Data Privacy
Policy

Account Identifiers: Legal names, professional titles, company affiliation, and contact info (email, phone, business address).

Technical & Authentication Data: Processed via secure identity providers, including IP addresses, MAC addresses, and credentials required for Multi-Factor Authentication (MFA) or Corporate Single Sign-On (SSO).

Project & Energy Data: Site coordinates, 8760 load profiles, raw meter data, and solar production data imported from third-party modeling software.

Usage & Behavioral Data: We track sub-hourly interval interactions and feature engagement to optimize platform performance and facilitate targeted marketing. Sensitive energy and infrastructure data (including CEII and load profiles) is never used for advertising or marketing purposes.

Financial Data: Billing information, transaction codes, and modeling inputs (NPV, IRR, and utility rate structures).

Techno-Economic Optimization: Utilizing AI-driven profiling and the EASI engine to recommend optimal PV, BESS, and generator sizing.

Marketing & Advertising: We use contact details and usage data to provide tailored communications and measure the effectiveness of our marketing efforts. This includes the use of third-party advertising platforms such as LinkedIn. We may share hashed identifiers (such as obfuscated email addresses), device identifiers, and event data with these platforms. This allows us to perform conversion tracking, retargeting, and 'Matched Audience' campaigns. Sensitive energy and infrastructure data is never shared for these purposes.

Synthetic Data Generation: Leveraging "Smart Gap Fill" strategies to reconstruct incomplete load datasets using neighboring data patterns.

Procurement & Pricing: Matching optimization results to BoxPower hardware kits and contractual Bills of Materials (BOM).

Research & Grid Planning: Supporting coordinated decision-making for integrated grid planning and carbon pricing reporting.

Differential Privacy (DP): We apply mathematical noise (Laplacian/Gaussian) to query results to ensure individual consumption records cannot be inferred. We implement a Privacy Budget to prevent joint privacy leakage across sessions.

Trusted Execution Environments (TEEs): For sensitive computing, we utilize hardware-based isolation (e.g., AWS Nitro Enclaves, Intel SGX) to protect data in use from system administrators.

Anonymized Sharing: Data shared with grid stakeholders or research laboratories (e.g., for carbon reporting) undergoes strict DP transformation to prevent re-identification.

Infrastructure: EASI is hosted in an AWS Virtual Private Cloud (VPC) with isolated Security Groups and ACLs.

Encryption: Data is encrypted in transit (TLS 1.2/1.3) and at rest (AES-256).

Compliance: We align with SOC 2 Type II standards to ensure operational integrity.

Residency: Data is primarily stored on AWS servers in the United States (US-East-1).

Data Breach: In the event of a data breach, BoxPower will notify affected users in accordance with applicable US state laws.

Standard Contractual Clauses (SCCs): To ensure a level of protection equivalent to the GDPR.

Data Privacy Framework (DPF): Adherence to the EU-U.S. DPF, the UK Extension, and the Swiss-U.S. DPF as overseen by the U.S. Department of Commerce.

Access & Portability: Request copies of your personal data in a machine-readable format.

Correction & Erasure: Request updates or deletion of your data where no legal retention requirement exists.

Opt-Out: California and Nevada residents may opt-out of the sale or sharing of personal information for cross-context behavioral advertising.

Non-Discrimination: Users will not be penalized for exercising their privacy rights.