Privacy Policy | PeakShift Inc.

At PeakShift Inc. ("we", "us", "our"), protecting your privacy is fundamental to our mission. Unlike other platforms that monetize user data, our business model is based on helping you save money on your energy bills. We do not sell your personal energy usage data to third parties.

1. Data We Collect

We collect information necessary to provide our energy management services. This includes:

Account Information: Name, email address, password, and property details (address, home size, heating type).
Utility Data: Smart meter data, billing history, and rate plan details accessed via Green Button Connect or manual upload.
Developer Data: If you use our API, we collect your organization details, API usage logs, and webhook endpoint configurations.
Google Account Data: If you sign in with Google, we access your email address and profile photo to create your account. We do not access your contacts or other Google data.
Usage Analytics: Information about how you interact with our dashboard and recommendations.

2. Green Button Data Integration

PeakShift Inc. is a certified Green Button Data Custodian. When you connect your utility provider (e.g., Toronto Hydro, Alectra):

We strictly adhere to the Ontario Energy Board data privacy standards.
We only access data scopes you explicitly authorize (e.g., "Read-Only" billing and usage data).
You maintain the right to revoke our access to your utility data at any time via your utility's portal or your PeakShift Inc. settings.

3. Sharing with Installers

You may choose to share your energy data with certified solar and battery installers ("Pro Partners") via our "Magic Link" feature:

Explicit Consent: Data is shared only when you click "Grant Access" on an installer's invite link.
Shared Data Scope: Installers will receive your address, monthly energy usage summaries, and bill averages to create accurate proposals. They do not receive your login credentials.
Independent Controllers: Once you share data with an installer, they become an independent controller of that copy of the data, subject to their own privacy policies.

4. How We Use Your Data

We use your data solely to deliver and improve our services:

Personalized Recommendations: Analyzing usage patterns to suggest load-shifting opportunities (e.g., "Run your dryer after 7 PM").
Savings Calculations: Accurately projecting bill savings based on your specific TOU (Time-of-Use) rate plan.
Grid Optimization: Aggregating anonymized data to help grid operators understand demand peaks (only if you opt-in to Grid Services).

5. Cookies & Tracking

We use cookies and similar technologies to enhance your experience:

Essential Cookies: Required for login sessions and security.
Analytics Cookies: We use Vercel Analytics to understand how our site is used. This data is anonymized and does not track you across other websites.

6. Security Measures

We employ bank-grade security protocols to protect your sensitive information:

Encryption: All data is encrypted at rest using AES-256 and in transit using TLS 1.3.
Access Controls: Strict role-based access control (RBAC) ensures only authorized engineers can access system data.
API Security: Partner access is secured via hashed API keys and HMAC-signed webhooks.
Audits: Regular security audits and penetration testing to identify and remediate vulnerabilities.

For more details, please visit our Security Center.

7. Data Retention & Deletion

We retain your data only as long as your account is active. If you choose to delete your account:

We will permanently delete your personal information and utility credentials within 30 days.
Aggregated, anonymized historical data may be retained for research purposes, but cannot be traced back to you.

1. Data We Collect

We collect information necessary to provide our energy management services. This includes:

Account Information: Name, email address, password, and property details (address, home size, heating type).

Utility Data: Smart meter data, billing history, and rate plan details accessed via Green Button Connect or manual upload.

Developer Data: If you use our API, we collect your organization details, API usage logs, and webhook endpoint configurations.

Google Account Data: If you sign in with Google, we access your email address and profile photo to create your account. We do not access your contacts or other Google data.

Usage Analytics: Information about how you interact with our dashboard and recommendations.

2. Green Button Data Integration

PeakShift Inc. is a certified Green Button Data Custodian. When you connect your utility provider (e.g., Toronto Hydro, Alectra):

We strictly adhere to the Ontario Energy Board data privacy standards.

We only access data scopes you explicitly authorize (e.g., "Read-Only" billing and usage data).

You maintain the right to revoke our access to your utility data at any time via your utility's portal or your PeakShift Inc. settings.

3. Sharing with Installers

You may choose to share your energy data with certified solar and battery installers ("Pro Partners") via our "Magic Link" feature:

Explicit Consent: Data is shared only when you click "Grant Access" on an installer's invite link.

Shared Data Scope: Installers will receive your address, monthly energy usage summaries, and bill averages to create accurate proposals. They do not receive your login credentials.

Independent Controllers: Once you share data with an installer, they become an independent controller of that copy of the data, subject to their own privacy policies.

4. How We Use Your Data

We use your data solely to deliver and improve our services:

Personalized Recommendations: Analyzing usage patterns to suggest load-shifting opportunities (e.g., "Run your dryer after 7 PM").

Savings Calculations: Accurately projecting bill savings based on your specific TOU (Time-of-Use) rate plan.

Grid Optimization: Aggregating anonymized data to help grid operators understand demand peaks (only if you opt-in to Grid Services).

6. Security Measures

We employ bank-grade security protocols to protect your sensitive information:

Encryption: All data is encrypted at rest using AES-256 and in transit using TLS 1.3.

Access Controls: Strict role-based access control (RBAC) ensures only authorized engineers can access system data.

API Security: Partner access is secured via hashed API keys and HMAC-signed webhooks.

Audits: Regular security audits and penetration testing to identify and remediate vulnerabilities.

For more details, please visit our Security Center.

7. Data Retention & Deletion

We retain your data only as long as your account is active. If you choose to delete your account:

We will permanently delete your personal information and utility credentials within 30 days.

Aggregated, anonymized historical data may be retained for research purposes, but cannot be traced back to you.