Privacy Policy
Last updated: March 2026
Overview
Helikeep (“we”, “us”, “our”) respects your privacy. This policy explains what data we collect, why, and how we handle it.
The short version: We collect your email and your solar system’s sensor data. We don’t sell your data. We don’t track you across the web. You can delete everything at any time.
What We Collect
Account Data
When you create a Helikeep account:
- Email address — used for login, alerts, and account recovery
- Password — stored as a salted hash (we never see your actual password)
- Payment information (PRO users only) — processed by Stripe, never stored on our servers
Device Data
When your Helikeep device is connected to the cloud:
- Sensor readings — battery voltage, solar panel output, load consumption, temperatures, charging mode, energy counters
- Device metadata — hardware ID, firmware version, controller type, last seen timestamp, WiFi signal strength
- Device location — only if you manually add it (not collected automatically)
Usage Data
- Basic analytics — page views, feature usage (anonymized, no personal identifiers)
- Error logs — if something breaks, we log the error to fix it
What We Do NOT Collect
- Location data (unless you manually add it)
- Data from other devices on your network
- Browsing history or cross-site tracking
- Personal information beyond your email
How We Use Your Data
| Data | Purpose |
|---|---|
| Account login, password recovery, alert notifications (PRO), weekly digest (PRO) | |
| Sensor readings | Display on dashboard, generate charts, calculate estimates, trigger automations |
| Device metadata | Device management, firmware updates, troubleshooting |
| Usage analytics | Improve the product, identify bugs |
We do NOT:
- Sell your data to third parties
- Use your data for advertising
- Share individual sensor data with anyone except you (and your organization admin, if applicable)
Data Retention
| Plan | Retention |
|---|---|
| Free | 30 days of sensor data |
| PRO | 1 year of sensor data (hourly averages after 30 days) |
| Account data | Kept until you delete your account |
When data passes its retention period, it is permanently deleted. We do not archive or backup deleted data.
Data Storage and Security
- Location: EU servers (Hetzner, Germany)
- Encryption: TLS in transit (HTTPS, MQTTS). Encrypted at rest (database encryption)
- Access: Only authorized personnel can access production systems. Access is logged
- Passwords: Salted bcrypt hashes. We cannot see or recover your password
Your Rights (GDPR)
You have the right to:
- Access — View all data we hold about you (account settings page)
- Export — Download your sensor data as CSV (PRO feature)
- Rectification — Update your email or account details
- Deletion — Delete your account and all associated data permanently
- Portability — Export your data in a standard format
- Object — Opt out of non-essential communications
To exercise these rights, email privacy@helikeep.com or use the account settings page.
Cookies
We use:
- Session cookies — required for login (expire when you close the browser)
- Authentication tokens — keep you logged in (expire after 30 days)
We do NOT use:
- Tracking cookies
- Third-party advertising cookies
- Cross-site tracking
Third-Party Services
| Service | Purpose | Data Shared |
|---|---|---|
| Stripe | Payment processing (PRO) | Email, payment method (handled by Stripe, never touches our servers) |
| Hetzner | Server hosting | All data is stored here (EU) |
| Cloudflare | Website CDN and DDoS protection | IP addresses (Cloudflare’s privacy policy applies) |
Children
Helikeep is not intended for children under 16. We do not knowingly collect data from children.
Changes
We’ll notify you by email if we make significant changes to this policy. Minor changes (clarifications, formatting) may be made without notice.
Contact
For privacy questions or data requests:
Email: privacy@helikeep.com
Data Controller: Helikeep (company details to be added upon incorporation)