Last reviewed: 19 September 2025

Privacy Policy

ev.energy operates across multiple jurisdictions with data protection obligations. The company is registered in England under number 11468310 with US subsidiaries. Data handling follows GDPR (EU/EEA), UK GDPR, CPRA (California), Australian Privacy Principles, and other regional requirements.

Users can withdraw consent anytime via account settings or by contacting the company.

1. Introduction

ev.energy is committed to protecting your privacy. This policy explains what personal data we collect, how we use it, who we share it with, and the rights you have under applicable data protection law.

2. What information we collect

The service collects several data categories:

  • Identity and Contact Data: name, email, phone
  • Location Data: geographic information for service optimisation (optional)
  • Profile and Consent Data: preferences, survey responses, usage patterns
  • Hardware Data: vehicle, battery, and charger information
  • Energy Data: supplier details, tariffs, meter references
  • Third-Party Account Data: linked accounts with manufacturers or providers
  • Technical Data: device specifications, timezone, locale
  • Transaction and Financial Data: energy usage and payment records
  • Cookies and Tracking Data: managed through Cookiebot

Aggregated, anonymised data may be shared for utilities and service improvements.

3. How we collect and use your data

Collection sources

  • Directly from users during registration
  • Vehicle manufacturers or authorised partners
  • Charging infrastructure and smart chargers
  • Utility companies

Primary uses

  • Service delivery and enhancement
  • Customer support
  • Collaboration with utilities and grid operators
  • Enhanced services and rewards programs
  • Carbon credit claims
  • Demand response notifications and marketing communications

4. Sharing your information

4.1 Service delivery

Third-party providers (sub-processors) access data under strict confidentiality obligations to deliver services.

4.2 Customer support

Support-related sharing includes Identity, Technical, and Hardware Data only as necessary.

4.3 Enhanced services and rewards

Energy Data and Contact Data may be shared with electricity networks, market operators, energy service providers, and carbon credit brokers for program verification.

4.4 Energy company and DSO sharing

Data shared with Distribution System Operators for charging optimisation.

4.5 Legal requirements

Data disclosure occurs when legally compelled (court orders, law enforcement).

4.6 Anonymised data sharing

Aggregated, anonymised data supports service improvements.

4.7 Third parties

Appendix A lists subprocessors; Appendix B lists utility and partner organisations.

4.8 International data transfers

Users consent to cross-border transfers with safeguards like Standard Contractual Clauses ensuring compliance with GDPR and equivalent frameworks.

5. User rights and choices

Deletion

Users can delete accounts via Settings → Account → Close my account. Data is anonymised rather than destroyed to support:

  • Utility audits
  • Climate impact assessment
  • Research and development
  • Regulatory compliance
  • Partnerships and collaborations
  • Business intelligence
  • Third-party audits

Retention: Personally identifiable data is retained for a maximum of 7 years from last service use, subject to legal requirements.

Right to access

Users may request personal data access within 30 days (extendable to 2 months for complex requests). Requests must explain verification purposes. Unreasonable or frivolous requests may be refused.

Correction

Users can request correction of inaccurate data. The company verifies identity before amendments.

Right to restrict processing

Available to UK, EU, and equivalent-law residents when contesting accuracy, objecting to processing, requiring data for legal claims, or preferring restriction over deletion.

6. Data security

Storage locations

  • EU: Primary storage in Ireland for GDPR compliance
  • US: US customer data processed and stored domestically

Encryption

  • At Rest: Industry-standard encryption for all personal, confidential, and financial data
  • In Transit: HTTPS and WSS protocols for secure data exchange

Access control

Authorised personnel only; regular audits and logged access.

SOC 2 compliance

Working toward SOC 2 compliance with regular audits.

International transfers

Standard Contractual Clauses or equivalent safeguards protect cross-border transfers.

Data breach notification

Prompt notification per GDPR and CCPA requirements with breach details and mitigation actions.

User responsibility

Users must maintain strong, unique passwords; ev.energy never requests passwords through unverified channels.

No method of data transmission or storage is completely secure. Users acknowledge inherent internet transmission risks.

7. Children's privacy

Services are not intended for individuals under 18. The company does not knowingly collect personally identifiable information from children under 18 and promptly deletes such data if discovered.

8. Third-party websites and links

The company does not operate external sites and assumes no responsibility for their content or privacy practices.

9. Representation for data subjects in EU

Prighter serves as the privacy representative for users outside the UK.

