Privacy policy.

PhronEdge Energy is built for compliance teams in regulated industries. Privacy is foundational to that work. This page explains what data we collect, how we use it, and the controls you have over it.

The short version:

• Your documents and queries are isolated per tenant. Other customers cannot access them.
• We do not train any models on your data.
• We do not sell your data. We do not share it for advertising.
• All data is encrypted in transit and at rest.
• You can export or delete your data at any time.

Account information. Name, email address, organization name, and role when you create an account or contact us. We use this to administer your account and respond to your requests.

Documents you upload. Files you upload to your tenant's knowledge base, including text extracted from those files for retrieval. These are stored in your tenant's isolated storage and are accessible only to your team.

Queries and conversations. Questions you ask the platform, the regulatory sources you select, and the responses returned. These are stored in your tenant's audit log so your team can review past activity.

Usage and operational data. Server logs, API timestamps, error reports, and performance metrics. We use these to operate the service, investigate issues, and improve performance.

Billing information. If you have a paid plan, our payment processor collects billing details. We do not store full payment card information on our systems.

We use your information to operate PhronEdge Energy. Specifically:

• To provide the regulatory intelligence service, including answering queries, generating reports, and surfacing regulatory changes.
• To maintain your tenant's isolated environment and enforce access controls.
• To produce the audit logs your team needs for internal compliance review.
• To investigate security incidents, abuse, or violations of our terms.
• To send transactional communications about your account, billing, or service status.
• To improve the service through aggregate, anonymized analysis. We do not use your specific documents or queries to train models.

Documents you upload are subject to additional protections beyond standard account data.

Isolation. Every tenant has a separate storage bucket. Database paths are scoped to the tenant ID. No other tenant can read your documents through the platform.

No training. We do not use your documents to train any machine learning models. Documents are used only to answer queries from your team and to produce reports you generate.

Text extraction. When you upload a document, we extract the text so the agent can reference it. The extracted text and the original file are both stored in your tenant's isolated storage.

Deletion. You can delete any document from the knowledge base at any time. Deleted documents are removed from active storage immediately and from backups within 30 days.

We do not sell your data. We do not share it for advertising or marketing.

We share data only in these limited cases:

• Service providers. Cloud hosting, payment processing, email delivery, and similar operational vendors. These providers are bound by data processing agreements and can only use data to provide the service to us.
• Legal requirements. Where required by law, regulation, legal process, or governmental request. We will notify you unless legally prohibited from doing so.
• Business transfers. If PhronEdge is involved in a merger, acquisition, or sale of assets, your data may be transferred. You will be notified before any such transfer takes effect.
• With your consent. Where you direct us to share data with a third party, for example to enable an integration you have authorized.

We retain data as long as your account is active and for limited periods after, depending on the data type:

• Account data is retained while your account is active and for 90 days after closure to allow account recovery.
• Documents and queries are retained according to your plan's audit log retention period (30, 90, or 365 days depending on plan).
• Billing records are retained for the period required by tax and accounting regulations in our jurisdiction.
• Server logs are retained for 30 days for security and operational purposes.

When you close your account, we preserve your data for 30 days to allow export. After that, your data is permanently deleted from active systems, with backups purged on a rolling 90-day cycle.

Depending on your jurisdiction, you have rights regarding your personal data. These include:

• Access. Request a copy of the personal data we hold about you.
• Correction. Request that we correct inaccurate or incomplete data.
• Deletion. Request that we delete your personal data, subject to legal retention requirements.
• Portability. Request a machine-readable export of your data.
• Objection. Object to specific uses of your data, such as marketing.
• Restriction. Request that we restrict certain processing while a request is being reviewed.

For requests, email privacy@phronedge.com. We will respond within 30 days. If you are an EU resident, you also have the right to lodge a complaint with your local data protection authority.

We protect your data with a layered security program:

• Encryption. All data is encrypted in transit using TLS 1.2 or higher. Data at rest is encrypted using AES-256.
• Access controls. Production systems require multi-factor authentication and follow the principle of least privilege.
• Tenant isolation. Each customer's data lives in a logically isolated environment with scoped credentials.
• Monitoring. Production systems are monitored continuously for unauthorized access attempts and unusual activity.
• Audit logging. All access to production systems is logged. Customer-facing actions are also logged in your tenant's audit trail.

No system is invulnerable. If we discover a security incident affecting your data, we will notify you without undue delay and in accordance with applicable law.

PhronEdge operates from the United States. If you are located in the European Economic Area, the United Kingdom, or another region with data transfer restrictions, your data will be transferred to and processed in the United States.

For transfers from the EU, UK, and Switzerland, we rely on Standard Contractual Clauses approved by the European Commission. We use providers that meet equivalent data protection standards.

If you require a Data Processing Addendum or specific transfer mechanism for your engagement, contact us at privacy@phronedge.com.

We use cookies and similar technologies to operate the service. These fall into three categories:

• Essential cookies required for authentication, session management, and security. The service does not function without these.
• Functional cookies that remember your preferences (for example, light or dark mode, jurisdiction filters).
• Analytics cookies that help us understand aggregate usage. These are anonymized.

We do not use advertising cookies. We do not allow third parties to track you across other sites through our service.

PhronEdge Energy is a B2B service intended for use by professionals in regulated industries. We do not knowingly collect personal data from individuals under 18. If you believe we have collected data from a minor, contact us and we will delete it.

We may update this policy as the service evolves or as legal requirements change. When we make material changes, we will notify customers by email or through an in-product notification at least 30 days before the changes take effect.

The effective date and last updated date at the top of this page reflect the current version. Previous versions are available on request.

Questions about this policy or our data practices:

privacy@phronedge.com
PhronEdge, Inc.