Privacy Policy

Our privacy policy and how we use your data

Privacy Policy

Last Updated: December 2024

Introduction and Scope

UpGrid AG ("we," "our," or "us") operates a platform that connects individuals and businesses to local energy communities for buying and selling surplus solar power. This Privacy Policy explains how we collect, use, process, and protect your personal data when you use our energy community platform and services, in accordance with the Swiss Federal Act on Data Protection (FADP) and the European General Data Protection Regulation (GDPR).

This Privacy Policy is governed by Swiss law, and any disputes will be subject to the jurisdiction of Swiss courts.

1. What Personal Data We Collect

Registration and Account Data

When you create an account or join an energy community, we collect:

Full name and contact details (email address, phone number)
Postal address and location information for energy grid mapping
Identity verification documents as required by energy regulations
Billing address and payment information for energy transactions

Energy-Related Data

To facilitate energy trading and community participation, we process:

Solar energy production data from your installations
Energy consumption patterns and meter readings
Surplus energy available for community trading
Community participation preferences and trading history

Technical and Usage Data

We automatically collect technical information to improve our services:

Device type, browser information, and IP address
Platform usage patterns and feature interactions via PostHog analytics
System performance and error logs for service optimization

Communication Data

We track communications to provide better service:

Email engagement and delivery statistics via Encharge
Customer service interactions and support requests
Marketing preferences and communication history

2. How and Why We Use Your Personal Data

Contract Performance

We process your data to fulfill our contractual obligations:

Providing access to the energy community platform
Facilitating energy trading between community members
Processing payments and generating invoices for energy transactions
Providing customer support and technical assistance

Legitimate Business Interests

We may process your data for legitimate business purposes:

Analyzing platform usage to improve user experience and services
Detecting and preventing fraud, abuse, and security threats
Developing new features and services for energy communities
Sending relevant information about our services (with opt-out options)

Legal Compliance

We process data to comply with legal obligations:

Meeting energy sector regulatory requirements
Fulfilling tax reporting obligations for energy transactions
Maintaining records for regulatory audits and investigations

3. Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data based on the following legal grounds:

Consent: For marketing communications and non-essential analytics (Article 6(1)(a))
Contract Performance: To provide energy community services (Article 6(1)(b))
Legal Obligation: To comply with energy regulations and tax laws (Article 6(1)(c))
Legitimate Interests: For platform security, fraud prevention, and service improvement (Article 6(1)(f))

You may withdraw consent at any time where processing is based on consent, without affecting the lawfulness of processing before withdrawal.

4. Data Sharing and Third-Party Services

We share your personal data with trusted third-party service providers who help us operate our platform:

Supabase (Database and Authentication)

Hosts our database and manages user authentication. Data is stored in EU/Swiss data centers with appropriate security measures.

PostHog (Analytics)

Provides behavioral analytics to help us understand platform usage. Personal identifiers are pseudonymized where possible.

Encharge (Email Marketing)

Manages our email communications and marketing automation. You can unsubscribe from marketing emails at any time.

eSignatures.com (Document Signing)

Facilitates electronic signing of energy community contracts and agreements.

We may also share data when required by law, to protect our rights, or in connection with a business transaction.

5. International Data Transfers

Some of our service providers may be located outside Switzerland and the EU. When we transfer your data internationally, we ensure appropriate safeguards are in place:

Transfers to countries with adequacy decisions from the EU Commission
Standard Contractual Clauses (SCCs) or other appropriate safeguards for other countries
We ensure your data receives the same level of protection as required under Swiss and EU law

6. Data Retention and Deletion

We retain your personal data only as long as necessary for the purposes outlined in this policy:

Account data: Retained while your account is active and for 2 years after account closure
Energy transaction data: Retained for 10 years as required by Swiss energy regulations
Marketing communications: Until you unsubscribe or withdraw consent
Legal compliance: As required by applicable laws and regulations

When retention periods expire, we securely delete or anonymize your personal data unless longer retention is required by law.

7. Your Rights Under GDPR

As a data subject, you have the following rights regarding your personal data:

Right of Access: Request a copy of the personal data we hold about you
Right to Rectification: Correct inaccurate or incomplete personal data
Right to Erasure: Request deletion of your personal data (subject to legal retention requirements)
Right to Restriction: Limit how we process your personal data in certain circumstances
Right to Data Portability: Receive your data in a structured, machine-readable format
Right to Object: Object to processing based on legitimate interests or for direct marketing
Right to Lodge a Complaint: Contact the Swiss Federal Data Protection and Information Commissioner (FDPIC) or your local data protection authority

To exercise these rights, please contact us using the information provided below. We will respond within one month of receiving your request.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

Encryption of data in transit and at rest
Access controls and authentication mechanisms
Regular security monitoring and vulnerability assessments
Staff training on data protection and security procedures

While we implement strong security measures, no method of transmission or storage is 100% secure. We continuously review and improve our security practices.

9. Contact Information

For questions about this Privacy Policy or to exercise your data protection rights, please contact:

UpGrid AG

Email: privacy@upgrid.ch

Address: UpGrid AG, Neugasse 28, 6340 Baar, Switzerland

Data Protection Officer: privacy@upgrid.ch

Swiss Data Protection Authority: Federal Data Protection and Information Commissioner (FDPIC)

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will:

Notify you of material changes via email or platform notification
Post the updated policy on our website with a new 'Last Updated' date
Encourage you to review this policy periodically
Obtain your consent for material changes that affect how we process your personal data, where required by law

Privacy Policy

Our privacy policy and how we use your data

Privacy Policy

Last Updated: December 2024

Introduction and Scope

This Privacy Policy is governed by Swiss law, and any disputes will be subject to the jurisdiction of Swiss courts.

