1. UtilityAPI
2. DataGuard Compliance

DataGuard Compliance

UtilityAPI strongly supports DataGuard's mission and principles. Below are our disclosures of how we comply with the DataGuard program.

What is the DataGuard Energy Data Privacy Program?

DataGuard was developed by the U.S. Department of Energy and industry stakeholders to provide you assurance that your energy data is being protected and treated responsibly. The DataGuard Energy Data Privacy Program Voluntary Code of Conduct (VCC) is a voluntary privacy code that provides utilities and other companies that access consumer energy usage data with a framework for protecting their customers’ privacy.

Website: https://www.smartgrid.gov/data_guard

Download: DataGuard Energy Data Privacy Program Voluntary Code of Conduct.pdf

DataGuard Principles

The DataGuard program sets five principles. Below we list each principle and explain how we comply with each principle.

1. Customer Notice and Awareness

How the customer learns what he or she needs to know to exercise informed choice.

UtilityAPI provides a vital service for the evolving energy economy, and we're very proud of what we do. One of our principles is to be fully transparent about what our service does regarding your data and privacy. We work extremely hard to make sure our authorization forms, agreement terms, and privacy policies are clear and understandable for everyone. You can check out our current authorization terms and policies below. We believe these are best-in-class examples of compliance with DataGuard's Customer Notice and Awareness principle.

• Utility Account Holder Authorization Form
• Utility Account Holder Authorization and Agreement
• Utility Account Holder Privacy Policy

2. Customer Choice and Consent

How the customer controls his or her data and under what limitations.

Our goal is to have no surprises when using our service, and you have top-tier control of your data on our system. For more information on your choices about your information and how we share that information, please see our Terms and Privacy Policy. Below are some of the consumer-centric choices you can do fully online. Easy and immediate, no questions asked, no phone calls or emails needed.

• You can control the duration of your authorization and access to your utility data.
• You can revoke your authorization to share data at any time.
• You can delete the access details and utility data we collected for you at any time.
• You can always contact support@utilityapi.com if you have any questions.

3. Customer Data Access and Participation

How the customer’s data is accessed.

In your authorization receipt, you always have immediate access to the data we have collected as part of your authorization and disclosure about who has access to your data (no need to contact us, it's all available online). Below are the different classifications of data we collect and who we share that data with (see our Terms and Privacy Policy).

• Utility Data - Your utility account, billing, and usage data that we collect as part of our service. We only share this information with the parties you explicitly authorize.
• Access Data - Information you submit to give us access to your utility account (e.g. access credentials or tokens). We don't share this information with anyone.
• Authorization Data - Information that's part of authorizations (e.g. what's on your authorization receipt and records of when/how we collected your utility data). We may publish anonymous statistics about authorizations (e.g. how many authorizations were submitted last month). We may disclose your authorization records to your utility and the parties with which you authorized data sharing.

4. Data Integrity and Security

How customer data is maintained.

We handle your personal utility data with the highest respect. Below are some of the security measures and policies we've adopted to protect your data.

• Utility Data (e.g. utility bills) is always encrypted at rest (i.e. while stored on disk) and in transit (i.e. using HTTPS on our website).
• Access Data (e.g. login credentials) are encrypted using hardware security modules and decryption logs are regularly audited.
• We don't send your access or utility data outside of your country of origin. If live in the United States, your data stays in the U.S. (we don't ship your data overseas).

5. Self-Enforcement Management and Redress

How the Voluntary Code of Conduct is followed.

By adopting this Voluntary Code of Conduct, we have committed to:

• Regularly review our data collection practices for accuracy, compliance, and process improvement opportunities.
• To take action to comply with legal and regulatory data protection requirements and the DataGuard principles.
• Provide a simple, efficient, and effective means for addressing customer concerns. You can let us know of any such concerns by emailing support@utilityapi.com.
• Conduct regular training and awareness for all of our relevant employees on our privacy policies and practices.