estidami
Platform Access
Your Privacy

Privacy Policy

How we collect, use, and protect your personal data and energy information.

Last updated: January 4, 2026

In Short

We collect data to provide analytics and forecasting services. We never sell your data. Your energy and project data remain fully yours.

We use HTTPS/TLS for data in transit and industry-standard server-side encryption for data at rest (AES by default). We process personal data in accordance with applicable data-protection laws, including the EU General Data Protection Regulation (GDPR), where applicable.

Learn more about our enterprise-grade security on our Security page.

Introduction

By accessing or using the estidami website, tools, applications, or services ("Services"), you acknowledge that you have read, understood, and agreed to the terms of this Privacy Policy.

estidami is committed to safeguarding your privacy. This Privacy Policy explains how we collect, use, store, and protect information you provide when using our Services, including any other media form, media channel, mobile website, or mobile application related or connected to it.

Please read this Privacy Policy carefully. If you do not agree with our policies and practices, please do not use our Services.

1. Information We Collect

We may collect the following types of information when you interact with our Services:

Personal Information

  • - Name, email address, phone number, organization, and other identifiers submitted through forms
  • - Account registration details including company name and role
  • - Billing information including payment method, billing address, and transaction history
  • - Any information you provide when contacting us for support

Technical Information

  • - IP address, browser type, device info, and usage data via cookies and analytics tools
  • - Pages visited, time spent on pages, and links clicked
  • - Referring website and exit pages
  • - Unique device identifiers

Energy and Project Data

  • - Building types, energy usage, utility costs, facility specifications, and other data entered into our tools
  • - Energy consumption data from your meters and connected devices
  • - Historical data and analytics for energy efficiency recommendations

2. How We Use Your Information

The information we collect may be used to:

  • - Provide and operate our tools, reports, and Services
  • - Deliver, maintain, and improve estidami Services and user experience
  • - Analyze energy consumption patterns and provide insights
  • - Generate energy consumption forecasts and recommendations
  • - Support AI-assisted analysis, forecasting, summarization, and insights generation where enabled within the Services
  • - Analyze aggregated data to improve the platform
  • - Manage your account, process payments, and send transactional communications
  • - Respond to inquiries or support requests
  • - Send communications, including marketing materials (if opted-in)
  • - Ensure platform security, detect fraud, and comply with applicable laws

3. Legal Basis for Processing

Under GDPR Article 6 and other applicable international privacy laws, we process your personal data based on the following legal grounds:

  • - Contractual Necessity: Processing data necessary to provide and deliver the Services you have requested
  • - Legitimate Interests: Processing data to improve platform performance, prevent fraud, ensure security, and conduct analytics
  • - Consent: Processing data for marketing communications and non-essential features only with your explicit opt-in consent
  • - Legal Compliance: Processing data as required by applicable laws, regulations, and court orders
  • - Objection/Restriction: You may object to or request restriction of certain processing as permitted by law
  • - Complaints: You have the right to lodge a complaint with your local supervisory authority

You have the right to withdraw consent at any time by contacting us at hello@estidami.com.

4. Data Processors and Sub-processors

We use carefully selected service providers to deliver our Services. These processors are bound by data protection agreements and maintain industry-standard security:

Firebase (Google Cloud)

Primary data processor for Firestore database, Cloud Functions, and Authentication services. Google is ISO 27001 certified, SOC 2 Type II compliant, and GDPR compliant.

AI Model Providers

We use third-party artificial intelligence and machine-learning model providers to support certain analytical, forecasting, and natural-language processing features within the Services. These providers process data solely on our behalf and under contractual obligations to protect confidentiality, security, and data protection. Customer content submitted for AI-assisted features is not used by us to train public models and is processed only to deliver the requested functionality, subject to the provider's data-handling practices.

Analytics Providers

Third-party analytics services to understand platform usage and improve user experience.

Email and Communication Services

Services for transactional and marketing communications.

A complete list of current sub-processors is available upon request. We maintain and periodically update this list and will provide notice of material changes where required by law.

5. Data Confidentiality and Ownership

All energy and project data you input remains your property. We do not sell or rent your data. If we use marketing technologies, we do not "sell" or "share" your personal information for cross-context behavioral advertising as defined by applicable law; you may opt out at any time. Data may be used internally in anonymized form for platform improvement, research, and analytics. You retain full ownership and control over your data.

We do not sell personal data. Any marketing or analytics technologies we use are limited to first-party measurement or contextual advertising and do not constitute a "sale" or "sharing" of personal information as defined under applicable privacy laws (including the California Privacy Rights Act).

