Updated Story with Eufy response:

https://www.macrumors.com/2022/11/29/eufy-camera-cloud-uploads-no-user-consent/

“Eufy Security is designed as a local home security system. All video footage is stored locally and encrypted on the user's device. With regard to eufy Security’s facial recognition technology, this is all processed and stored locally on the user's device.

Our products, services and processes are in full compliance with General Data Protection Regulation (GDPR) standards, including ISO 27701/27001 and ETSI 303645 certifications.

To provide users with push notifications to their mobile devices, some of our security solutions create small preview images (thumbnails) of videos that are briefly and securely hosted on an AWS-based cloud server. These thumbnails utilize server-side encryption and are set to automatically delete and are in compliance with Apple Push Notification service and Firebase Cloud Messaging standards. Users can only access or share these thumbnails after securely logging into their eufy Security account.

Although our eufy Security app allows users to choose between text-based or thumbnail-based push notifications, it was not made clear that choosing thumbnail-based notifications would require preview images to be briefly hosted in the cloud.

That lack of communication was an oversight on our part and we sincerely apologize for our error. This is how we plan to improve our communication in this matter:

1. We are revising the push notifications option language in the eufy Security app to clearly detail that push notifications with thumbnails require preview images that will be temporarily stored in the cloud.

2. We will be more clear about the use of cloud for push notifications in our consumer-facing marketing materials.

eufy Security is committed to the privacy and protection of our users' data and appreciates the security research community reaching out to us to bring this to our attention.”