10. Employee and job applicants privacy

Employees and contractors

A separate Employee Data Privacy Policy governs employment-related data processing.

Job applicants

Personal data collected includes contact details and reference information. Unsuccessful applications are retained for 6 months from closing date.

Categories:

  • Personally Identifiable Information: name, address, email, phone, reference contacts
  • Sensitive Data: not requested during application
  • Electronic Network Activity: cookies (see Cookie Notice)

Subprocessor: Ashby for application management.

11. Third-party integration responsibility

Account holders must inform third parties about potential data collection and sharing. The company provides privacy protections for platform-processed data but cannot control third-party handling of data.

12. User research

Interview recordings are deleted after 3 years or upon relevance conclusion. Transcriptions are retained up to 3 years, then anonymised. Research data is used only for research purposes.

13. Participation in energy markets

The company may access aggregated, anonymised Supplier Volume Allocation (SVA) data from smart meters for:

  • Market participation validation
  • Sharing with trading partners and market operators

Data is aggregated by supplier and grid area without personal identification.

14. Responsible AI principles

Principles guiding AI development and deployment:

  1. Accountable: Robust governance with clear responsibility and monitoring
  2. Safe and Secure: Safeguards against unintended use and unauthorised access
  3. Valid and Reliable: Accurate, consistent, dependable outcomes
  4. Fair and Equitable: Identifies and addresses algorithmic bias
  5. Privacy and Intellectual Property: Protects personal data and respects IP rights
  6. Transparent and Explainable: Clear design rationale and understandable decisions
  7. Sustainable: Environmental and social impact consideration

Partners and suppliers are expected to align with these principles.

Appendix A — Subprocessors

Sub-processors under GDPR definition:

NameRegionPurpose
Amazon Web ServicesEU, US, UK, CACloud hosting
AnthropicUS, EUGenerative AI for internal tools
AvoEUEvent management
BitwardenUS, EUPassword management
Braze Inc.EUCustomer engagement (in-app, email)
ev.energy CorpUSUS subsidiary
FreshworksUS, EUCustomer support, applicant tracking
FinervaUK, EUAccountancy
GoCardlessUKPayment services
Google GeminiUS, EUGenerative AI for internal use
Google DriveUS, EUDocument repository
Google WorkspaceUS, EUCollaboration, file storage, email
HubspotUS, EUCustomer platform (marketing, sales, service)
MicrosoftUS, EUOffice 365
NotionUSInternal wiki
RevenuecatUSIn-app purchases, customer data
SlackUSInternal messaging
SmartcarUS, EUVehicle integration API
SnowflakeUS, EUData warehouse
SpendeskUSExpenses software
StripeUSPayment tool
VantaUS, EUSecurity and compliance monitoring

Appendix B — Partners and customer organisations

Energy suppliers and utility partners

Companies across Australia, the Netherlands, the USA (multiple states), the Republic of Ireland, Germany, the UK, Portugal, Canada, Austria, and France — including AGL Energy, ANWB, Alabama Power, Avangrid, Avista, Clean Power Alliance, Con Edison, Duke Energy, ESB Ireland, E.ON UK, Hawaiian Electric, National Grid, PG&E, Southern Company, and others.

Distribution system operators and network partners

UK-focused: National Grid, Scottish and Southern Electricity Networks, SP Energy Networks, UK Power Networks, Western Power Distribution, Electricity North West, Northern Power Grid, Flexitricity, Piclo, NODES, ELEXON, UKPN, Lightspeed.

International: AusNet (Australia), MP2 Energy and Leap Energy (USA Texas), NIEN (Northern Ireland), Electricity Supply Board (Ireland).

CPO, solar and charger partners

WaEV-charge, Wallbox, Rolec, Brixcell, Indra, Luceco, SyncEV, Maxeon, Schneider, Osprey.

Government agencies and credit partners

BEIS IDSR (UK), California Energy Commission, Innovate UK, Connecticut Green Bank.

OEMs

Tesla (USA California), Volkswagen (Germany), Skoda (Germany), Porsche (Germany), Jeep (USA Ohio), Scania (Sweden).

Contact us

Post:Contact via ICO registration marked for 'ev.energy DPO'
EU Representative:Prighter

Orchestrating the flexible grid.

© Copyright 2026 ev.energy - All Rights Reserved | ev dot energy limited | Company No. 11468310

OCPP 1.6 Fully Certified and Security Certified