Privacy Policy

Last Updated: December 4, 2025

1. Introduction

EnergyPager ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our energy attestation platform and services.

By using EnergyPager, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.

2. Information We Collect

2.1 Personal Information

When you create an account or use our services, we may collect:

Email address (for authentication and communication)
User profile information (name, organization, optional)
Wallet addresses (Ethereum/blockchain addresses you connect)
Authentication credentials (handled securely by Firebase)

2.2 Energy Data

When you upload solar or energy production data:

Energy production readings (kWh, timestamps)
System specifications (panel size, inverter type, location)
CSV/JSON files containing historical production data
Photos of solar installations (optional)
Geographic location data (city, state, country - anonymized in attestations)

2.3 Blockchain Data

All on-chain attestations are public and immutable:

Energy production amounts and dates
Attestation metadata (energy type, verification timestamps)
Transaction hashes and wallet addresses
Smart contract interactions

2.4 Automatically Collected Information

Browser type and version
Device information and operating system
IP address (anonymized)
Usage analytics (pages visited, features used)
Performance metrics (page load times, errors)

3. How We Use Your Information

3.1 Service Delivery

Create and manage your user account
Process and verify energy attestations
Enable marketplace transactions
Facilitate blockchain interactions
Provide customer support

3.2 Platform Improvement

Analyze usage patterns to improve our services
Develop new features and functionality
Optimize performance and user experience
Detect and prevent fraud or abuse

3.3 Communication

Send service-related notifications
Respond to inquiries and support requests
Provide updates about platform changes
Send marketing communications (with your consent, opt-out available)

4. Data Storage and Security

4.1 Where We Store Data

Your data is stored using the following services:

Firebase: Authentication, user profiles, file uploads (Google Cloud Platform infrastructure)
Firestore: Attestation metadata, marketplace listings (encrypted at rest)
IPFS/Web3.Storage: Permanent storage of attestation data (decentralized)
Blockchain: On-chain attestations (Ethereum/Base network, public and immutable)

4.2 Security Measures

End-to-end encryption for data transmission (HTTPS/TLS)
Firebase App Check to prevent unauthorized API access
Rate limiting to prevent abuse
Firestore security rules for access control
Regular security audits and monitoring
Multi-factor authentication support

4.3 Data Retention

User accounts: Retained until deletion requested
Attestation data: Permanent (blockchain immutability)
Uploaded files: Retained while account is active
Analytics data: Aggregated and anonymized after 90 days

5. Data Sharing and Disclosure

5.1 Public Information

The following data is publicly accessible:

On-chain attestations (energy amounts, dates, wallet addresses)
Marketplace listings (available RECs, pricing)
Aggregated platform statistics

5.2 Third-Party Service Providers

We share data with trusted service providers:

Google Firebase: Authentication, database, hosting
Ethereum Network: Blockchain attestation storage
IPFS/Web3.Storage: Decentralized file storage
Analytics Providers: Anonymized usage analytics

5.3 Legal Requirements

We may disclose information if required to:

Comply with legal obligations or court orders
Protect our rights, property, or safety
Prevent fraud or abuse
Enforce our Terms of Service

5.4 We Never Sell Your Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

6. Your Rights and Choices

6.1 Access and Portability

Request a copy of your personal data
Export your attestation data
Download uploaded files

6.2 Correction and Update

Update your profile information
Correct inaccurate data (note: blockchain data is immutable)

6.3 Deletion

Delete your account and associated data
Note: Blockchain attestations cannot be deleted due to immutability
Off-chain data will be permanently removed within 30 days

6.4 Opt-Out

Unsubscribe from marketing emails
Disable analytics cookies (may affect functionality)
Withdraw consent for optional data collection

6.5 How to Exercise Your Rights

To exercise any of these rights, please contact us at privacy@energypager.com

7. Cookies and Tracking Technologies

7.1 Essential Cookies

Authentication tokens (session management)
Security features (CSRF protection)

7.2 Analytics Cookies

Firebase Analytics (usage patterns, performance)
Can be disabled in browser settings

7.3 Third-Party Cookies

Wallet providers (MetaMask, WalletConnect)
Blockchain RPC providers

8. Blockchain and Decentralization

8.1 Immutable Data

Data stored on the blockchain (Ethereum/Base) is permanent and cannot be deleted, modified, or hidden. This includes:

Energy attestation amounts and timestamps
Wallet addresses associated with attestations
Transaction history

8.2 Pseudonymity

Blockchain transactions are pseudonymous. While wallet addresses are public, they are not directly linked to your identity unless you choose to disclose this connection.

8.3 IPFS Storage

Files stored on IPFS are decentralized and may be cached by multiple nodes globally. While content is addressable, we do not guarantee complete erasure from the network.

9. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

10. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for international transfers, including:

Google Cloud Platform's global infrastructure (GDPR-compliant)
Standard contractual clauses
Data processing agreements with service providers

11. GDPR Compliance (EU Users)

If you are located in the European Economic Area (EEA), you have additional rights under GDPR:

Right to be informed about data processing
Right of access to your personal data
Right to rectification of inaccurate data
Right to erasure ("right to be forgotten")
Right to restrict processing
Right to data portability
Right to object to processing
Rights related to automated decision making

Legal Basis for Processing: Consent, contract performance, legitimate interests, legal obligations

Data Protection Officer: Contact us at dpo@energypager.com

12. California Privacy Rights (CCPA)

California residents have the right to:

Know what personal information is collected
Know if personal information is sold or disclosed (we do not sell data)
Access personal information
Delete personal information
Opt-out of sale of personal information (not applicable)
Non-discrimination for exercising privacy rights

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically. We will notify you of significant changes by:

Posting a notice on our website
Sending an email to registered users
Updating the "Last Updated" date

Continued use of our services after changes constitutes acceptance of the updated policy.

14. Contact Us

For privacy-related questions, concerns, or requests:

Email:privacy@energypager.com
General Support:hello@energypager.com
Data Protection Officer:dpo@energypager.com

15. Dispute Resolution

If you have concerns about our privacy practices, please contact us first. If the issue is not resolved, you may:

File a complaint with your local data protection authority (EU/EEA residents)
Contact the California Attorney General (California residents)
Seek resolution through arbitration as outlined in our Terms of Service