changes to this Policy

We may update this Policy from time to time. When we make material changes, we will update the "Last updated" date above and, where appropriate, provide prior notice on our website, in the App, by email, or by other reasonable means. Your continued use of the Services after an update constitutes acceptance of the revised Policy.

16. Contact us

EU Representative (Art. 27 GDPR): Prighter Group, acting as our EU representative. You may contact Prighter regarding GDPR matters at info@prighter.com, through Prighter's online rights-request portal, or by mail at Prighter Group, Vienna, Austria. When contacting Prighter, please reference Sensibo and, where applicable, correspondence ID-16686655.