EnergyCloud

Privacy Policy

Effective Date: 1 February 2026

This Privacy Policy is drafted in compliance with the Protection of Personal Information Act 4 of 2013 (POPIA) of the Republic of South Africa.

1. Responsible Party

The responsible party for the processing of your personal information, as defined under POPIA, is:

Company: Terawatt Energy (Pty) Ltd

Trading as: EnergyCloud

Location: Johannesburg, South Africa

Email: info@energycloud.co.za

Phone: +27 87 550 1531

2. Information Officer

In terms of Section 55 of POPIA, Terawatt Energy (Pty) Ltd has appointed an Information Officer responsible for ensuring compliance with the conditions of lawful processing of personal information.

The Information Officer can be contacted at:

Email: info@energycloud.co.za

Phone: +27 87 550 1531

Subject line: "POPIA Request – [Your Name]"

3. Personal Information We Collect

We collect and process the following categories of personal information:

3.1 Account Information

  • Full name
  • Email address
  • Phone number
  • Password (stored in encrypted/hashed form)

3.2 Electricity Bill Data

  • Account holder name and account number
  • Property address associated with the electricity account
  • Electricity consumption data (kWh usage, demand readings)
  • Current tariff information and billing amounts
  • Meter numbers and supply details
  • Municipality or electricity provider details

3.3 Payment Information

  • Transaction reference numbers
  • Payment status and amounts
  • We do not store credit card or bank account details — these are processed directly by PayFast

3.4 Technical Information

  • IP address
  • Browser type and version
  • Device information
  • Pages visited and interaction data

4. Purpose of Processing

We process your personal information for the following purposes:

  1. Bill Analysis: To analyse your electricity bill and consumption patterns and generate a savings report comparing available tariff options.
  2. Account Creation and Management: To create and maintain your user account, enabling you to access reports and track your savings history.
  3. Communication: To send you your analysis reports, account notifications, and, where you have opted in, marketing communications about energy-saving opportunities.
  4. Payment Processing: To facilitate secure payment for analysis reports via our payment partner, PayFast.
  5. Service Improvement: To improve our AI analysis algorithms and Platform features based on aggregated, anonymised usage data.
  6. Legal Compliance: To comply with applicable laws and regulations, including POPIA and the Electronic Communications and Transactions Act (ECTA).

5. Legal Basis for Processing

We process your personal information on the following lawful grounds as provided under POPIA:

  1. Consent (Section 11(1)(a)): You provide consent when you create an account, upload a bill, or opt in to marketing communications. You may withdraw consent at any time.
  2. Contractual Necessity (Section 11(1)(b)): Processing is necessary to perform the service you have requested — namely, analysing your electricity bill and generating a savings report.
  3. Legitimate Interest (Section 11(1)(f)): We may process certain data where we have a legitimate interest in improving our services, preventing fraud, or ensuring Platform security, provided this does not override your rights and freedoms.
  4. Legal Obligation (Section 11(1)(c)): We may process personal information where required by law, such as for tax or regulatory compliance.

6. How Data Is Stored and Protected

We take the security of your personal information seriously and implement the following measures:

  1. Encryption: All data is encrypted in transit using TLS/SSL (256-bit encryption) and at rest within our database systems.
  2. Database Security: Personal information is stored in a secured PostgreSQL database with access controls, authentication, and regular security audits.
  3. Access Controls: Access to personal information is restricted to authorised personnel on a need-to-know basis.
  4. Password Security: User passwords are hashed using industry-standard algorithms and are never stored in plain text.
  5. Infrastructure: Our Platform is hosted on secure cloud infrastructure with regular backups, monitoring, and incident response procedures.

While we employ industry-standard security measures, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security but commit to promptly notifying affected users and the Information Regulator in the event of a data breach, as required by POPIA.

7. Data Retention

We retain your personal information only for as long as necessary to fulfil the purposes described in this policy:

Electricity Bill Data: Uploaded bill documents and extracted bill data are automatically deleted after 90 days from the date of upload, unless you request earlier deletion.

Account Data: Your account information (name, email, phone) is retained for as long as your account remains active. Upon account deletion, this data is removed within 30 days.

Analysis Reports: Generated reports are retained for your access for 12 months, after which they are archived and subsequently deleted.

Payment Records: Transaction records are retained for 5 years in compliance with South African tax legislation.

8. Third-Party Sharing

We do not sell, rent, or trade your personal information. We may share limited information with the following third parties strictly for the purposes of providing our service:

  1. PayFast (Payment Processing): We share transaction details with PayFast to process your payments. PayFast is a PCI-DSS compliant payment provider registered in South Africa.
  2. AI Processing (Claude API by Anthropic): Bill data is processed using AI to generate analysis reports. Only technical bill data is sent for AI processing. No personally identifiable information is shared with the AI service.
  3. Legal Requirements: We may disclose personal information if required to do so by law, regulation, or court order.

9. Your Rights Under POPIA

As a data subject under POPIA, you have the following rights:

  1. Right of Access (Section 23): Request confirmation of whether we hold personal information about you.
  2. Right to Correction (Section 24): Request correction or deletion of inaccurate information.
  3. Right to Deletion (Section 24): Request destruction or deletion of personal information no longer necessary.
  4. Right to Object (Section 11(3)): Object to processing on reasonable grounds.
  5. Right to Lodge a Complaint: Lodge a complaint with the Information Regulator.

Information Regulator (South Africa)

Email: enquiries@inforegulator.org.za

10. Contact Us

If you have any questions regarding this Privacy Policy, please contact us:

Company: Terawatt Energy (Pty) Ltd

Trading as: EnergyCloud

Email: info@energycloud.co.za

Phone: +27 87 550 1531

Location: Johannesburg, South Africa