Legal
Privacy Notice
Effective date: 17 May 2026 · Last updated: 17 May 2026
1. Who we are
Energy Modeller Ltd (“we”, “us”) is the data controller for personal data we collect about our installer users. For data about installers’ end customers (homeowners / business customers), the installer is the controller and we act as their processor.
Registered office: TBC, England & Wales. ICO registration number: TBC. Contact: privacy@energymodeller.com.
2. What we collect
From installers (as controller): email, company name, website, phone, brand colours, MCS certificate number, billing details (handled by Stripe; we store only payment IDs and subscription state), service-account audit logs.
From installers’ end customers (as processor on behalf of the installer):name, address, postcode, email, phone, energy bill data, questionnaire responses, chatbot conversations, signature metadata (IP, timestamp, T&Cs hash), smart-meter consumption data (when authorised via n3rgy or similar).
3. Why we process it
- Service delivery— lawful basis: contract. Running the platform you signed up for.
- Billing— lawful basis: contract + legal obligation.
- Service improvement & analytics— lawful basis: legitimate interest, balanced against your privacy.
- Customer support— lawful basis: legitimate interest.
- Marketing emails(only to installers, not end customers) — lawful basis: legitimate interest (B2B) with opt-out in every email.
We do not use installer or end-customer data to train any AI model. Anthropic Claude API calls are sent without training-data opt-in, per their B2B terms.
4. Who we share data with
We use the following subprocessors to deliver the Service. All are bound by data processing agreements with at-least-equivalent protections:
- Vercel— hosting + edge network (US/EU)
- Redis Cloud / Upstash— database storage (EU region)
- Stripe— subscription billing + payment processing
- Resend— transactional email delivery (EU)
- Anthropic— Claude AI for chat, extraction, recommendations (no training-data opt-in)
- Reonic / OpenSolar / Easy PV— design-tool integrations (only when installer explicitly authorises)
- QuickBooks / Xero— accounting integrations (only when installer explicitly connects)
- n3rgy— UK smart-meter data access (only with explicit end-customer consent)
- PVGIS— European Commission solar irradiance dataset (postcode-level lookup, no personal data sent)
5. Retention
- Account data: lifetime of the account, then 6 years post-closure for tax / accounting compliance.
- Quote / share-link data: 30 days from creation, then auto-deleted (unless extended for legal / contractual reason).
- Signed-contract artifacts (signature metadata, T&Cs hash, quote figures hash): 7 years from signing, per UK tax + contract retention norms.
- Service-plan customer records: lifetime of the service plan + 6 years post-cancellation.
- Audit logs & server logs: 90 days rolling.
6. Your rights
Under UK GDPR you have the right to:
- Access your data
- Rectify inaccurate data
- Erase your data (subject to retention legal requirements)
- Restrict or object to processing
- Data portability (export)
- Complain to the Information Commissioner’s Office (ico.org.uk)
To exercise any of these, email privacy@energymodeller.com.
7. International transfers
Some subprocessors (Vercel, Anthropic, Stripe) process data in the US. We rely on Standard Contractual Clauses + the UK Addendum and, where applicable, the EU-US Data Privacy Framework.
8. Cookies
We use a single httpOnly session cookie (em_session) for authentication. We don’t use analytics or advertising cookies. No banner needed.
9. Changes
Material changes to this Notice will be emailed at least 30 days before they take effect.