Privacy Policy

Effective Date: 01 July 2025  |  Last Updated: 01 July 2025

1. Introduction

SolarGridWatch (“we,” “us,” “our”) respects your privacy. This policy explains how we collect, use, disclose and protect information when you use solargridwatch.app or our related services (the “Service”).

2. Information We Collect

  • Account & Contact Data — name, e-mail, phone, address.
  • Utility Share-My-Data — interval energy-usage, meter & billing data that you explicitly authorize via your Utility's OAuth flow.
  • Technical Data — log files, IP addresses, device/browser metadata, cookies.

3. How We Use Your Data

  • Provide, operate and improve the Service (analytics, fault detection, Solar PV monitoring).
  • Respond to inquiries and provide customer support.
  • Comply with legal obligations and Utility Share-My-Data Terms & Conditions.

4. Legal Bases for Processing (CA & U.S. Law)

We process personal information only when we have a valid legal basis, including your consent, contract performance, or legitimate interests that do not override your rights.

5. Sharing & Disclosure

  • With service providers under strict confidentiality and data-processing agreements.
  • With Utilities as required for the Share-My-Data program.
  • With authorities when legally compelled (court order, subpoena, etc.).
  • With your explicit consent for any other disclosures.

6. Retention

Energy-usage data are stored for up to **24 months** after collection unless you withdraw consent sooner; account records are retained as required by tax and regulatory law.

7. Your Choices & Rights

  • Revoke data access at any time in your SolarGridWatch dashboard or via utility's portal.
  • Request access, correction, deletion or portability of your personal information.
  • Opt-out of marketing e-mails via the unsubscribe link.

8. Children’s Privacy

The Service is not directed to children under 13. We do not knowingly collect personal data from children.

9. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be announced via the site or e-mail.

10. Contact Us

Questions? E-mail us at privacy@solargridwatch.app
or write to: **SolarGridWatch, ATTN Privacy, YOUR ADDRESS HERE**.

Data-Protection & Security Policy

Effective Date: 01 July 2025  |  Last Updated: 01 July 2025

1. Purpose & Scope

This policy describes the technical and organizational measures SolarGridWatch applies to protect customer data—particularly utility energy-usage information—against loss, misuse, or unauthorized access.

2. Roles & Responsibilities

  • Data Controller: SolarGridWatch.
  • Data Protection Officer (DPO): solargridwatch@gmail.com.
  • All employees and contractors must follow this policy and complete security training annually.

3. Data Classification

  • Public: marketing materials.
  • Confidential: user account details, energy-usage data.
  • Restricted: authentication tokens, encryption keys.

4. Security Controls

  • Encryption in Transit: TLS 1.2+ with two-way SSL certificates for all applicable utility API traffic.
  • Encryption at Rest: AES-256 server-side encryption for databases and object storage.
  • Access Control: least-privilege IAM, MFA for admin accounts, quarterly access reviews.
  • Network Security: segmented VPC, web-app firewall, automated intrusion detection.
  • Secure Development: OWASP ASVS checklist, code review, dependency vulnerability scanning (SCA), CI/CD secrets scanning.
  • Vendor Management: subprocessors are ISO 27001 or SOC 2 Type II certified and sign DPAs.

5. Incident Response

Incidents are logged 24 × 7. We will notify affected users and utilities within **72 hours** of confirming a breach containing Share-My-Data information.

6. Data Retention & Disposal

  • Utility data older than 24 months are purged or anonymized.
  • Back-ups are encrypted and destroyed on a 30-day rolling schedule.

7. Compliance & Audit

SolarGridWatch complies with utility Share-My-Data Terms, California Consumer Privacy Act (CCPA), and CPUC Electric Rules 24/25.

8. Review & Revision

This policy is reviewed at least annually or whenever significant changes to systems, regulations, or utility requirements occur.

9. Contact

Security questions? E-mail solargridwatch@gmail.com.