UtilityAPI strongly supports DataGuard's mission and principles.
Below are our disclosures of how we comply with the DataGuard program.
What is the DataGuard Energy Data Privacy Program?
DataGuard was developed by the U.S. Department of Energy
and industry stakeholders to provide you assurance that your
energy data is being protected and treated responsibly. The
DataGuard Energy Data Privacy Program Voluntary Code of Conduct (VCC)
is a voluntary privacy code that provides utilities and
other companies that access consumer energy usage data with
a framework for protecting their customers’ privacy.
The DataGuard program sets five principles. Below we list
each principle and explain how we comply with each principle.
1. Customer Notice and Awareness
How the customer learns what he or she needs to know to
exercise informed choice.
UtilityAPI provides a vital service for the evolving
energy economy, and we're very proud of what we do. One of
our principles is to be fully transparent about what our
service does regarding your data and privacy. We
work extremely hard to make sure our authorization forms,
agreement terms, and privacy policies are clear and
understandable for everyone. You can check out our current
authorization terms and policies below. We believe these are
best-in-class examples of compliance with DataGuard's
Customer Notice and Awareness principle.
How the customer controls his or her data and under what
Our goal is to have no surprises when using our service, and
you have top-tier control of your data on our system. For
more information on your choices about your information and
how we share that information, please see our
Below are some of the consumer-centric choices you can do
fully online. Easy and immediate, no questions asked,
no phone calls or emails needed.
You can control the duration of your authorization and
access to your utility data.
You can revoke your authorization to share data at any
You can delete the access details and utility data we
collected for you at any time.
In your authorization receipt, you always have immediate
access to the data we have collected as part of your
authorization and disclosure about who has access to your data
(no need to contact us, it's all available online).
Below are the different classifications of data we collect
and who we share that data with (see our
Utility Data -
Your utility account, billing, and usage data that we
collect as part of our service. We only share this
information with the parties you explicitly authorize.
Access Data -
Information you submit to give us access to your utility
account (e.g. access credentials or tokens). We don't
share this information with anyone.
Authorization Data -
Information that's part of authorizations (e.g. what's
on your authorization receipt and records of when/how we
collected your utility data). We may publish anonymous
statistics about authorizations (e.g. how many
authorizations were submitted last month). We may
disclose your authorization records to your utility and
the parties with which you authorized data sharing.
4. Data Integrity and Security
How customer data is maintained.
We handle your personal utility data with the highest respect.
Below are some of the security measures and policies we've
adopted to protect your data.
Utility Data (e.g. utility bills) is always encrypted
at rest (i.e. while stored on disk) and in transit
(i.e. using HTTPS on our website).
Access Data (e.g. login credentials) are encrypted using
hardware security modules and decryption logs are
We don't send your access or utility data outside of
your country of origin. If live in the United States,
your data stays in the U.S. (we don't ship your data
5. Self-Enforcement Management and Redress
How the Voluntary Code of Conduct is followed.
By adopting this Voluntary Code of Conduct, we have committed to:
Regularly review our data collection practices for
accuracy, compliance, and process improvement
To take action to comply with legal and regulatory data
protection requirements and the DataGuard principles.
Provide a simple, efficient, and effective means for
addressing customer concerns. You can let us know of any
such concerns by emailing
Conduct regular training and awareness for all of our
relevant employees on our privacy policies and practices.