Encryption at Rest
All databases and storage volumes are encrypted using AES-256 standards. Your keys are managed via AWS KMS.
SOC 2 Ready Design
Our infrastructure is built on SOC 2 compliant AWS services, designed from day one for strict security controls.
Data Residency
All Canadian user data is stored exclusively in AWS Canada (ca-central-1) region.
Our Security Architecture
PeakShift is built on a "Zero Trust" architecture. This means we assume no user or device is trustworthy by default, even if they are inside our network perimeter.
Compliance & Standards
- Green Button Connect My Data (CMD): We are a fully certified Data Custodian, adhering to the rigorous technical standards set by the Green Button Alliance (GBA) and Ontario Energy Board (OEB).
- PIPEDA: Our privacy practices are designed to meet or exceed the Personal Information Protection and Electronic Documents Act.
Vulnerability Reporting
Found a vulnerability?
We take security reports seriously. If you believe you've found a security issue in our platform, please report it to our security team immediately.
Report VulnerabilityEmployee Access
Access to customer data is tightly restricted. By default, no employee has access to your raw energy usage data. Access is granted only:
- For specific customer support requests you initiate.
- To authorized administrative personnel for debugging critical issues.
- Via time-limited, logged sessions.