Privacy Policy

1. Data Controller

The data controller responsible for your personal data is:

2. Data We Collect

We collect the following categories of personal data:

2.1 Account Data

• Full name and email address
• Phone number (optional)
• Blockchain wallet addresses
• Profile preferences and settings

2.2 Transaction Data

• Energy trade history and amounts
• Carbon credit transactions
• Payment and billing information
• Subscription and plan details

2.3 Usage Data

• IP address and approximate location
• Browser type and device information
• Pages visited and features used
• Date, time, and duration of visits

2.4 Device Data

• Connected IoT device identifiers
• Smart meter readings (with consent)
• Solar panel and battery system data

3. Legal Basis for Processing (GDPR Article 6)

We process your data based on the following legal grounds:

• Consent (Art. 6(1)(a)): Marketing communications and optional analytics
• Contract (Art. 6(1)(b)): To provide our trading and platform services
• Legal Obligation (Art. 6(1)(c)): Financial regulations, KYC/AML compliance
• Legitimate Interest (Art. 6(1)(f)): Fraud prevention, security, and service improvement

4. How We Use Your Data

• Provide and maintain our Platform services
• Process energy trades and transactions
• Generate AI-powered market predictions
• Send transactional notifications and alerts
• Improve our algorithms and user experience
• Detect and prevent fraud and security threats
• Comply with legal and regulatory requirements
• Send marketing communications (with consent)

5. Data Sharing & Third Parties

We may share your data with:

• Service Providers: Cloud hosting, payment processors, analytics
• Blockchain Networks: Transaction data is recorded on public blockchains
• Regulatory Authorities: When required by law
• Business Partners: With your explicit consent only

We do NOT sell your personal data to third parties.

6. Your Privacy Rights

Under GDPR, CCPA, and other privacy laws, you have the right to:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate data
• Right to Erasure: Delete your personal data ("Right to be Forgotten")
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a structured format
• Right to Object: Opt out of certain processing activities
• Right to Withdraw Consent: Revoke consent at any time
• Right to Non-Discrimination: Equal service regardless of privacy choices (CCPA)

7. California Consumer Privacy Act (CCPA)

If you are a California resident, you have additional rights:

• Know what personal information is collected about you
• Know whether your data is sold or disclosed and to whom
• Opt out of the sale of personal information (we do NOT sell data)
• Access your personal information
• Request deletion of your personal information
• Not be discriminated against for exercising your rights

8. Data Retention

We retain personal data for as long as necessary to:

• Provide our services while your account is active
• Comply with legal obligations (e.g., 7 years for financial records)
• Resolve disputes and enforce our agreements

Upon account deletion, we will anonymize or delete your data within 90 days, except where retention is required by law.

9. Cookies & Tracking Technologies

We use cookies and similar technologies for:

• Essential Cookies: Required for authentication and security
• Functional Cookies: Remember your preferences
• Analytics Cookies: Understand how you use our Platform (with consent)

You can manage cookie preferences through your browser settings or our Cookie Settings panel.

10. International Data Transfers

Your data may be transferred to and processed in countries outside your jurisdiction, including Canada and the United States. We use Standard Contractual Clauses (SCCs) approved by the European Commission to ensure GDPR-compliant transfers. Where applicable, we also rely on adequacy decisions or your explicit consent.

11. Data Security

We implement industry-standard security measures including:

• AES-256 encryption for data at rest
• TLS 1.3 encryption for data in transit
• Multi-factor authentication (MFA)
• Regular security audits and penetration testing
• SOC 2 Type II compliance
• ISO 27001 certification

12. Children's Privacy

Our Platform is not intended for users under 18 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately at privacy@soltolaria.com.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or Platform notification at least 30 days before taking effect. The "Last Updated" date at the top reflects the most recent revision.