Privacy Policy

1. Introduction

Heat Pump AI ("we", "us", or "our") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information when you use our Service, in compliance with the General Data Protection Regulation (GDPR).

2. Data We Collect

We collect several types of information from and about users of our Service:

2.1 Personal Information

  • Name (first and last)
  • Email address
  • Phone number (optional)
  • Password (encrypted)

2.2 Property and Assessment Data

  • Property details (size, year built, location)
  • Current heating system information
  • Energy consumption data
  • Renovation history and plans
  • Answers to assessment questionnaire

2.3 Payment Information

  • Payment transaction data (processed by Stripe/PayPal)
  • We do NOT store credit card numbers

2.4 Technical Data

  • IP address
  • Browser type and version
  • Device information
  • Usage data and analytics

3. How We Use Your Data

We use your personal data for the following purposes:

  • To provide the Service: Generate heat pump assessments and recommendations
  • To process payments: Handle purchases of premium reports
  • To communicate: Send report delivery, updates, and support responses
  • To improve the Service: Analyze usage patterns and optimize features
  • To comply with legal obligations: Tax reporting, fraud prevention

4. Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases:

  • Consent: You have given explicit consent for specific purposes
  • Contract: Processing is necessary to fulfill our service agreement with you
  • Legal obligation: Processing is required by law (e.g., tax compliance)
  • Legitimate interests: Processing is necessary for our legitimate business interests

5. Data Sharing and Disclosure

We do not sell your personal data. We may share your data with:

  • Service providers: Stripe, PayPal (payment processing), AWS (hosting)
  • Legal requirements: When required by law or to protect our rights
  • Business transfers: In case of merger, acquisition, or sale of assets

All third-party service providers are GDPR-compliant and process data only as instructed by us.

6. Data Retention

We retain your personal data only as long as necessary:

  • Account data: Until account deletion or 3 years of inactivity
  • Assessment data: Until account deletion
  • Payment records: 10 years (German tax law requirement)
  • Analytics data: Aggregated and anonymized after 12 months

7. Your GDPR Rights

Under GDPR, you have the following rights:

  • Right to access: Request a copy of your personal data
  • Right to rectification: Correct inaccurate or incomplete data
  • Right to erasure: Request deletion of your data ("right to be forgotten")
  • Right to restriction: Limit how we process your data
  • Right to data portability: Receive your data in a structured format
  • Right to object: Object to processing based on legitimate interests
  • Right to withdraw consent: Withdraw consent at any time

To exercise any of these rights, contact us at privacy@heatpumpai.de. We will respond within 30 days.

8. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • Encryption in transit (HTTPS/TLS) and at rest
  • Regular security audits and updates
  • Access controls and authentication
  • Secure backup procedures
  • Employee training on data protection

9. Cookies and Tracking

We use cookies and similar technologies for:

  • Essential cookies: Required for the Service to function
  • Analytics cookies: Understand how users interact with the Service
  • Marketing cookies: Display relevant advertisements (with consent)

You can control cookies through your browser settings. Disabling essential cookies may affect functionality.

10. International Data Transfers

Your data is primarily stored in the European Union. If we transfer data outside the EU, we ensure adequate protection through:

  • Standard Contractual Clauses (SCCs)
  • GDPR-compliant service providers
  • Adequacy decisions by the European Commission

11. Children's Privacy

Our Service is not intended for users under 18 years of age. We do not knowingly collect personal data from children. If you are a parent and believe your child has provided us with personal data, please contact us.

12. Changes to This Policy

We may update this privacy policy periodically. We will notify you of significant changes via email or through the Service. Your continued use after changes constitutes acceptance.

13. Contact and Complaints

For privacy-related questions or to exercise your rights, contact our Data Protection Officer:

Data Protection Officer
Heat Pump AI
Berliner Str. 123
10115 Berlin, Germany
Email: privacy@heatpumpai.de
Phone: +49 (0) 30 1234 5678

You also have the right to lodge a complaint with the German data protection authority (Bundesbeauftragter für den Datenschutz und die Informationsfreiheit - BfDI).

Last updated: December 3, 2025