Solar Cube Privacy Policy

Effective as of 20 December 2025

1. Introduction

This Privacy Policy explains how Solar Cube manages information obtained from our clients, cooperation partners, website visitors (solarcube.io, the “Website”), Solar Cube device users, and/or from third parties, in order to provide various services and functionalities (the “Services”).

ROYGARD Sp. z o.o (NIP 9571053891 | KRS 0000385936 | REGON 221223967), with its registered office at ul. Roberta Schumana 37, 80-171 Gdańsk, Poland (hereinafter “Solar Cube”, “we”, “us”, “our”) is the data controller of your personal data unless explicitly stated otherwise.

We process your personal data under this Privacy Policy and in accordance with our Terms of Service and applicable laws, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”).

If you have any questions or concerns about this Privacy Policy or our practices, please contact us at info@solarcube.io.

2. Scope

Personal data means any information that relates to an identified or identifiable living individual. Different pieces of information, which when combined can lead to identification of a particular individual, also constitute personal data.

Information about you will be collected if provided by you through certain facilities on our Website or Solar Cube device/portal, for example, if you register a user account, pair a device, or configure your installation profile.

Your data may also be collected from third parties such as social media platforms (e.g., Facebook, LinkedIn) that may share information about how you interact with our social media content (e.g., likes, comments). If you are a potential client or a representative of our business partner, we may collect personal data that is necessary to provide our services or manage the relationship.

3. Core Service Model: Local Processing + Mandatory Cloud Portal

Solar Cube is a home energy management system.

  • Local processing: Most computations and control logic are performed on the Solar Cube device locally (e.g., optimisation calculations, schedules, and device control).
  • Mandatory cloud portal: The Solar Cube web portal is a required part of the service (“must-have”). To operate properly, the service requires cloud connectivity to:
    • store and display historical energy and tariff data in the portal, and
    • store, manage, and deliver a configuration profile required for correct operation of the device and portal.

Cloud hosting: Our cloud environment is hosted on Microsoft Azure in the Poland Central region (Warsaw), unless otherwise stated. (Microsoft Learn)

4. Personal Data Collected, Purposes, and Legal Grounds

4.1. Performance of Agreements (Account, Portal, and Device Pairing)

Purpose: To take steps prior to entering into an agreement, and to conclude, execute, maintain, and terminate the agreement with you (including responding to queries), in accordance with our Terms of Service.

Categories of personal data may include:

  • email address, account ID, authentication metadata (e.g., password hash/SSO identifiers),
  • device pairing identifiers (device ID, pairing tokens),
  • content of your requests (support messages) and related correspondence,
  • access/security logs (e.g., login timestamps, IP address, user agent).

Legal basis: Performance of a contract (GDPR Art. 6(1)(b)); and for certain security logs, legitimate interests (GDPR Art. 6(1)(f)).

4.2. Energy Management Service and Information Service (Portal History)

Purpose: To provide you with energy history views, tariff history, cost calculations, insights, and related portal functionality.

We collect and store (cloud) the following categories of data:

  • historical energy readings and metrics (e.g., consumption/import, feed-in/export, PV production, battery energy values where connected),
  • tariff history and tariff configuration needed for portal calculations and reporting,
  • device ID and other technical identifiers necessary to associate data with your account and device.

Legal basis: Performance of a contract (GDPR Art. 6(1)(b)).

4.3. Installation & Device Configuration Profile (Required for Correct Operation)

Purpose: To store and manage the configuration profile required for correct device operation and portal functionality.

Configuration profile may include (examples):

  • Exact installation address and GPS coordinates (precise location),
  • PV installation parameters (e.g., PV size, orientation/tilt, configuration),
  • inverter technical data (manufacturer/type/model/power) and network identifiers such as IP address and MAC address,
  • battery storage technical data (manufacturer/type/model/power/capacity),
  • buy/sell tariff configuration and related settings,
  • other technical parameters required for proper operation.

Important note on location and identifiers:
Precise address/GPS and network identifiers (IP/MAC) can be personal data when they relate to a household or can be linked to an account.

Legal basis: Performance of a contract (GDPR Art. 6(1)(b)).

4.4. Security, Abuse Prevention, and Service Integrity

Purpose: To secure the Services, prevent abuse/fraud, detect suspicious activity, and maintain service integrity.

Categories of data:

  • access logs (login timestamps, IP addresses),
  • security events (failed logins, suspicious activity indicators),
  • limited operational logs related to service reliability.

Legal basis: Legitimate interests (GDPR Art. 6(1)(f)).

4.5. Customer Support and Service Communications

Purpose: To provide support, respond to enquiries, and manage service communications (including incident notices).

Categories of data:

  • contact data (email),
  • support ticket contents and attachments (if provided),
  • configuration/device identifiers required to resolve the issue.

Legal basis: Performance of contract (GDPR Art. 6(1)(b)) and/or legitimate interests (GDPR Art. 6(1)(f)).

4.6. Cookies and Similar Tracking Technologies (Website & Portal)

We use cookies and similar technologies (or other tracking techniques) on the Website and may use them in the portal web application. Under EU rules, non-essential tracking technologies generally require prior consent, and regulators increasingly clarify that tracking may extend beyond traditional cookies (e.g., pixels, unique identifiers). (European Data Protection Board)

Cookie banner and choices:
We provide a cookie banner allowing you to accept/reject non-essential cookies and to change your preferences at any time.

Categories:

  • Strictly necessary cookies: required for the Website/portal to function and remain secure (e.g., session cookies, security cookies).
  • Analytics cookies: used to understand usage and improve the Website/portal (only where enabled based on your consent).

