Privacy Policy
Last updated: February 19, 2026
1. Information We Collect
Account Information
- Email address and name (provided during registration)
- Password (stored as a one-way bcrypt hash — we cannot read your password)
- IP address and browser information (for security and abuse prevention)
Energy System Data
- OAuth tokens for connected vendor accounts (Tesla, Enphase, etc.) — encrypted at rest
- Energy readings: solar production, battery state, grid import/export, home consumption
- System configuration: location, solar capacity, battery capacity
- Automation rules and execution history
Billing Information
- Stripe customer ID and subscription status
- We do NOT store credit card numbers, CVVs, or bank account details — all payment processing is handled by Stripe
2. How We Use Your Data
- To provide the Service: monitoring, automation, and optimization of your energy system
- To send you notifications about your energy system (if enabled)
- To process payments via Stripe
- To improve the Service through aggregated, anonymized usage analytics
- To respond to support requests
We do NOT sell, rent, or share your personal data with third parties for marketing purposes.
3. Data Security
- All data is transmitted over HTTPS (TLS 1.2+)
- Vendor OAuth tokens are encrypted at rest using AES-256 (Fernet symmetric encryption)
- Passwords are hashed with bcrypt (one-way, cannot be reversed)
- Database access is restricted to the application layer
- Admin actions are logged in an immutable audit trail
4. Data Retention
- Energy readings: retained for the duration of your subscription (up to 365 days for Pro, 7 days for free tier)
- Account data: retained until you delete your account
- Audit logs and consent records: retained indefinitely for legal compliance
- After account deletion: all personal data and energy readings are permanently deleted within 30 days
5. Your Rights (GDPR / CCPA)
You have the right to:
- Access your data — export all your data from the app settings or contact us
- Correct inaccurate data — update your profile at any time
- Delete your data — delete your account and all associated data
- Port your data — export your energy data in standard formats
- Object to processing — contact us to opt out of non-essential data processing
To exercise any of these rights, use the in-app tools or email privacy@gridmindpower.com.
6. Third-Party Services
We use the following third-party services that may process your data:
7. Cookies
The GridMind app uses only essential cookies (session management). The marketing website does not use tracking cookies or analytics. No third-party advertising cookies are used.
8. Children's Privacy
GridMind is not intended for use by anyone under 18 years of age. We do not knowingly collect data from minors.
9. Changes to This Policy
We may update this policy from time to time. We will notify you of material changes via email or in-app notification.
10. Contact
For privacy-related questions or requests: