This Privacy Policy describes how PeakShift Inc. ("PeakShift", "we", "us", "our"), a company incorporated in Ontario, Canada, collects, uses, and discloses information when you use our website at peakshift.ca, our homeowner energy dashboard, our Installer Pro Dashboard, and any associated APIs or services (collectively, the "Platform").
PeakShift's business model is built on helping you understand and reduce your energy costs — we do not sell your personal data or energy usage data to any third party for advertising or commercial purposes. This policy is governed by Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and the Ontario Energy Consumer Protection Act.
1. Who We Are
PeakShift Inc. is a utility-certified Green Button data intermediary and B2B SaaS company based in Ontario, Canada. We are authorized data custodians under agreements with the following Ontario electricity distribution companies ("Utilities"):
- Toronto Hydro — serving the City of Toronto
- Alectra Utilities — serving Brampton, Markham, Mississauga, Richmond Hill, Vaughan, and surrounding areas
- Hydro Ottawa — serving Ottawa and Casselman
- Hydro One — serving rural and remote Ontario communities
- London Hydro — serving the City of London, Ontario
- Elexicon Energy — serving Ajax, Pickering, and surrounding municipalities
Our certification means we are required to comply with all applicable Ontario Energy Board (OEB) privacy standards, Green Button Alliance data handling requirements, and Canadian federal privacy law when processing any utility data you authorize us to access.
Utility Service Availability: Access to utility data via Green Button OAuth depends on the operational status of each utility's data portal. Utilities may periodically perform scheduled maintenance or experience service disruptions. PeakShift is not responsible for delays caused by utility outages but will communicate known maintenance windows through our Status Page.
2. Data We Collect
We collect information in three ways: directly from you, automatically when you use the Platform, and from third-party sources (utility providers and Stripe).
2.1 Information You Provide Directly
- Account Information: First and last name, email address, and password (hashed; we never store plaintext passwords). If you sign in with Google OAuth, we receive your email address and display name — we do not access your Google contacts, Drive, Calendar, or any other Google service data.
- Property & Home Profile (Homeowners): Your service address, approximate home size (sq ft), construction year, primary heating type (gas, electric, heat pump), and the number of occupants. This data is used exclusively to improve the accuracy of your energy analysis and solar sizing estimates.
- Organization Profile (Installers): Company name, business address, province, and the name of the primary account holder. This data is used for billing, support, and ensuring your account is set up correctly.
- Uploaded Files: Green Button XML data files (.xml or .csv) uploaded manually via the homeowner dashboard's "Upload Data" feature. These files are parsed to extract energy usage intervals and then stored securely in our database.
- Support Communications: Any emails or messages you send to contact@peakshift.ca or through our contact form.
2.2 Information Collected Automatically
- Usage Analytics: We use Vercel Analytics to collect anonymized, aggregated data about how pages are accessed (page views, session durations, referral sources). This data does not include personally identifiable information and is not tied to your account.
- Log Data: Our infrastructure automatically logs server-side request metadata (IP addresses, request timestamps, HTTP status codes) for security monitoring and debugging. These logs are retained for 30 days and are not used for profiling.
- API Usage Logs (Developer/Platform Accounts): If you use our REST API or webhooks, we log your API key identifier, request timestamps, endpoint paths, and response status codes for rate-limiting, abuse prevention, and billing accuracy.
2.3 Information from Third Parties
- Utility Providers (Green Button OAuth): When you authorize us to connect to your utility account, we receive up to 12 months of hourly smart meter interval data, your account number, rate plan type (e.g., Time-of-Use, ultra-low overnight), and billing address. See Section 3 for full details.
- Stripe (Payment Processing): When you purchase an installer subscription, Stripe processes your payment card information directly. PeakShift only receives a tokenized customer ID and subscription status from Stripe — we never see or store raw card numbers, CVVs, or expiry dates. See Section 7 for full details.
4. Data Processing for Homeowner Dashboard Features
The homeowner dashboard processes your energy data locally within our platform to power the following features. All processing is performed by PeakShift's servers; your raw interval data is never sold or shared with third parties for any of these features.
- Energy History Chart: Visualizes your hourly, daily, and monthly consumption over the past 12 months using data retrieved from your connected utility or uploaded Green Button file.
- Quick Stats (KPIs): Auto-calculates your average daily consumption, monthly cost, and estimated annual bill based on your utility's current TOU rate schedule.
- Smart Recommendations: AI-assisted analysis of your usage patterns to identify actionable load-shifting opportunities (e.g., running appliances during off-peak periods). Recommendations are generated from your anonymized usage profile.
- TOU Rate Optimizer: Analyzes your 12-month interval data against Ontario's Time-of-Use (TOU) rate schedule to calculate how much you could save by shifting discretionary loads (dishwasher, laundry, EV charging) to off-peak periods.
- Bill Spike Detective: Detects anomalous billing periods by comparing your usage against your own historical baseline and flags potential causes (e.g., extreme weather events, appliance failures, billing errors).
- Overnight Waste Detector: Identifies "phantom" energy consumption between midnight and 6 AM that may indicate standby devices, HVAC over-cycling, or water heating inefficiencies.
- Appliance Impact Calculator: Estimates the individual contribution of major appliances (HVAC, water heater, EV charger) to your monthly bill based on usage intervals and provincial average appliance load profiles.
- Rate Intelligence (Live TOU Clock): Shows your current electricity price period in real time based on the Ontario IESO TOU schedule and the season. No personal data is used for this feature — it reflects public rate tables only.
- Historical Comparison: Month-over-month and year-over-year comparisons of your consumption and billing, normalized for degree-day weather effects.
- Savings Dashboard: A unified summary of potential annual savings identified across TOU optimization, solar installation, and behavioral changes.
- Neighbour Comparison: Benchmarks your home's energy intensity (kWh per sq ft per heating degree day) against NRCan national averages for similar home types. This comparison uses aggregated and anonymized regional benchmarks only — not your neighbours' individual data.
- Solar Payback Clock: Estimates your solar system payback period based on your actual annual consumption, local solar irradiance data, current net metering policies, and representative system costs.
- Solar AI Chat: An AI-powered assistant (powered by Google Gemini) that answers questions about solar sizing, battery storage, incentive programs, and electrification. Conversations may be logged for quality assurance and model improvement but are not tied to your identity in any way shared externally. Do not include sensitive personal or financial information in chat messages.
- Data Coverage Indicator: Shows the date range and completeness of your available utility data, helping you understand the confidence level of the analyses.
- Utility Connection Status: Displays the real-time connection health of your linked utility account(s), including the last sync timestamp and any errors.
5. Data Processing for Installer Pro Dashboard
Certified solar and battery installers using the PeakShift Pro Dashboard operate under a separate installer account type. The following describes how we process data in the context of their use of the platform.
- Lead Management (CRM): Installer accounts may create and manage lead records within the platform. Lead records may include a homeowner's name, email address, phone number, property address, estimated system size, and pipeline status. This data is stored within PeakShift's secure database and is accessible only to the installer's organization team members.
- Data Pull Requests (Magic Link): Installers may send "Data Pull Requests" to homeowners via email. Each request generates a unique, time-limited Magic Link. When the homeowner clicks the link and consents, PeakShift retrieves that homeowner's energy data from the utility on the installer's behalf. A "data pull" is counted against the installer's monthly quota. See Section 6 for homeowner consent details.
- Proposal Generation: Once homeowner data is obtained (via consent), the installer can generate a PDF solar or battery storage proposal directly from the platform. Proposals are generated server-side and stored linked to the lead record. Pro plan users can generate white-labeled proposals with their own company branding.
- Analytics Dashboard: Installers can view aggregated pipeline metrics, including total leads, proposal conversion rates, pipeline value, and monthly trends. These analytics reflect the installer's own data only.
- Billing & Subscription Management: Installer accounts can view their current plan, monthly data pull usage, billing history, and manage their payment method through the Billing portal. See Section 7 for details on payment data handling.
- Notifications: Installers receive in-app and email notifications for events such as new homeowner consent completions, approaching monthly pull quota limits, and billing events.
- Settings & Team Management: Organization admins can manage team member accounts (Pro plan: up to 5 users) and configure organization settings.
6. Magic Link Data Sharing & Homeowner Consent
PeakShift's "Magic Link" is the mechanism through which a homeowner explicitly consents to share their energy data with a specific installer. The following governs how this data sharing works:
- Explicit, Granular Consent: Data is shared only when a homeowner receives a Magic Link from a specific installer and actively clicks "Grant Access." Consent is not implied, bundled, or pre-authorized.
- What the Installer Receives: Upon homeowner consent, the installer receives: the homeowner's service address, up to 12 months of monthly energy consumption summaries, the average monthly bill, the rate plan type, and the estimated solar system size calculated by PeakShift's algorithms. Installers do not receive the homeowner's utility account login credentials, utility account number, or raw 15-minute interval data.
- Independent Data Responsibility: Once the homeowner grants access, the installer's organization becomes an independent data controller of the summary data they receive. That data is subject to the installer's own privacy practices, which PeakShift does not control. Homeowners should review each installer's privacy policy before granting access.
- Revoking Shared Access: Homeowners can revoke a previously granted installer access from their PeakShift dashboard at any time. Revocation prevents future data syncs to that installer but does not automatically delete data the installer has already received or stored in their own systems.
- Quota & Rate Limits: Each Magic Link data pull consumes one unit from the installer's monthly quota (Pilot: 10, Starter: 30, Pro: 75). Pay-per-pull plans are billed $25 CAD per pull. This mechanism prevents mass data collection and ensures installers act in good faith.
7. Billing & Payment Data
Installer subscription billing is processed by Stripe, Inc., a PCI DSS Level 1 certified payment processor. PeakShift's handling of payment data:
- Card Data: PeakShift never sees, stores, or processes raw credit card numbers, CVV codes, or bank account details. All payment card information is entered directly into Stripe's secure, hosted checkout form (Stripe Checkout) and is governed by Stripe's Privacy Policy.
- What PeakShift Stores: We store your Stripe Customer ID (a token like
cus_XXXX), your Stripe Subscription ID, your current plan name, subscription status, billing interval, and the dates of your current billing period and trial end. These are stored in our Supabase database and are used only to manage your service access. - Billing Events Audit Log: Each invoice payment, plan change, or subscription event triggers a Stripe webhook that we record in our
billing_eventstable. Each record includes: the event type, the plan name, the total amount charged (in CAD cents), the HST/GST portion, and a link to the Stripe-hosted invoice PDF. This log is visible to your organization admin in the Billing dashboard. - Taxes: PeakShift uses Stripe Tax to automatically calculate and collect applicable Canadian sales taxes (13% HST for Ontario businesses) based on your billing address. Tax amounts are itemized on each invoice.
- Stripe's Data Practices: Stripe is an independent data controller for payment processing. Please review stripe.com/privacy for full details on how Stripe handles payment data.
8. How We Use Your Data
We use the data we collect under the following legal bases under PIPEDA (which requires meaningful consent, identified purpose, and data minimization):
- Service Delivery: Providing, operating, and improving the Platform features described in Sections 4 and 5 above.
- Personalized Energy Analysis: Generating the savings estimates, TOU recommendations, solar sizing calculations, and AI-assisted advice that form the core value of the homeowner dashboard.
- Subscription & Account Management: Processing installer subscriptions, enforcing data pull quotas, sending billing invoices and reminders, and managing plan upgrades or cancellations.
- Security & Fraud Prevention: Monitoring for unusual access patterns, unauthorized API usage, and potential account compromise.
- Product Improvement: Analyzing aggregated, anonymized usage patterns to understand which dashboard features are most valuable and to prioritize development roadmap decisions.
- Legal Compliance: Fulfilling obligations under applicable Canadian law, Ontario Energy Board regulations, and Green Button Alliance certification requirements.
- Communications: Sending transactional emails related to your account (password resets, consent confirmations, billing receipts, trial expiry reminders). We do not send marketing emails without your explicit opt-in.