6. Data Security

We use reasonable and appropriate security measures to protect your data against unauthorized access, alteration, disclosure, or destruction:

  • - Encryption: Data in transit via HTTPS/TLS; data at rest encrypted by Google Cloud (AES by default)
  • - Access Controls: Strict access controls limit who can view your data
  • - Authentication: Multi-factor authentication available (including TOTP)
  • - Monitoring: Continuous monitoring for suspicious activity
  • - Assessments: We conduct periodic security assessments and vulnerability reviews

However, no method of transmission over the internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

7. Sharing and Disclosure

We do not sell your personal information. We may share data with:

  • - Trusted Service Providers: Third parties that assist us in operating our Services for operations (for example, cloud hosting). These providers are bound by confidentiality agreements
  • - Legal Requirements: When required by law or in response to legal process
  • - Business Transfers: In connection with a merger, acquisition, or sale of assets
  • - Your Consent: With your explicit permission for specific purposes

8. Cookies and Tracking Technologies

We use cookies and similar tools (cookies, localStorage, analytics) to enhance your experience and gather usage insights. These include:

  • - Essential Cookies: Required for the Service to function properly
  • - Analytics Cookies: Help us understand how you use our Service and improve platform features
  • - Marketing Cookies: Used to personalize ads and content based on your interests

You can disable cookies in your browser. For non-essential cookies, we rely on your consent via our banner. We also recognize Global Privacy Control (GPC) signals and provide a "Do Not Sell or Share" link where required. Disabling cookies may affect functionality.

9. Data Breach Notification

In the event of a data breach affecting your personal information, we will notify you and relevant authorities as required by applicable law within the legally mandated timeframe. We maintain incident response procedures and security monitoring to prevent unauthorized access.

10. Data Retention

We retain your personal information for as long as necessary to provide our Service and comply with applicable laws, unless a longer retention period is required or permitted for legal, regulatory, tax, or accounting purposes. When you delete your account, we delete or anonymize personal information within 30 days, subject to limited retention in backups and logs that are automatically purged per system schedules (for example, Firestore managed backups can retain up to 14 weeks, and many Cloud Logging buckets default to about 30 days).

11. Your Rights and Children's Privacy

Your Data Rights

You may request access, correction, or deletion of your personal data. Depending on your location, you may have certain rights including:

  • - Access: The right to access the personal information we hold about you
  • - Correction: The right to correct inaccurate or incomplete information
  • - Deletion: The right to request deletion of your information (subject to legal requirements)
  • - Portability: The right to receive your information in a portable format
  • - Opt-Out: The right to opt out of marketing communications

Please note that aggregated, anonymized data may not be deletable as it cannot be associated with you. To exercise these rights, please contact us at hello@estidami.com.

Children's Privacy

Our Services are not directed to children, and we do not knowingly collect personal data from individuals under the minimum age required by applicable law (for example, under 16 in the European Union or under 13 in the United States). If we become aware that such data has been collected, we will take steps to delete it promptly.

12. Updates to This Policy

We may revise this Privacy Policy periodically. Updates will appear here with an updated "Last Updated" date. Your continued use of the Service following changes constitutes your acceptance of the updated Privacy Policy.

13. Contact Us

For questions or concerns about this Privacy Policy or our privacy practices, please contact us at hello@estidami.com.

14. International Data Transfers and Jurisdiction

Data Location and Processing:

estidami operates globally, and your information may be processed in data centers located in the European Union, United States, or other jurisdictions where our service providers (such as Google Cloud or Firebase) operate. We implement Standard Contractual Clauses and comparable safeguards to ensure adequate data protection across borders, in compliance with GDPR and other international data protection frameworks. Where required, we conduct transfer impact assessments and apply supplementary safeguards in line with regulatory guidance. We rely on Standard Contractual Clauses and Google's participation in the EU-U.S. Data Privacy Framework for transfers handled by Google Cloud or Firebase.

Governing Law:

This Privacy Policy and any dispute arising from it shall be governed by and construed in accordance with the laws of England and Wales, without regard to conflict-of-laws principles.

We process personal data in accordance with applicable data-protection laws and regulations in the jurisdictions where our users are located, including the EU General Data Protection Regulation (GDPR) and other international privacy frameworks, where applicable.

By accessing or using the Services, you acknowledge that you have read, understood, and agreed to the terms of this Privacy Policy. If you do not agree with any part of this policy, please discontinue use of our Services.

This Privacy Policy should be read together with our Terms of Service and Security documentation, which further describe how our Services operate.