Privacy Policy

Compounding Energy is the data controller for personal data processed through the GridSight platform and the marketing site at compoundingenergy.com.

[LAWYER-REVIEW: confirm legal entity, ICO registration number if required, and registered address before publishing.]

We collect only what we need to run the service:

• Account data: email address, hashed password, name (if provided), organisation name (if provided), selected plan.
• Billing data: billing address, VAT number (if applicable), and a Stripe customer ID. We do not store card numbers — payment details are held directly by Stripe, our payment processor.
• Usage data: API request metadata (timestamp, endpoint, status, approximate latency, API key ID) for rate-limiting, abuse detection, and billing reconciliation.
• Technical data: IP address and user agent for security logs. Retained for up to 30 days unless required for a specific investigation.
• Communications: any messages you send us (support, sales, contract discussions).

We do not collect special-category data (health, biometrics, political views, etc.). We do not collect location data beyond what is derivable from your IP.

Under UK GDPR, we rely on the following lawful bases:

• Contract: processing account and billing data to deliver the service you subscribed to.
• Legitimate interests: security monitoring, fraud prevention, rate-limiting, and product analytics — all balanced against your rights and expectations.
• Legal obligation: retaining invoices and transaction records as required by UK tax law.
• Consent: only for optional marketing emails, which you can opt out of at any time.

We share personal data only with the processors we need to run the service:

• Fly.io — hosting our backend in the London (LHR) region.
• Neon — managed Postgres database hosting in the EU.
• Upstash — Redis cache and rate-limiting.
• Vercel — hosting our marketing site at compoundingenergy.com.
• Stripe — payment processing and invoice generation. Stripe is the controller of card data.
• GoDaddy — domain registration only, no account data processed.

We do not sell personal data. We do not share it with advertisers. We do not use it to train third-party AI models.

Where a processor transfers data outside the UK/EEA (for example Stripe’s US operations), we rely on the UK International Data Transfer Agreement or the EU Standard Contractual Clauses, as applicable. All hosted infrastructure for GridSight itself runs in the UK/EU.

• Active accounts: until you delete the account or cancel your subscription.
• Closed accounts: account data is deleted within 90 days of closure. Invoices and billing records are retained for 6 years under UK tax law.
• Security logs: 30 days, longer only where required for an active investigation.
• Usage metadata: aggregated after 12 months; raw request logs deleted after 90 days.

Under UK GDPR you have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data.
• Request deletion (“right to be forgotten”).
• Restrict or object to processing.
• Receive your data in a portable format (where technically feasible).
• Withdraw consent for marketing at any time.
• Lodge a complaint with the UK Information Commissioner’s Office (ICO) at ico.org.uk.

To exercise any of these rights, email hello@compoundingenergy.com. We will respond within 30 days.

We use TLS everywhere, hash passwords with a modern memory-hard algorithm, and restrict database access to a small set of operational credentials rotated regularly. Infrastructure is hosted in the EU/UK with reputable providers. We review our security posture regularly but no system is ever fully secure — if you believe you have found a vulnerability please email us.

The marketing site uses only strictly-necessary cookies. We do not use advertising or analytics cookies that require consent. The GridSight application uses session cookies for authentication.

We may update this policy from time to time. Material changes will be announced by email to registered users. The “Last updated” date at the top of the page will always reflect the most recent revision.

Questions or requests? Email hello@compoundingenergy.com.