Legal basis:

  • Strictly necessary cookies: necessity for service / legitimate interests in providing a functioning and secure service.
  • Analytics cookies and similar tracking: consent (where required).

4.7. Google Analytics

We use Google Analytics to help us understand how visitors and users interact with our Website and/or portal.

What may be collected by Google Analytics (depending on configuration and your consent):

  • device and browser information, approximate location derived from IP address, pages/screens visited, interactions/events, timestamps, and identifiers stored in cookies.

Retention (Google Analytics / GA4):
Google Analytics provides configurable retention windows for event-level and user-level data (e.g., 2 months, 14 months and other options depending on plan/property configuration). (Google Developers)
We set retention in a way appropriate for our analytics needs and compliance, and you can withdraw consent at any time via cookie settings.

International transfers:
Use of Google Analytics may involve processing of data outside the EU/EEA depending on Google’s infrastructure and your configuration. Where applicable, we rely on appropriate safeguards for international transfers (e.g., Standard Contractual Clauses) and additional measures as required.

4.8. Social Networks

For managing and administering Solar Cube’s social network accounts, we may process data you voluntarily provide (e.g., profile name, profile picture, public comments, messages).

Legal basis: Consent (your voluntary interaction) and/or legitimate interests (communication and community management).

4.9. Marketing Activities

We may send you product and service information (e.g., feature updates, events, offers).

Legal basis:

  • Consent where required (e.g., newsletter subscriptions), and/or
  • legitimate interests to market similar services to existing customers where permitted by law.

You can unsubscribe/opt out at any time.

4.10. Fulfilling Our Legal Obligations

We may process personal data to comply with legal obligations (e.g., accounting, taxes, responding to lawful requests).

Legal basis: GDPR Art. 6(1)(c).

4.11. Service Improvement and Analysis (Beyond Cookies)

We may process limited operational data to test and improve our Services. To the extent possible, we use anonymised or pseudonymised data and restrict access.

Legal basis: Legitimate interests (GDPR Art. 6(1)(f)).

5. Retention of Your Personal Data

Solar Cube retains personal data only as long as necessary for the purposes described above, including legal, accounting, or reporting requirements. When no longer required, we anonymise or securely delete data.

Typical retention periods (unless longer retention is required by law or for disputes):

  • Account data: for the duration of the account + up to 12 months after termination (for dispute resolution and service integrity).
  • Configuration profile (address/GPS and technical parameters): for the duration of the account + up to 90 days after termination (support/offboarding).
  • Energy & tariff history: for the duration of the account + up to 24 months after termination (unless you request deletion earlier and no legal retention applies).
  • Security logs: up to 12 months.
  • Support tickets: up to 24 months after case closure.
  • Backups: rolling backups up to 30–90 days (depending on configuration).

Google Analytics retention is configured within Google Analytics and depends on our settings and your consent. (Google Developers)

6. Data Sharing and Transfer

6.1. Data Processors (Service Providers)

We may share personal data with third parties (processors) who provide services on our behalf, such as:

  • Microsoft Azure (hosting, storage, backups, security tooling) in Poland Central (Warsaw), (Microsoft Learn)
  • IT service providers and system administration providers (if applicable),
  • customer support tooling providers (if applicable),
  • email service providers (if applicable),
  • professional advisors (lawyers, accountants).

We ensure processing by such third parties is based on legal grounds and is performed under our instructions and in compliance with applicable laws.

6.2. Independent Controllers

We may disclose personal data to competent authorities, courts, or other independent controllers when required by law, or to protect and enforce our rights.

6.3. Transfers Outside the EU/EEA

We primarily host service data in the EU (Poland). If data is transferred outside the EU/EEA, we implement appropriate safeguards required by law (e.g., SCCs).
Analytics providers may process data outside the EU/EEA depending on configuration and vendor operations.

7. Data Protection Measures

Solar Cube implements appropriate technical and organisational measures to protect information against accidental or unlawful destruction, loss, alteration, unauthorised disclosure/access, and other unlawful processing, including:

  • encryption in transit (TLS),
  • access controls and least-privilege permissions,
  • auditing and monitoring,
  • secure key management,
  • confidentiality obligations for staff/contractors.

We have procedures to handle suspected personal data breaches and will notify you and relevant supervisory authorities where legally required.

8. Your Rights as a Data Subject

You may exercise the following rights (subject to statutory exceptions):

  • Right to access
  • Right to rectification
  • Right to object (where processing is based on legitimate interests)
  • Right to erasure
  • Right to data portability (where applicable)
  • Right to restriction of processing
  • Right to withdraw consent (where processing is based on consent)

We assure you that you will not be subject to decisions based solely on automated processing (including profiling) which would produce legal effects concerning you or similarly significantly affect you, without appropriate safeguards. If this changes, we will update this policy.

To exercise your rights, contact us at info@solarcube.io. We may request verification of identity for security reasons.

You have the right to lodge a complaint with a Data Protection Authority if you believe your personal data is processed unlawfully.

9. Changes

Solar Cube may change, modify, add or remove portions of this Privacy Policy to reflect new features, legal requirements, or operational practices. Any changes are effective from the date of publication. You undertake to review this Privacy Policy periodically.

10. Details of the Website and Ownership

The Website, its content, code, design, domain name, and all related intellectual property are owned by Solar Cube and/or licensors and are protected by applicable laws. Unauthorised copying, redistribution, or use is prohibited unless expressly permitted by Solar Cube.

11. Contact

If you have complaints or questions about our processing of your personal data, or you would like to know more, contact us:

ROYGARD Sp. z o.o
ul. Roberta Schumana 37, 80-171 Gdańsk, Poland
Email: info@solarcube.io