Information and Privacy Policy

1. Introduction
Engrate AB (“we”, “our”, “us”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, and share your personal data when you visit our public website or use our platform services.

2. Data We Collect
If you use any of our services that require a sign-in or an API key, we may collect personal data including: company email address, phone number, company name, role, energy system integration data and configurations, platform usage analytics and performance metrics, communication and support interaction records, and authentication and security access logs.

3. Legal Basis, Sharing, and Security
Our legal basis for processing your personal data includes consent, contract performance, legitimate interests, and legal obligations. We do not transfer your data outside the EU or sell, rent, or trade your personal data to third parties for marketing purposes. We implement industry-standard cybersecurity practices including encrypted API communications, AWS security frameworks, and authenticated access controls.

4. Data Retention and User Rights
Data is retained for the minimum period necessary to fulfil the purposes for which it was collected, unless a longer retention period is required by law. After the required retention period expires, personal data will be securely deleted or anonymized. Under GDPR, you have rights of access, rectification, erasure, restriction, objection, portability, and withdrawal of consent. To exercise your rights, contact us at support@engrate.io. For urgent privacy matters, use the subject line “Privacy Request”.

5. Data Breach Procedures
In the event of a data breach, Engrate will notify you and the relevant authorities within 72 hours where required, take immediate steps to mitigate the breach, and provide regular updates on response efforts.