Privacy Policy
At 1app.energy, we treat your home energy data like a bank treats your money. Locked down, encrypted, and never sold.
1. Data Controller
For the purposes of the UK General Data Protection Regulation (UK GDPR), the Data Controller is:
Archana Bhakta
1app.energy
Sole Trader, United Kingdom
Address: 5 Brayford Square LONDON E1 0SG
2. The Data We Collect
We only collect the minimum data required to optimize your energy usage:
- Device Credentials: API keys for your Inverter, Charger, or Thermostat (stored via AES-256 encryption).
- Energy Telemetry: Real-time solar generation, battery levels, and home consumption data.
- Account Info: Your email address for login and billing.
3. Legal Basis for Processing
Under GDPR Article 6, we process your data under the following legal bases:
- Performance of a Contract: To provide the energy optimization services you signed up for.
- Legitimate Interest: To ensure system security, debug technical issues, and improve algorithm performance.
- Consent: For any optional features where we explicitly ask for your permission.
4. How We Use Your Data
We use your data for one purpose: Optimization. We do not sell your consumption patterns to advertisers, grid operators, or third parties.
Trusted Subprocessors
We may use trusted third-party service providers (e.g., cloud hosting, payment processors like Stripe, or email services) strictly to deliver the service. All subprocessors operate under strict confidentiality agreements and are located within the UK or EEA unless otherwise stated.
Automated Decision-Making
We use automated systems to optimize energy usage (e.g., scheduling EV charging and battery behavior). These decisions do not produce legal or similarly significant effects. You have the right to request a human reviewof any automated decision or override it manually via the dashboard.
5. Security & Encryption
Industry-Standard Security
All API keys are encrypted at rest. Our engineers cannot view your raw credentials. We use isolated, encrypted environments for sensitive operations.
We use industry-standard SSL/TLS for all data in transit. You can revoke our access at any time by changing your device API keys.
6. Data Retention
We hold your data only as long as necessary:
- Active Accounts: Data is retained to provide historical analysis of your savings.
- Deleted Accounts: API credentials and telemetry are permanently deleted from active systems immediately (and removed from backups within 30 days).
- Billing Records: Limited payment history is retained for 6 years as required by UK Tax Law (HMRC).
7. International Data Transfers
UK & EEA Only
We do not transfer personal data outside the UK or European Economic Area (EEA). If this changes, we will update this policy and apply appropriate safeguards (SCCs).
8. Your Rights Under GDPR
You have the right to:
- Access: Request a copy of all data we hold about you.
- Rectification: Correct any inaccurate data.
- Erasure: Request full deletion of your account (the "Kill Switch").
- Portability: Receive your raw data in a machine-readable format (JSON/CSV).
- Objection: Object to our processing of your data.
9. Deletion (Kill Switch)
Right to be Forgotten
If you delete your account, we trigger a "hard delete." Your keys and historical data are wiped from our active servers instantly.
10. Children's Data
1app.energy is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children.
11. Policy Updates
We may update this Privacy Policy from time to time. Material changes will be communicated via the service or email.
12. Contact & Authority
For privacy concerns, contact our privacy team at: privacy@1app.energy
You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):www.ico.org.uk