Privacy Policy

1. Introduction

Capacity Test Optimizer ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application and services (the "Service").

By using the Service, you consent to the data practices described in this policy. If you do not agree with our policies, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

• Account Information: Email address and password when you create an account
• Organization Information: Organization name and team member details
• Plant Data: Power plant information including name, location, capacity ratings, and performance parameters
• Contact Information: Information you provide when contacting us for support
• Payment Information: Billing details processed through our payment provider (Stripe)

2.2 Information Collected Automatically

• Usage Data: Pages visited, features used, and actions taken within the Service
• Device Information: Browser type, operating system, and device identifiers
• Log Data: IP address, access times, and referring URLs
• Cookies: Session cookies for authentication and preferences

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Service
• Generate capacity test recommendations for your plants
• Process your transactions and manage your subscription
• Send you important service notifications and updates
• Respond to your inquiries and provide customer support
• Monitor and analyze usage patterns to improve user experience
• Detect, prevent, and address technical issues and security threats
• Comply with legal obligations

4. Third-Party Services

We use trusted third-party services to operate the Service. These providers have access to your information only to perform specific tasks on our behalf and are obligated to protect your data:

• Supabase: Authentication, database hosting, and data storage
• Stripe: Payment processing and subscription management
• Resend: Transactional email delivery
• Sentry: Error monitoring and application performance tracking
• Vercel: Application hosting and content delivery

4.1 External Data Sources

We integrate data from the following external sources to provide our Service:

• Open-Meteo: Weather forecast and historical meteorological data, used for calculating capacity test correction factors. Data is licensed under CC-BY 4.0.
• U.S. Energy Information Administration (EIA): Power plant capacity data and generator information from public databases.
• PJM Interconnection: Capacity testing guidelines and methodology based on PJM Manual 21B and publicly available resource data.

For complete attribution details and licensing information, see our Data Sources page.

5. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share your information only in these circumstances:

• With Your Consent: When you explicitly authorize us to share information
• Within Your Organization: With other members of your organization who have appropriate access
• Service Providers: With third-party vendors as described above
• Legal Requirements: When required by law, subpoena, or legal process
• Protection of Rights: To protect our rights, privacy, safety, or property
• Business Transfer: In connection with a merger, acquisition, or sale of assets

6. Data Security

We implement appropriate technical and organizational measures to protect your information, including:

• Encryption of data in transit (TLS/HTTPS)
• Encryption of data at rest
• Secure authentication with password hashing
• Role-based access controls
• Regular security assessments

While we strive to protect your information, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

7. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. Specifically:

• Account Data: Retained until you delete your account
• Plant Data: Retained until you delete it or your account is closed
• Usage Logs: Retained for up to 90 days
• Billing Records: Retained as required for tax and legal compliance

After account deletion, we may retain anonymized, aggregated data for analytical purposes.

8. Your Rights

You have the right to:

• Access: Request a copy of your personal data
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your account and associated data
• Export: Request an export of your data in a portable format
• Opt-out: Unsubscribe from marketing communications

To exercise these rights, please contact us at [email protected]. We will respond to your request within 30 days.

9. Cookies

We use essential cookies to enable core functionality such as authentication and session management. These cookies are necessary for the Service to function properly.

We may also use analytics cookies to understand how visitors interact with the Service. You can control cookie preferences through your browser settings.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. These countries may have different data protection laws. We take steps to ensure your data receives adequate protection through appropriate safeguards.

11. Children's Privacy

The Service is not intended for children under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by email or through a notice on the Service. Your continued use of the Service after changes become effective constitutes acceptance of the revised policy.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

• Email: [email protected]
• Or use our contact form