Notes on Security, Privacy, Terms

 UtilityAPI is automating the process of collecting and cleaning electric utility data. With explicit authorization from the utility account holder, we pull all relevant data and structure it so it’s easy to use.
 
Notes on Security and Privacy

• We encrypt all utility login passwords we receive using OpenPGP (industry standard strong encryption).
• Utility login passwords are never written to disk in plain text, even temporarily. They are decrypted, held in memory, then forgotten as soon as they are used.
• We keep logs of when passwords are decrypted and by whom (only a limited subset of the collection software and our top sysadmins have permission).
• Our website is 100% https encrypted with forward secrecy, so any credentials submitted to us are always encrypted in transit and cannot be decrypted in the future even if the TLS keys are compromised.
• The account owner may request that we forget, revoke, and/or delete the credentials and any collected data from our servers at any time.
• We consider our access to be read-only. We will not change any billing or account settings while collecting the bill and interval history.
• We only collect the minimum data necessary to provide the bill and interval history to the third party.
• We do not collect any other sensitive data such as credit card numbers (the utility usually doesn't make these available anyway).
• We do not share any collected data with any other party, except the one that has been explicitly approved in the authorization form.
• We do not anonymize or aggregate or sell data to any other party (we are just a collection service).

 
Notes on Terms

• Sometimes, if the user doesn't provide login credentials or doesn't have an online utility account, our software needs to create a temporary account in order to collect the billing and interval history. The login for this account is stored security and the password is encrypted.
• We do NOT share login access with anyone else, and we do not modify the account in any way (i.e. we treat the access as read-only). Our terms of service specifically allow us to share ONLY collected bill and usage data with the approved party.
• We do NOT collect any more data than is necessary to get the billing and interval history. We do not collect any payment setting information such as credit card numbers.
• The account owner may request that we revoke access or delete their data at any time. We will NOT be able to access their account or any temporary accounts created after they request to revoke access.

 
Finally, we're always happy to jump on the phone or respond to any emails with questions about what we do. Our business is helping people get the solar quotes they want, not doing anything shady (a little pun intended).
 
Here's some helpful links:

• https://utilityapi.com/blog/how-does-utilityapi-work
• https://utilityapi.com/blog/what-data-do-we-collect