Information and Privacy Policy

1. Introduction

Engrate AB ("we", "our", "us") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, and share your personal data when you visit our public website or use our platform services.

2. Company Information

Full Company Name: Engrate AB
Registered Address: The Works, Klarabergsgatan 60, 111 21 Stockholm, Sweden
Contact Email: hello@engrate.io

3. Data We Collect

3.1. Public Website

Our public website does not collect any personal data, unless you contact us using the contact form. In that case, we will only use your data to respond to your inquiry. Collected data includes your email address, phone number and any other information you provide in the message.

3.2. Services

If you use any of our services that require a sign in or an API key, we can collect personal data that includes:

• Company email address
• Phone number
• Company name
• Role
• Energy system integration data and configurations
• Platform usage analytics and performance metrics
• Communication and support interaction records
• Authentication and security access logs

4. Purpose of Data Collection

4.1. Public Website

The personal data we collect, according to section 3.1, is used to respond to your inquiry.

4.2. Services

The personal data we collect, according to section 3.2, is used to:

• Provide platform services and customer support
• Process account registration and authentication
• Communicate service updates and important notices
• Ensure platform security and prevent fraud
• Improve our services based on usage patterns

5. Legal Basis for Processing

Our legal basis for processing your personal data includes:

• Consent - By using our services, you agree to our terms and this privacy policy
• Contract performance - To provide services you've requested
• Legitimate interests - To improve our services and ensure security
• Legal obligations - When required by law

6. Data Collection Methods

We collect data directly from you through:

• Your interactions with our services
• Account registration processes
• Contact forms and communications
• Service usage and activity logs

7. Data Sharing and Disclosure

Your data is collected and stored in Engrate AB's systems and authorized service providers used by Engrate AB to provide the service. We do not transfer your data outside the EU.

We do not currently share your personal data with external parties except:

• Legal authorities when required by law
• Authorized service providers who assist in delivering our services (under strict data processing agreements)

We do not sell, rent, or trade your personal data to third parties for marketing purposes.

8. Data Security

We implement and maintain industry-standard cybersecurity practices to ensure the platform and data security. Regular security reviews are conducted to identify and address any vulnerabilities including:

• Industry-standard authentication and authorization protocols for customer and user accounts
• Secure cloud infrastructure utilizing AWS security frameworks and best practices
• Encrypted API communications and data transmission using industry-standard protocols

9. Data Breach Procedures

In the event of a data breach, we will:

• Notify you and the relevant authorities promptly (within 72 hours when required)
• Take immediate steps to mitigate the breach and prevent further unauthorized access
• Investigate the cause and implement additional security measures
• Provide regular updates on our response efforts

10. Data Retention

We retain your personal data in accordance with applicable legal requirements and compliance obligations. Data is retained for the minimum period necessary to fulfill the purposes for which it was collected, unless a longer retention period is required by law.

After the required retention period expires, personal data will be securely deleted or anonymized.

11. User Rights

Under GDPR, you have the following rights:

• Access: Request access to your personal data
• Rectification: Request correction of inaccurate data
• Erasure: Request deletion of your data
• Restriction: Request limitation of processing
• Objection: Object to data processing
• Portability: Request your data in a machine-readable format
• Withdraw consent: Withdraw your consent at any time

You can exercise your rights by contacting us at hello@engrate.io

12. Cookies and Tracking

We use cookies and similar technologies to enhance your experience and improve our services. You can manage cookie preferences through your browser settings.

13. International Data Transfers

We do not transfer personal data outside the European Economic Area (EEA). All data processing occurs within the EEA using service providers that comply with GDPR requirements.

14. User Rights

We may update this privacy policy from time to time to reflect changes in our services, legal requirements, or business practices. You will be informed about material updates through:

• Email notification to your registered email address
• Prominent notice on our website
• In application notifications (for service users)

We encourage you to review this policy periodically to stay informed about how we protect your information.

15. Contact Information for Privacy Inquiries

If you have any questions or concerns about your privacy, please contact us at:

• Email: hello@engrate.io
• Address: The Works, Klarabergsgatan 60, 111 21 Stockholm, Sweden

For urgent privacy matters or to exercise your rights, please use the subject line "Privacy Request" in your email.