Privacy Policy

Last updated: March 4, 2026

Alpengrid Analytics ("we", "us", or "our") operates the Heliotest platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

1. Information We Collect

Personal Information

When you create an account or contact us, we may collect:

  • Name and email address
  • Company or organization name
  • Password (stored in hashed form only)

Usage Data

We automatically collect certain information when you access the Service, including your IP address, browser type, operating system, referring URLs, pages viewed, and the dates and times of your visits.

Technical Data You Upload

You may upload photovoltaic system data files (CSV, Excel) as part of using the Service. These files are stored securely and used solely to provide analysis results to you and your organization.

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Create and manage your account
  • Process and analyze your uploaded PV system data
  • Send transactional emails (e.g., verification, password resets)
  • Respond to your inquiries and support requests
  • Monitor usage patterns to improve the Service
  • Comply with legal obligations

3. Legal Basis for Processing (GDPR)

If you are in the European Economic Area, our legal bases for processing your data are:

  • Contract performance: Processing necessary to provide the Service you signed up for
  • Legitimate interests: Improving our Service, preventing fraud, and ensuring security
  • Consent: Where you have given explicit consent (e.g., marketing communications)
  • Legal obligation: Where we are required to process data by law

4. Data Sharing and Disclosure

We do not sell your personal information. We may share your data only in the following circumstances:

  • Service providers: Trusted third parties that help us operate the Service (e.g., cloud hosting, email delivery, analytics), bound by contractual data-protection obligations
  • Organization members: Data you upload is accessible to members of the same organization within the Service, according to their assigned roles
  • Legal requirements: When required by law, regulation, or legal process

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymize your personal data within 30 days, unless retention is required by law. Data stored in encrypted backups may persist until the backup rotation cycle completes, but remains inaccessible and is not used for any purpose.

Uploaded data files are retained for the duration of your subscription and deleted upon account or organization termination.

6. Data Security

We implement industry-standard technical and organizational measures to protect your data, including encryption in transit (TLS), encrypted storage, access controls, and regular security reviews. However, no method of electronic transmission or storage is 100% secure.

7. Cookies and Analytics

We use essential cookies required for authentication and session management (e.g., the jwt_token cookie). We do not use third-party advertising cookies.

We use Google Analytics to collect anonymized usage data such as pages visited, session duration, and general geographic region. Google Analytics may set its own cookies. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the data we hold about you
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your personal data
  • Portability: Receive your data in a structured, machine-readable format
  • Restriction: Request restriction of processing in certain circumstances
  • Objection: Object to processing based on legitimate interests
  • Withdraw consent: Where processing is based on consent, withdraw it at any time

To exercise any of these rights, please contact us using the details below. You also have the right to lodge a complaint with your local data protection supervisory authority.

9. International Data Transfers

Your data is primarily processed in the United States, where our cloud infrastructure and analytics providers are located. If you access the Service from outside the US, your data may be transferred to and processed in the US. We ensure appropriate safeguards are in place to protect your data regardless of where it is processed.

10. Children's Privacy

The Service is not intended for individuals under the age of 16. We do not knowingly collect personal information from children. If we learn that we have collected data from a child, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date above. Your continued use of the Service after changes constitutes acceptance of the revised policy.

12. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us at:

Alpengrid Analytics
Email: [email protected]

We are not required to appoint a Data Protection Officer (DPO) based on the nature and scale of our processing activities. For any data protection inquiries, please use the contact details above.