Privacy Policy

Last updated: April 18, 2026  ·  NormandinTECH, Paradise, California

1. What We Collect

• Account data: Name, work email, utility name, role, password (hashed — never stored in plain text)
• SCADA telemetry: Read-only operational data from your SCADA system (voltage, current, power, alarms). Stored in per-utility isolated partitions.
• Usage data: API requests, dashboard activity, feature usage — used to improve the platform
• Contact form data: Name, email, utility info submitted via our contact form
• Billing data: Processed entirely by Stripe. NormandinTECH never sees or stores card numbers.

2. What We Never Collect

• We never collect personally identifiable information about your utility's customers
• We never collect payment card data (handled by Stripe PCI-DSS Level 1)
• We never collect data from your OT network beyond what you configure us to receive
• We never write to, control, or modify your SCADA system or field devices

3. How We Use Your Data

• To provide and improve the GridIQ platform
• To send transactional emails (password resets, billing receipts, outage alerts you configure)
• To respond to support and sales inquiries
• To comply with legal obligations

We do not sell your data. We do not share your data with third parties except as described below.

4. Data Sharing

• Stripe: Payment processing. Subject to Stripe's privacy policy.
• SendGrid (Twilio): Email delivery. Subject to SendGrid's privacy policy.
• DigitalOcean: Hosting infrastructure. SOC 2 Type II certified.
• Law enforcement: Only when required by valid legal process.

5. Data Isolation and Security

Each utility's data is stored in isolated database partitions. No utility can access another utility's data. All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Database backups occur every 6 hours with 7-day retention.

6. Data Retention

• Active accounts: Data retained for the duration of the subscription
• Cancelled accounts: Data retained 90 days post-cancellation for export, then deleted
• Contact form submissions: Retained 2 years
• Backup data: 7-day rolling retention

7. Your Rights

You have the right to access, correct, export, or delete your data at any time. Submit requests via gridiq.ink/contact. We will respond within 30 days.

8. CCPA / California Privacy Rights

California residents have the right to know what personal information we collect, request deletion, and opt out of sale (we do not sell data). Contact us via our contact form to exercise these rights.

9. Changes to This Policy

We will notify you of material changes via email 30 days before they take effect.

10. Contact

Privacy questions: gridiq.ink/contact  ·  NormandinTECH, Paradise, CA 95969