Data Security
We know that handing over API keys requires trust. Here is exactly how we engineer our systems to keep your home infrastructure safe.
1. Encryption Standards
AES-256 Encryption
Your device credentials (API keys) are secured using AES-256 encryption at rest, using industry-standard cryptographic libraries.
All data in transit between your browser, our servers, and third-party energy APIs is encrypted via TLS 1.2+ (Transport Layer Security).
2. Infrastructure & Access
Cloud Security
Our infrastructure runs on enterprise-grade cloud providers. Databases are protected behind private networking and access controls, and are not directly exposed to the public internet.
Least Privilege Access: Our systems are designed so that engineers do not routinely access raw API keys. Keys are decrypted only programmatically by the optimization engine when required to execute authorized actions.
3. Payment Security
Stripe Processing
We do not handle your credit card numbers. All payments are processed securely by Stripe, a PCI-DSS Level 1 certified payment processor.
4. Audit & Control
We log system actions for security auditing. If our system detects unusual activity, we may temporarily lock access to protect your data.
Emergency Revocation: You can revoke our access instantly at any time by regenerating your device API keys within your manufacturer's app (e.g., Zappi or Solis). This immediately kills our ability to connect.
5. Incident Response
If a data security incident affecting personal data occurs, we will notify affected users and relevant authorities in accordance with UK GDPR requirements.
6. Vulnerability Disclosure
We welcome responsible disclosure from security researchers. If you believe you have found a vulnerability, please contact us immediately at: security@1app.energy.