1. What Personal Data We Collect

Registration and Account Data

When you create an account or join an energy community, we collect:

Full name and contact details (email address, phone number)
Postal address and location information for energy grid mapping
Identity verification documents as required by energy regulations
Billing address and payment information for energy transactions

Energy-Related Data

To facilitate energy trading and community participation, we process:

Solar energy production data from your installations
Energy consumption patterns and meter readings
Surplus energy available for community trading
Community participation preferences and trading history

Technical and Usage Data

We automatically collect technical information to improve our services:

Device type, browser information, and IP address
Platform usage patterns and feature interactions via PostHog analytics
System performance and error logs for service optimization

Communication Data

We track communications to provide better service:

Email engagement and delivery statistics via Encharge
Customer service interactions and support requests
Marketing preferences and communication history

2. How and Why We Use Your Personal Data

Contract Performance

We process your data to fulfill our contractual obligations:

Providing access to the energy community platform
Facilitating energy trading between community members
Processing payments and generating invoices for energy transactions
Providing customer support and technical assistance

Legitimate Business Interests

We may process your data for legitimate business purposes:

Analyzing platform usage to improve user experience and services
Detecting and preventing fraud, abuse, and security threats
Developing new features and services for energy communities
Sending relevant information about our services (with opt-out options)

Legal Compliance

We process data to comply with legal obligations:

Meeting energy sector regulatory requirements
Fulfilling tax reporting obligations for energy transactions
Maintaining records for regulatory audits and investigations

3. Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data based on the following legal grounds:

Consent: For marketing communications and non-essential analytics (Article 6(1)(a))
Contract Performance: To provide energy community services (Article 6(1)(b))
Legal Obligation: To comply with energy regulations and tax laws (Article 6(1)(c))
Legitimate Interests: For platform security, fraud prevention, and service improvement (Article 6(1)(f))

You may withdraw consent at any time where processing is based on consent, without affecting the lawfulness of processing before withdrawal.

4. Data Sharing and Third-Party Services

We share your personal data with trusted third-party service providers who help us operate our platform:

Supabase (Database and Authentication)

Hosts our database and manages user authentication. Data is stored in EU/Swiss data centers with appropriate security measures.

PostHog (Analytics)

Provides behavioral analytics to help us understand platform usage. Personal identifiers are pseudonymized where possible.

Encharge (Email Marketing)

Manages our email communications and marketing automation. You can unsubscribe from marketing emails at any time.

eSignatures.com (Document Signing)

Facilitates electronic signing of energy community contracts and agreements.

We may also share data when required by law, to protect our rights, or in connection with a business transaction.

5. International Data Transfers

Some of our service providers may be located outside Switzerland and the EU. When we transfer your data internationally, we ensure appropriate safeguards are in place:

Transfers to countries with adequacy decisions from the EU Commission
Standard Contractual Clauses (SCCs) or other appropriate safeguards for other countries
We ensure your data receives the same level of protection as required under Swiss and EU law

6. Data Retention and Deletion

We retain your personal data only as long as necessary for the purposes outlined in this policy:

Account data: Retained while your account is active and for 2 years after account closure
Energy transaction data: Retained for 10 years as required by Swiss energy regulations
Marketing communications: Until you unsubscribe or withdraw consent
Legal compliance: As required by applicable laws and regulations

When retention periods expire, we securely delete or anonymize your personal data unless longer retention is required by law.

7. Your Rights Under GDPR

As a data subject, you have the following rights regarding your personal data:

Right of Access: Request a copy of the personal data we hold about you
Right to Rectification: Correct inaccurate or incomplete personal data
Right to Erasure: Request deletion of your personal data (subject to legal retention requirements)
Right to Restriction: Limit how we process your personal data in certain circumstances
Right to Data Portability: Receive your data in a structured, machine-readable format
Right to Object: Object to processing based on legitimate interests or for direct marketing
Right to Lodge a Complaint: Contact the Swiss Federal Data Protection and Information Commissioner (FDPIC) or your local data protection authority

To exercise these rights, please contact us using the information provided below. We will respond within one month of receiving your request.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

Encryption of data in transit and at rest
Access controls and authentication mechanisms
Regular security monitoring and vulnerability assessments
Staff training on data protection and security procedures

While we implement strong security measures, no method of transmission or storage is 100% secure. We continuously review and improve our security practices.

9. Contact Information

For questions about this Privacy Policy or to exercise your data protection rights, please contact:

UpGrid AG

Email: privacy@upgrid.ch

Address: UpGrid AG, Neugasse 28, 6340 Baar, Switzerland

Data Protection Officer: privacy@upgrid.ch

Swiss Data Protection Authority: Federal Data Protection and Information Commissioner (FDPIC)

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will:

Notify you of material changes via email or platform notification
Post the updated policy on our website with a new 'Last Updated' date
Encourage you to review this policy periodically
Obtain your consent for material changes that affect how we process your personal data, where required by law