Legal

Privacy Policy

Last updated: July 13, 2026

Zuvlox helps you lower your electricity bill by analyzing your utility usage data and automating your smart devices. To do that, we need access to some of your data. This policy explains exactly what we collect, why, and what we never do with it.

The short version

1. Who we are

Zuvlox ("we", "us") provides the Zuvlox mobile application and related services. Zuvlox is an independent service and is not affiliated with, endorsed by, or sponsored by Puget Sound Energy or any other utility, or by Tesla, Google, Samsung, or any device manufacturer.

For any privacy question, contact us at support@zuvlox.com.

2. Information we collect

2.1 Account information

You sign in with Google or Apple. We receive and store your email address and name from that provider, together with an identifier for that account. We never receive or store your Google or Apple password.

We also store your ZIP code (which you enter) and your time zone, so we can apply the correct utility rate schedule. We do not request or collect GPS or precise location.

2.2 Utility account credentials and usage data

If you connect your utility account, we store the username and password for that utility account so we can retrieve your data on an ongoing basis. The password is encrypted at rest using AES-256-GCM. It is used for one purpose only: signing in to your utility's portal on your behalf to download your own data. We never use it for anything else and never disclose it.

Through that connection we retrieve and store:

You may also upload usage files (CSV/ZIP) exported from your utility instead of connecting your account.

2.3 Connected device data

If you connect smart devices (for example Tesla vehicles, Google Nest thermostats, SmartThings devices, or vehicles via Smartcar), we store an authorization token issued by that platform — not your password for it — and we retrieve device data needed to optimize and verify control, such as:

We use this data to shift your energy use to cheaper hours and to verify that each action actually took effect. We do not access cameras, microphones, video, or any device function unrelated to energy.

2.4 Subscription information

Payments are processed by Stripe. We store only a Stripe customer identifier and your subscription status. We never receive or store your full card number.

2.5 Notifications

If you enable notifications, we store a push token for your device so we can send you alerts (for example, a rate change or a completed control action).

2.6 What we do not collect

Zuvlox contains no advertising SDKs and no third-party analytics or tracking SDKs. We do not track you across other apps or websites, we do not build advertising profiles, and we do not collect contacts, photos, precise location, or browsing history.

3. How we use your information

We do not use your data to make decisions about you outside the service, and we do not use it to train models for third parties.

4. How we share your information

We do not sell your personal information, and we do not share it for advertising purposes. We share data only with service providers who process it on our behalf, and only as needed to run the service:

We may also disclose information if required by law, or to protect the rights, safety, or security of our users or the service.

5. Demand-response and aggregate data

If you choose to participate in a utility demand-response program, we may report to that utility or program operator the measured physical quantities of your participation — for example, the kilowatts reduced and the reliability of the control actions. Where we report aggregate portfolio figures across households, those figures are combined and do not identify you individually.

6. Data retention

We keep your data while your account is active, because the analysis depends on your usage history. When you delete your account, we delete your personal data — including your utility credentials, device tokens, usage history, and control records — from our production systems. Limited records may be retained where required for legal, tax, or accounting purposes, or in encrypted backups that expire on a rolling schedule.

7. Your choices and rights

8. Security

Utility credentials and device tokens are encrypted at rest with AES-256-GCM. Data is transmitted over TLS. Access to production systems is restricted. No system is perfectly secure, but we design the service so that credentials are used for a single, narrow purpose and nothing more.

9. Children

Zuvlox is not directed to children under 13, and we do not knowingly collect personal information from them. If you believe a child has provided us information, contact us and we will delete it.

10. Changes to this policy

If we make material changes, we will update the date above and, where appropriate, notify you in the app. Continued use of the service after a change means you accept the updated policy.

11. Contact

Questions, requests, or complaints: support@zuvlox.com