⚡ Privacy Policy

1. Introduction

SmartHour ("we," "us," "our," or "Company") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application (the "App") and our website (www.smarthour.app).

SmartHour is an electricity price monitoring application designed for Finnish households to track real-time electricity prices from the Nordic Power Exchange (NordPool) and receive smart recommendations for saving on energy costs.

2. Information We Collect

2.1 Information You Provide Directly

• Account Registration: When you create an account, we collect your email address, username, password, and optional profile information.
• Notification Preferences: Settings for price alerts, preferred hours, price thresholds, and notification channels (push notifications, SMS, email).
• Appliance Preferences: Information about appliances in your home and when you typically use them (optional, for personalized recommendations).
• Feedback and Support: Any communications you send us regarding support, bug reports, or feedback.

2.2 Information Collected Automatically

• Device Information: Device type, operating system, unique device identifiers (IDFA/Android Advertising ID), device settings, and mobile network information.
• Usage Data: How you interact with the App, including screens viewed, features used, actions taken, and time spent on each feature.
• Location Data: Approximate location based on IP address (used to determine electricity price region). We do not collect precise GPS location.
• Log Data: Server logs containing IP address, access times, pages viewed, and referral information.
• Crash Reports: Technical information about app crashes and performance issues.
• Cookies and Similar Technologies: We use cookies and similar tracking technologies on our website to enhance user experience and analyze usage patterns.

2.3 Electricity Price Data

• Public Price Data: We collect real-time electricity prices from NordPool, which is public market data.
• Your Price History: We store your price alerts, preferences, and historical price data to provide personalized recommendations.
• Energy Usage Patterns: Estimated usage patterns based on your appliance preferences (not actual meter data).

2.4 Information from Third Parties

• Push Notification Services: Firebase Cloud Messaging provides device tokens for sending notifications.
• Analytics Services: Analytics providers may share aggregated usage data.
• Supabase Database: User accounts and preferences are stored in our Supabase PostgreSQL database.

2.5 Information You Choose Not to Provide

Some information is required to use SmartHour (such as email and basic account credentials), while other information is optional. If you decline to provide required information, you may not be able to use certain features of the App.

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Core App Functionality

• Provide electricity price tracking and real-time price updates
• Send price alerts and notifications based on your preferences
• Generate personalized recommendations for optimal usage times
• Maintain your account and provide access to saved preferences
• Process your requests and respond to your inquiries

3.2 Service Improvement

• Analyze usage patterns to improve App features and functionality
• Debug technical issues and improve app performance
• Conduct research and analytics to understand user needs
• A/B test new features and functionality

3.3 Communication

• Send transactional emails (account confirmations, password resets, receipt confirmations)
• Send promotional emails and marketing communications (with your consent)
• Notify you of changes to our policies or App features
• Respond to customer support requests

3.4 Safety and Compliance

• Detect, prevent, and address fraud, abuse, and security incidents
• Enforce our Terms of Service and other agreements
• Comply with legal obligations and government requests
• Protect the rights, privacy, safety, and property of SmartHour, users, and the public

3.5 Premium Features

• Verify premium subscription status
• Process subscription payments and manage billing
• Provide premium features and personalized insights

4. Data Sharing and Disclosure

4.1 We Do NOT Sell Your Data

4.2 Who We Share Data With

• Service Providers: We share data with third-party service providers who assist us in operating the App and conducting our business, subject to strict confidentiality agreements. This includes:
  • Supabase (database hosting)
  • Firebase (push notifications and authentication)
  • Vercel (backend hosting)
  • Analytics providers
  • Payment processors for subscription management
• Aggregated and De-identified Data: We may share aggregated, anonymized data that cannot identify you for research, analytics, and marketing purposes.
• Legal Compliance: We may disclose your information if required by law or in response to legal process (court orders, subpoenas, warrants) from government agencies. We will provide notice when legally permitted.
• Business Transfers: If SmartHour is acquired, merged, or experiences a change of control, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your information.
• With Your Consent: We may share your information with third parties when you explicitly consent to such sharing.

4.3 Third-Party Links

Our App and website may contain links to third-party websites and services that are not operated by SmartHour. This Privacy Policy does not apply to third-party websites or services, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party services before providing your information.

5. Data Retention

We retain your personal information for as long as necessary to provide our services, maintain your account, and comply with legal obligations.

When you delete your account, we will remove your personal data from active systems within 30 days. However, some information may be retained in backup systems for up to 90 days as part of our normal backup procedures.

6. Your Privacy Rights

You have the right to access, control, and delete your personal information. You can:

6.1 Access Your Data

Request a copy of the personal information we hold about you. You can access most of this information directly through your account settings in the App.

6.2 Correct Your Data

Update or correct any inaccurate or incomplete personal information through your account settings.

6.3 Delete Your Account and Data

Request deletion of your account and associated personal data. Upon request, we will delete your information within 30 days, except where we are required to retain it for legal or business purposes.

