Privacy Policy

Last updated: April 2026

1. Who We Are

Joule Genie Ltd ("we", "us", "our") is a company registered in England and Wales. We are the data controller for the personal data described in this policy. We provide smart energy optimisation software that connects to your home energy hardware.

For any questions about this policy or your personal data, contact our data protection contact at: privacy@joulegenie.com

2. What Data We Collect

2.1 Interest Registration

When you register your interest as a consumer, we collect:

Identity data: your name
Contact data: email address, phone number (optional)
Location data: UK postcode, town, and county (for regional analysis, not your full address)
Hardware preferences: which inverters, chargers, vehicles, and tariff providers you use or plan to use
Willingness to assist: whether you are willing to help develop integrations for unsupported hardware
Consent records: timestamps and details of your consent to our terms and marketing preferences

2.2 Partner Registration

When you register as a partner or installer, we additionally collect:

Company data: company name, company type, website
Business data: approximate monthly installs, regions covered, areas of interest

2.3 App Users

If you become an active user of our application, we additionally collect:

Account data: login credentials (passwords are hashed, never stored in plain text)
Integration credentials: credentials for connected third-party services (encrypted at rest using AES-256-GCM)
Energy data: readings from your connected hardware (solar generation, battery state of charge, grid import/export, consumption, EV charging status)
Usage data: how you interact with the application, feature usage, and error logs
Financial data: energy cost calculations and savings estimates (derived from tariff rates and energy readings, not payment card details)

2.4 Website Visitors

When you visit our website, we do not use tracking cookies or analytics services that collect personal data. We may use essential cookies that are strictly necessary for the website to function.

3. How We Use Your Data

We use your personal data for the following purposes:

Purpose	Lawful Basis
To respond to your interest registration and contact you about the service	Legitimate interest (pre-contractual enquiry)
To prioritise which integrations to build based on demand	Legitimate interest (product development)
To provide our energy optimisation service	Performance of contract
To send product updates and marketing emails	Consent (which you can withdraw at any time)
To process partner applications	Legitimate interest (business development)
To comply with legal obligations	Legal obligation
To detect and prevent fraud or security incidents	Legitimate interest (security)

4. Credential Access During Development

If you are selected as an early adopter for a new integration, our developers may require temporary access to your device credentials for development and testing purposes. In these cases:

All credentials are encrypted at rest using AES-256-GCM
Access is restricted to authorised developers on a need-to-know basis
All access is logged and audited
Credentials are transferred to automated systems or securely deleted once the integration is complete
You can revoke access at any time by contacting us

5. Who We Share Your Data With

We do not sell your personal data. We share data only in the following circumstances:

Third-party API providers: when you connect an integration, your credentials are transmitted directly to the relevant hardware or service API (e.g. SunSynk, Octopus Energy) to authenticate your account. See our Third-Party API Declaration for details.
Hosting providers: our infrastructure is hosted on reputable cloud platforms within the UK or EEA. These providers process data on our behalf under appropriate data processing agreements.
Legal requirements: we may disclose personal data if required by law, regulation, or court order.

We do not share your personal data with any other third parties for their own marketing or commercial purposes.

6. International Transfers

We store and process your personal data within the United Kingdom and the European Economic Area (EEA). If any data is transferred outside the UK/EEA (for example, if a third-party API provider's servers are located elsewhere), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the UK Information Commissioner's Office (ICO) or an adequacy decision.

7. Data Retention

Interest registrations: retained for up to 2 years from the date of submission. After this period, data is anonymised or deleted unless you have become an active user.
Partner applications: retained for up to 2 years or for the duration of the partnership, whichever is longer.
Active user accounts: retained for the duration of your use of the service and for 12 months after account closure.
Energy data: retained in accordance with your subscription tier (7 days for free, 90 days for Starter, 1 year for Advanced). Older data is aggregated and anonymised.
Integration credentials: deleted immediately when you disconnect an integration or close your account.

8. Your Rights

Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, you have the following rights:

Right of access — request a copy of the personal data we hold about you
Right to rectification — request correction of inaccurate or incomplete personal data
Right to erasure — request deletion of your personal data where there is no compelling reason for continued processing
Right to restrict processing — request that we limit how we use your data in certain circumstances
Right to data portability — request a machine-readable copy of data you have provided to us
Right to object — object to processing based on legitimate interests, including direct marketing
Right to withdraw consent — where we rely on consent (e.g. marketing emails), you can withdraw it at any time without affecting the lawfulness of prior processing

To exercise any of these rights, email us at privacy@joulegenie.com. We will respond within one calendar month. If we need more time (up to two additional months for complex requests), we will inform you within the initial month.

You will not have to pay a fee to exercise your rights. However, we may charge a reasonable fee or refuse to comply if your request is clearly unfounded or excessive.

9. Data Security

We have implemented appropriate technical and organisational measures to protect your personal data, including:

Encryption at rest (AES-256-GCM) for all sensitive data including integration credentials
Encryption in transit (TLS 1.2+) for all API communications
Password hashing using industry-standard algorithms (bcrypt)
Role-based access controls limiting who can access personal data
Regular security audits and vulnerability assessments
Professional indemnity and cyber liability insurance

10. Children's Data

Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately and we will take steps to delete that information.

11. Complaints

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

Website: ico.org.uk
Telephone: 0303 123 1113
Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

We would appreciate the chance to address your concerns before you approach the ICO, so please contact us first at privacy@joulegenie.com.

12. Changes to This Policy

We may update this privacy policy from time to time. Material changes will be communicated via email to registered users and by updating the "Last updated" date at the top of this page. We recommend reviewing this policy periodically.

13. Contact

For any questions about this privacy policy or your personal data:

Email: privacy@joulegenie.com
General enquiries: hello@joulegenie.com