11. Security Measures
- Encryption at Rest: All data in our Supabase database is encrypted at rest using AES-256 encryption.
- Encryption in Transit: All data transmitted between your browser, our edge servers, and our database uses TLS 1.3.
- OAuth Token Security: Utility OAuth access tokens are stored encrypted and are only decrypted server-side during authorized data sync operations.
- Row-Level Security (RLS): Our database enforces row-level security policies that ensure each user can only access their own data. No SQL query can return another user's data without an explicit policy exception.
- API Authentication: All API endpoints require authenticated session tokens. Stripe webhooks are verified using HMAC-SHA256 signature verification on every incoming event.
- Rate Limiting: API endpoints are rate-limited to prevent abuse and denial-of-service attacks.
- Role-Based Access Control: Installer features are restricted to users with the "installer" or "admin" role. Homeowner accounts cannot access installer billing or lead management features, and vice versa.
- Incident Response: In the event of a data breach affecting personal information, we will notify affected users and the Office of the Privacy Commissioner of Canada as required by PIPEDA's mandatory breach reporting provisions, within the legally required timeframes.
For a comprehensive description of our security architecture, visit our Security Center.
12. Data Retention & Deletion
- Active Accounts: We retain your personal information and energy data for as long as your account is active and you have not requested deletion.
- Account Deletion: If you request account deletion via your Settings page or by emailing contact@peakshift.ca, we will permanently delete your personal information, utility connection tokens, and energy usage data within 30 calendar days.
- Installer Billing Records: Billing event records (invoices) may be retained for up to 7 years as required by Canadian tax and accounting laws (Income Tax Act). These records contain only billing metadata (amounts, dates, plan names) and not energy data.
- Aggregated Research Data: We may retain de-identified, aggregated statistical summaries (e.g., average usage per region, aggregate TOU savings estimates) that cannot be linked back to any individual user.
- Cancelled Installer Subscriptions: When an installer subscription is cancelled, the organization is downgraded to the Pilot tier (10 pull limit). Organization records and lead data remain in the system for 90 days before permanent deletion, during which time the account holder can re-subscribe or export their data.
13. Your Rights Under PIPEDA
As a resident of Canada, you have the following rights with respect to your personal information under the Personal Information Protection and Electronic Documents Act (PIPEDA):
- Right of Access: You may request a copy of the personal information we hold about you, including your energy data, profile information, and billing records.
- Right to Correction: You may request that we correct inaccurate information. Most profile information can be corrected directly in your Settings page.
- Right to Withdraw Consent: You may withdraw your consent to our processing of your data at any time by deleting your account or disconnecting individual utility connections. Withdrawal of consent may affect your ability to use certain features.
- Right to Challenge Compliance: You have the right to challenge our compliance with PIPEDA and to file a complaint with the Office of the Privacy Commissioner of Canada (OPC) at www.priv.gc.ca.
To exercise any of these rights, please contact us at contact@peakshift.ca with the subject line "Privacy Request." We will respond within 30 days.
14. Children and Minors
Our Platform is intended for adults (18 years of age or older). We do not knowingly collect personal information from persons under 18. If we become aware that we have inadvertently collected data from a minor, we will delete it promptly. If you believe a minor has created an account, please contact us at contact@peakshift.ca.
15. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, the services we offer, or applicable laws. When we make material changes, we will:
- Update the "Last Updated" date at the top of this page.
- Display a notice in the Platform dashboard for 30 days.
- For significant changes affecting how we use your data, send an email notification to your registered address.
Your continued use of the Platform after any changes constitutes your acceptance of the updated Policy.
16. Contact & Privacy Officer
If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal information, please contact our Privacy Officer:
- Email: contact@peakshift.ca
- Subject Line: "Privacy Request" or "Data Inquiry"
- Response Time: Within 30 calendar days
- Mailing Address: PeakShift Inc., Ontario, Canada
If you are not satisfied with our response, you may escalate to the Office of the Privacy Commissioner of Canada:
- Website: www.priv.gc.ca
- Toll-free: 1-800-282-1376