Privacy Policy

Energy Optima ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

1. Information We Collect

1.1 Information You Provide

When you register for an account or use our Service, you may provide:

• Account Information: Name, email address, password, company name
• Payment Information: Billing address, payment method details (processed by Paddle, our merchant of record; we do not store credit card numbers)
• Project Data: Simulation inputs, project configurations, custom load profiles, and other data you create or upload
• Communications: Messages you send us via email or contact forms

1.2 Information Automatically Collected

When you use our Service, we automatically collect:

• Usage Data: Pages viewed, features used, simulation runs, time spent on platform
• Device Information: Browser type, operating system, IP address, device identifiers
• Error & Performance Data: JavaScript errors, API failures, performance metrics via Sentry (error tracking service)
• Cookies and Similar Technologies: See Section 5 for details on cookies

1.3 Information from Third Parties

We may receive information from:

• Payment Processors: Paddle (merchant of record, payment processing)
• Analytics Services: Google Analytics provides aggregated usage statistics
• Error Tracking Services: Sentry provides error reports with user context (user ID, email) to help us debug issues

2. How We Use Your Information

We use your information to:

• Provide, operate, and maintain the Service
• Process your transactions and send billing notifications
• Respond to your inquiries and provide customer support
• Send you technical notices, updates, and security alerts
• Monitor and analyze usage trends to improve the Service
• Detect, prevent, and address technical issues and security threats
• Comply with legal obligations

Marketing Communications: We will only send marketing emails if you opt in. You can unsubscribe at any time.

3. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

3.1 Service Providers: We share data with third-party service providers who perform services on our behalf:

• Payment Processing: Paddle (merchant of record, payment processing)
• Analytics: Google Analytics (usage statistics, anonymized)
• Error Tracking: Sentry (error reports, session replays, performance monitoring — hosted in Germany, GDPR-compliant)
• Hosting: Cloud hosting providers for data storage and application hosting

3.2 Legal Requirements: We may disclose your information if required by law or in response to valid legal requests from public authorities.

3.3 Business Transfers: If Energy Optima is involved in a merger, acquisition, or asset sale, your information may be transferred as part of that transaction.

3.4 With Your Consent: We may share your information with third parties when you give us explicit consent to do so.

4. Data Security

We implement appropriate technical and organizational measures to protect your information:

• Encryption of data in transit (HTTPS/TLS)
• Encryption of sensitive data at rest
• Regular security assessments and updates
• Access controls and authentication requirements
• Secure password hashing (bcrypt)

However, no method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

5. Cookies and Tracking Technologies

5.1 Cookies We Use

Essential Cookies: Required for the Service to function (authentication, session management). These cannot be disabled.

Analytics Cookies: Google Analytics (GA4) tracks usage patterns to help us improve the Service. These require your consent and can be declined.

Preference Cookies: Remember your theme preference (light/dark mode), category selection on pricing page, and other non-essential preferences.

Error Tracking Cookies: Sentry session replay (50% of sessions) records user interactions to help us reproduce and fix errors. Requires your consent and can be declined.

5.2 Google Analytics

We use Google Analytics 4 (GA4) to understand how visitors use our website. Google Analytics collects information anonymously and reports website trends without identifying individual visitors. Data collected includes:

• Pages viewed and time spent on each page
• Browser and device information
• Geographic location (country/city level, not precise location)
• Referral source (how you arrived at our site)

Google Analytics uses cookies that expire after 1 year. IP addresses are anonymized. You can opt out of Google Analytics by declining our cookie consent banner or using the Google Analytics Opt-out Browser Add-on.

5.3 Sentry Error Tracking

We use Sentry (Hosted in Germany) to track errors and performance issues in our web application. Sentry helps us identify bugs faster and improve the reliability of the Service. When enabled, Sentry may collect:

• Error Reports: JavaScript errors, API failures, stack traces
• User Context: User ID, email address (to identify which users are affected by errors)
• Session Replay: Video-like recording of your interactions (clicks, scrolls, navigation) — enabled for 50% of sessions and 100% of error sessions
• Performance Data: Page load times, API response times, resource loading metrics

Sentry does NOT collect: Passwords, credit card numbers, API keys, or any data you type into password fields (these are automatically masked).

Sentry data is retained for 90 days and then automatically deleted. You can opt out of Sentry session replay by declining our cookie consent banner. Error tracking (without session replay) is always active to help us maintain Service reliability.

For more information about Sentry's privacy practices, visit sentry.io/privacy.

5.4 Managing Cookies

You can control cookies through our cookie consent banner (appears on first visit) or by adjusting your browser settings. Disabling essential cookies may affect Service functionality.

6. Your Rights (GDPR Compliance)

If you are in the European Economic Area (EEA), you have the following rights under GDPR:

• Right to Access: Request a copy of the personal data we hold about you
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data (subject to legal requirements)
• Right to Restriction: Restrict processing of your data in certain circumstances
• Right to Data Portability: Receive your data in a machine-readable format
• Right to Object: Object to processing of your data for certain purposes
• Right to Withdraw Consent: Withdraw consent for data processing at any time

To exercise these rights, contact us at [email protected]. We will respond within 30 days.

7. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. Specific retention periods:

• Account Data: Retained while your account is active, plus 30 days after account deletion
• Project Data: Retained while your account is active, plus 30 days after account deletion
• Payment Records: Retained for 7 years for tax and accounting purposes
• Usage Logs: Retained for 90 days
• Marketing Communications: Until you unsubscribe or request deletion

After these periods, we securely delete or anonymize your data.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. We ensure appropriate safeguards are in place, including:

• Data processing agreements with service providers
• Standard contractual clauses approved by the European Commission
• Compliance with GDPR for EEA residents

9. Children's Privacy

Our Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us, and we will take steps to delete such information.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a notice on the Service. The "Last updated" date at the top of this page indicates when the policy was last revised. Your continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: [email protected]