Introduction

By accessing or using the Energy Manager website, tools, applications, or services ("Services"), you acknowledge that you have read, understood, and agreed to the terms of this Privacy Policy.

Energy Manager is committed to safeguarding your privacy. This Privacy Policy explains how we collect, use, store, and protect information you provide when using our Services, including any other media form, media channel, mobile website, or mobile application related or connected to it.

Please read this Privacy Policy carefully. If you do not agree with our policies and practices, please do not use our Service.

1. Information We Collect

2. How We Use Your Information

The information we collect may be used to:

• - Provide and operate our tools, reports, and Services
• - Deliver, maintain, and improve the Energy Manager Service and user experience
• - Analyze energy consumption patterns and provide insights
• - Generate energy consumption forecasts and recommendations
• - Analyze aggregated data to improve the platform
• - Manage your account, process payments, and send transactional communications
• - Respond to inquiries or support requests
• - Send communications (if opted-in), including marketing materials
• - Ensure platform security, detect fraud, and comply with applicable laws

3. Legal Basis for Processing

Under GDPR Article 6 and other applicable international privacy laws, we process your personal data based on the following legal grounds:

• - Contractual Necessity: Processing data necessary to provide and deliver the Energy Manager Services you have requested
• - Legitimate Interests: Processing data to improve platform performance, prevent fraud, ensure security, and conduct analytics
• - Consent: Processing data for marketing communications and non-essential features only with your explicit opt-in consent
• - Legal Compliance: Processing data as required by applicable laws, regulations, and court orders
• - Objection/Restriction: You may object to or request restriction of certain processing as permitted by law
• - Complaints: You have the right to lodge a complaint with your local supervisory authority

You have the right to withdraw consent at any time by contacting us at privacy@energymanager.app.

4. Data Processors and Sub-processors

We use carefully selected service providers to deliver our Services. These processors are bound by data protection agreements and maintain industry-standard security:

• Firebase (Google Cloud)
  Primary data processor for Firestore database, Cloud Functions, and Authentication services. Google is ISO 27001 certified, SOC 2 Type II compliant, and GDPR compliant.
• Analytics Providers
  Third-party analytics services to understand platform usage and improve user experience.
• Email and Communication Services
  Services for transactional and marketing communications.

A complete list of current sub-processors is available upon request. We maintain and periodically update this list and will provide notice of material changes where required by law.

5. Data Confidentiality and Ownership

All energy and project data you input remains your property. We do not sell or rent your data. If we use marketing technologies, we do not "sell" or "share" your personal information for cross-context behavioral advertising as defined by applicable law; you may opt out at any time. Data may be used internally in anonymized form for platform improvement, research, and analytics. You retain full ownership and control over your data.

6. Data Security

We use reasonable and appropriate security measures to protect your data against unauthorized access, alteration, disclosure, or destruction:

• - Encryption: Data in transit via HTTPS/TLS; data at rest encrypted by Google Cloud (AES by default)
• - Access Controls: Strict access controls limit who can view your data
• - Authentication: Multi-factor authentication available (including TOTP)
• - Monitoring: Continuous monitoring for suspicious activity
• - Assessments: We conduct periodic security assessments and vulnerability reviews

However, no method of transmission over the internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

7. Sharing and Disclosure

We do not sell your personal information. We may share data with:

• - Trusted Service Providers: Third parties that assist us in operating our Services for operations (for example, cloud hosting). These providers are bound by confidentiality agreements
• - Legal Requirements: When required by law or in response to legal process
• - Business Transfers: In connection with a merger, acquisition, or sale of assets
• - Your Consent: With your explicit permission for specific purposes

8. Cookies and Tracking Technologies

We use cookies and similar tools (cookies, localStorage, analytics) to enhance your experience and gather usage insights. These include:

• - Essential Cookies: Required for the Service to function properly
• - Analytics Cookies: Help us understand how you use our Service and improve platform features
• - Marketing Cookies: Used to personalize ads and content based on your interests

You can disable cookies in your browser. For non-essential cookies, we rely on your consent via our banner. We also recognize Global Privacy Control (GPC) signals and provide a "Do Not Sell or Share" link where required. Disabling cookies may affect functionality.

9. Data Breach Notification

In the event of a data breach affecting your personal information, we will notify you and relevant authorities as required by applicable law within the legally mandated timeframe. We maintain incident response procedures and security monitoring to prevent unauthorized access.

10. Data Retention

We retain your personal information for as long as necessary to provide our Service and comply with applicable laws. When you delete your account, we delete or anonymize personal information within 30 days, subject to limited retention in backups and logs that are automatically purged per system schedules (for example, Firestore managed backups can retain up to 14 weeks, and many Cloud Logging buckets default to about 30 days).

11. Your Rights and Children's Privacy

12. Updates to This Policy

We may revise this Privacy Policy periodically. Updates will appear here with an updated "Last Updated" date. Your continued use of the Service following changes constitutes your acceptance of the updated Privacy Policy.

13. Contact Us

For questions or concerns about this Privacy Policy or our privacy practices, please contact us at:

14. International Data Transfers and Jurisdiction

Data Location and Processing:
EnergyManager Pro operates globally, and your information may be processed in data centers located in the European Union, United States, or other jurisdictions where our service providers (such as Google Cloud or Firebase) operate. We implement Standard Contractual Clauses and comparable safeguards to ensure adequate data protection across borders, in compliance with GDPR and other international data protection frameworks. We rely on Standard Contractual Clauses and Google's participation in the EU-U.S. Data Privacy Framework for transfers handled by Google Cloud or Firebase.

Governing Law:
This Privacy Policy and any dispute arising from it shall be governed by and construed in accordance with the laws of the United Arab Emirates. For users located outside the UAE, we comply with applicable regional data-protection laws, including the EU General Data Protection Regulation (GDPR) and other international privacy frameworks.