6.4 Export Your Data

Request a portable copy of your personal data in a machine-readable format.

6.5 Opt-Out of Communications

Unsubscribe from promotional emails and marketing communications by clicking the unsubscribe link in emails or adjusting your notification preferences in the App. You will continue to receive transactional emails (account confirmations, password resets, etc.).

6.6 Opt-Out of Tracking

Manage your tracking preferences through your device settings (Limit Ad Tracking on iOS, Opt Out of Ads Personalization on Android). Your device Do Not Track signal will be respected if available.

6.7 How to Exercise Your Rights

To exercise any of these rights, please contact us using the information provided in the Contact Us section below. We will respond to your request within 30 days.

7. Data Security

We take data security seriously and implement appropriate technical and organizational safeguards to protect your personal information against unauthorized access, alteration, disclosure, or destruction.

7.1 Security Measures

• Encryption in Transit: All data transmitted between the App, website, and our servers uses HTTPS/TLS encryption.
• Encryption at Rest: Sensitive data is encrypted when stored in our database.
• Authentication: User accounts are protected with password-based authentication and optional multi-factor authentication.
• Access Control: Only authorized personnel have access to personal information, and we limit their access to what is necessary.
• Firewalls and Intrusion Detection: Our infrastructure includes firewalls and monitoring systems to detect and prevent unauthorized access.
• Regular Security Audits: We conduct regular security assessments and penetration testing to identify and address vulnerabilities.

7.2 Limitations

While we implement robust security measures, no system is completely secure. We cannot guarantee absolute security of your information. You are responsible for maintaining the confidentiality of your account credentials. If you believe your account has been compromised, please contact us immediately.

8. Children's Privacy

SmartHour is not intended for children under the age of 13, and we do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will delete such information and terminate the child's account.

In the European Union and United Kingdom, the applicable age of digital consent is 16, unless lower age thresholds are set by applicable national laws. By using SmartHour, you confirm that you meet the applicable age of digital consent in your jurisdiction.

If you believe that a child has provided information to us, please contact us immediately using the information in the Contact Us section.

9. Third-Party Services and Integration

9.1 Firebase

We use Firebase (owned by Google) for push notifications, cloud messaging, and some analytics. Firebase collects device identifiers and usage information. Please review Google's privacy policy at https://policies.google.com/privacy.

9.2 Supabase

We use Supabase for database hosting and user authentication. Supabase is compliant with GDPR and privacy regulations. Review their privacy policy at https://supabase.com/privacy.

9.3 NordPool Market Data

Electricity price data comes from NordPool, a publicly available market data source. We cache and process this data to provide price tracking functionality. NordPool's data is publicly available and does not contain personal information.

9.4 Analytics

We use analytics services to understand App usage patterns. These services collect anonymous usage data and do not identify you personally.

9.5 Payment Processors

For premium subscription payments, we integrate with third-party payment processors (e.g., Stripe, Paddle). Payment information is processed in compliance with PCI DSS standards, and we do not store complete credit card information on our servers.

10. GDPR and EU Privacy Rights

SmartHour is compliant with the General Data Protection Regulation (GDPR) and other European privacy laws. If you are located in the European Union, European Economic Area, or United Kingdom, the following rights apply:

10.1 Your GDPR Rights

• Right of Access: You have the right to access your personal data and receive a copy in a portable format.
• Right to Rectification: You have the right to correct inaccurate or incomplete data.
• Right to Erasure: You have the right to request deletion of your personal data (with certain legal exceptions).
• Right to Restrict Processing: You can request that we limit how we use your data.
• Right to Data Portability: You can request your data in a structured, commonly-used, machine-readable format.
• Right to Object: You can object to our processing of your data for legitimate interests.
• Right to Withdraw Consent: If we process your data based on consent, you can withdraw that consent at any time.
• Rights Related to Automated Decision Making: You have rights regarding decisions made solely on automated processing that produce legal or similarly significant effects.

10.2 Legal Basis for Processing

We process your personal information based on the following legal bases under GDPR:

• Contract: Processing necessary to perform our services (e.g., providing price tracking)
• Consent: You have given explicit consent (e.g., for marketing communications)
• Legal Obligation: We must comply with legal requirements (e.g., tax laws)
• Legitimate Interest: We have a legitimate interest that is not overridden by your rights (e.g., security, fraud prevention)

10.3 Data Protection Officer

If you have questions about our GDPR compliance, you may contact us at privacy@smarthour.app.

10.4 Supervisory Authority

If you believe we have violated your privacy rights under GDPR, you have the right to lodge a complaint with your local data protection authority:

• Finland: Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto)
• Other EU Countries: Your national data protection authority

10.5 Data Processing Agreement

If you are a business using SmartHour, we can provide a Data Processing Agreement (DPA) upon request to ensure GDPR compliance in our business relationship.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Data Protection Officer (EU)

For GDPR-related inquiries, you may also contact our designated representative for data protection issues at support@smarthour.app.