Privacy Policy
Last updated: 18 March 2026
This Privacy Policy explains how solarsimlab.com ("we", "us", or "our") collects, uses, and protects your personal information when you use the Solar Simulation Dashboard ("the Service"). By using the Service you agree to the practices described in this policy.
1. Who We Are
solarsimlab.com by Dave
e: privacy@solarsimlab.com
If you are located in the EU/EEA or UK, we are the data controller for your personal information.
2. Information We Collect
2.1 Account Information
When you create an account we collect:
- Email address
- User ID (an internal identifier assigned by our authentication provider)
2.2 Subscription and Billing Information
When you purchase a paid license we collect:
- Purchase type and date
- License status and expiry date
- Stripe customer ID and checkout session ID
We do not store your full credit card number, CVV, or bank details. Payment card data is handled entirely by Stripe, Inc. — see Section 4 for details.
2.3 Location Data (Paid Users Only)
When you use the address-level simulation feature, you provide a latitude and longitude for your property. This coordinate is transmitted to the NREL PVWatts API to retrieve solar irradiance data and is not persistently stored by us after the API call completes.
Free-tier users use pre-computed city-level data and no specific address or coordinates are collected.
2.4 Technical and Usage Data
We collect standard technical data required to operate the Service, including authentication tokens (managed by AWS Cognito) and server logs generated by AWS Lambda and API Gateway (IP address, request path, timestamps). We do not use cookies for tracking or advertising.
3. How We Use Your Information
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Creating and managing your account | Email, User ID | Contract performance |
| Delivering paid features | User ID, license status | Contract performance |
| Processing payments and issuing licenses | User ID, Stripe customer ID, purchase data | Contract performance |
| Providing solar irradiance data | Lat/lng (paid users) | Contract performance |
| Fraud prevention and security | Logs, User ID | Legitimate interest |
| Complying with legal obligations | Any relevant data | Legal obligation |
We do not sell, rent, or share your personal data with third parties for marketing purposes.
4. Third-Party Services
AWS (Amazon Web Services)
Hosts authentication (Cognito), backend APIs (Lambda/API Gateway), and our database (DynamoDB). Data shared: email, user ID, entitlement records. Privacy policy
Stripe, Inc.
Processes all payment card transactions. Data shared: user ID (as a reference). Stripe independently collects billing and payment card data from you during checkout. Privacy policy
NREL (National Renewable Energy Laboratory)
Provides the PVWatts solar irradiance API used for address-level simulations. Data shared: latitude and longitude (paid users only). No account or identity information is sent. Privacy policy
5. Data Retention
| Data | Retention Period |
|---|---|
| Free account records | Deleted after 1 year of inactivity. We will email you 30 days before deletion. |
| Paid account records | Retained indefinitely (your license is lifetime). Deleted on request. |
| Stripe billing references | 7 years, to meet standard financial record-keeping requirements. |
| Server logs | 90 days. |
6. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access — request a copy of the data we hold about you.
- Correction — ask us to correct inaccurate data.
- Deletion — request that we delete your account and associated data.
- Portability — request your data in a portable format.
- Objection / Restriction — object to or restrict certain processing.
EU/EEA and UK residents have these rights under GDPR / UK GDPR. California residents have rights under the CCPA. Australian residents have rights under the Privacy Act 1988.
To exercise any of these rights, contact us at privacy@solarsimlab.com. We will respond within 30 days.
7. Data Security
All data in transit is encrypted via HTTPS/TLS. Data at rest in DynamoDB is encrypted by AWS. Authentication is handled by AWS Cognito with JWT tokens. Payment data never passes through our servers.
8. International Data Transfers
Our infrastructure is hosted on AWS. Your data may be transferred to and processed in countries outside your own, including the United States. Where required by law (e.g. GDPR), we rely on AWS's Standard Contractual Clauses to safeguard such transfers.
9. Children's Privacy
The Service is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.
10. Changes to This Policy
We may update this policy from time to time. We will notify you of material changes by email or by posting a notice in the Service. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.
11. Contact Us
Email: privacy@solarsimlab.com
If you are in the EU/EEA or UK and are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.