Sunpath ("we", "us", "our") is operated by Nick Babenko trading as Sunpath. This policy explains what personal data we collect, why we collect it, and your rights under UK GDPR.
Data controller: Nick Babenko trading as Sunpath
Contact: privacy@sunpath.energy
| Category | Examples | Why |
|---|---|---|
| Account data | Name, email address, bcrypt-hashed password | To create and manage your account |
| Energy readings | PV power, battery SoC, grid power, EV power (5-min intervals) | To display live dashboards, history, and insights |
| Third-party credentials | Sunsynk, Hypervolt, Octopus Energy login details | To poll your devices and tariff on your behalf — encrypted at rest with AES-256-GCM |
| System profile | Battery capacity, inverter max output, solar panel orientation | To run optimisation simulations |
| Preferences | Push notification settings | To send the alerts you've opted into |
| Device tokens | APNs push token | To deliver push notifications via Apple |
| Usage events | Anonymous feature event names (e.g. "tariff_compare_run") | To understand which features are used; no PII attached |
| Solar forecasts | Forecast data fetched from Solcast using your panel location | To optimise battery scheduling |
We do not collect or store:
| Processing activity | Legal basis |
|---|---|
| Providing the core app functionality | Contract performance (Article 6(1)(b)) — necessary to deliver the service you signed up for |
| Analytics event tracking | Legitimate interests (Article 6(1)(f)) — to improve the app; events are non-identifiable |
| Sending push notifications | Consent (Article 6(1)(a)) — requested at app launch; you can withdraw in iOS Settings |
| Security logging | Legitimate interests (Article 6(1)(f)) — to detect and prevent abuse |
We share data with the following processors, strictly to deliver the service:
| Processor | Purpose | Data shared |
|---|---|---|
| Sunsynk (api.sunsynk.net) | Fetch inverter readings | Your Sunsynk username/password (encrypted in transit and at rest) |
| Hypervolt (api.hypervolt.co.uk) | Fetch EV charger readings | Your Hypervolt credentials |
| Octopus Energy (api.octopus.energy) | Fetch tariff rates and account data | Your Octopus API key |
| Solcast (api.solcast.com.au) | Solar forecasts | Your panel location and capacity |
| Apple (APNs) | Push notifications | Your device push token |
We do not sell your data to any third party. We do not use your data for advertising.
| Data type | Retention period |
|---|---|
| Account data (name, email, password hash) | Until you delete your account |
| Energy readings | While your account is active; deleted on account deletion |
| Daily summaries | While your account is active; deleted on account deletion |
| Push tokens | Until replaced by a new token or account deletion |
| Password reset tokens | 15 minutes (auto-purged) |
| Usage event logs | 90 days |
You have the right to:
To exercise any right not covered by in-app features, email privacy@sunpath.energy. We will respond within 30 days.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
We do not make any automated decisions that produce legal or similarly significant effects. Battery scheduling recommendations are advisory — you remain in control.
Sunpath is not directed at children under 18. We do not knowingly collect data from children.
We will update this page when our practices change. Material changes will be notified via a push notification or in-app banner. The "last updated" date at the top will always reflect the current version.
Email: privacy@sunpath.energy
Data controller: Nick Babenko trading as Sunpath