Join waitlist Waitlist
Open navigation
Join waitlist The PassportWhy we build itManifesto
Tools Solar Forecast Electricity Price Watch Electricity Price Rankings

Legal

Privacy Policy

This policy explains how GridPassport handles personal data collected through GridPassport.com, early-access forms and related communications.

Last updated: April 30, 2026

1. Who controls your data

The controller of personal data collected through this website and related early-access communications is Kamil Janiszewski, a sole proprietorship registered in Poland, NIP/VAT ID PL7262504188. You can contact the controller at [email protected].

We have not appointed a Data Protection Officer because the current website and early-access activity do not require one. Privacy requests should be sent to the contact address above.

2. What this policy covers

This policy applies to GridPassport.com, the founding member application flow, contact emails and product research communications connected with GridPassport. It does not cover third-party websites, device manufacturers, energy suppliers or installers that may have their own privacy notices.

If GridPassport later launches a production app, hardware service, installer portal or connected energy product, that product may need an additional or updated privacy notice before it starts processing broader operational energy data.

3. Personal data we may collect

Depending on how you use the website, we may collect the following categories of personal data:

  • Contact details, such as name, email address, company name and country.
  • Early-access application details, such as your role, home energy setup, installed devices, tariff context and product needs.
  • Communications you send to us, including questions, feedback and support requests.
  • Technical data needed to operate and secure the website, such as IP address, device and browser data, timestamps, referring pages and server logs.
  • Website resource data, such as HTTP request metadata that may be processed when Google-hosted fonts or other Google services are loaded.
  • Consent and preference records, where we ask for optional marketing, research or cookie consent.

We normally collect this data directly from you. If someone recommends you as a potential early user or partner, we may receive basic contact context from that person or from publicly available professional sources. We do not intentionally collect special category data, such as health, biometric, political or religious data, and you should not include that type of information in forms or emails.

Providing personal data is voluntary. If you do not provide contact or application details, we may not be able to respond, evaluate early-access fit or continue the conversation.

4. Why we use personal data and legal bases

Purpose Legal basis
Responding to inquiries, applications and product questions. Pre-contractual steps or legitimate interests.
Evaluating founding member fit and improving the product thesis. Legitimate interests, balanced against your rights and expectations.
Sending optional updates, research invitations or marketing messages. Consent, where required by law.
Running, debugging and protecting the website. Legitimate interests and legal obligations.
Keeping records needed for legal, compliance or dispute purposes. Legal obligations and legitimate interests.

5. Cookies and analytics

The current website is designed as a static marketing site and should not require non-essential cookies to work. It may load Google-hosted resources such as fonts, and this can disclose normal technical request data to Google. If we add Google Analytics, Google Tag Manager, advertising pixels, heatmaps or similar non-essential tracking, we will use consent controls where required.

Where a consent management platform is active, it will provide the current service-level cookie, vendor and preference details. The CMP should be treated as the live cookie layer, while this policy explains the broader privacy position.

6. How long we keep data

We keep personal data only for as long as it is needed for the purposes described above. As a baseline, contact and founding member data may be kept for up to 24 months after the last meaningful interaction, unless you ask us to delete it earlier or we need to keep it for legal reasons. Technical logs are normally kept for up to 12 months, unless security or legal needs require a longer period.

7. Sharing data with suppliers

As of the last update, personal data is handled by the controller and Google services only. The intended Google setup for website forms, email, documents and related communications includes Google Workspace, Gmail, Google Drive, Google Forms or Google Sheets, Google Fonts and Google analytics or tag services if they are enabled with appropriate consent controls. Google may process personal data as a processor or independent controller depending on the service and configuration.

We do not sell personal data. If another hosting, form, analytics, CRM or communications provider is added, we will update this policy or the consent management platform where required before relying on that provider for personal data processing. We may also disclose data if required by law, a court, a competent authority or to protect legal claims.

8. International transfers

Google services may involve processing outside the European Economic Area or the United Kingdom. Where that happens, we rely on appropriate transfer mechanisms made available for the relevant Google service, such as adequacy decisions, the EU-US Data Privacy Framework where applicable, standard contractual clauses or equivalent safeguards required by data protection law.

9. Your rights

If GDPR or similar data protection law applies to you, you may have the right to access, correct, delete, restrict, object to or receive a portable copy of your personal data. You can object to processing based on legitimate interests, and you can object to direct marketing at any time. Where processing is based on consent, you can withdraw that consent at any time without affecting the lawfulness of processing before withdrawal.

To exercise these rights, contact [email protected]. We may need to verify your identity before fulfilling a request. We aim to respond within one month, unless the request is complex or the law allows a longer period.

You also have the right to lodge a complaint with a supervisory authority. In Poland, the competent authority is the President of the Personal Data Protection Office, Urząd Ochrony Danych Osobowych, ul. Stanisława Moniuszki 1A, 00-014 Warsaw, Poland, uodo.gov.pl.

10. Automated decision-making

We do not use personal data from this website for solely automated decisions that produce legal or similarly significant effects. We may manually review early-access applications to decide who is a good fit for the first GridPassport research or pilot conversations.

11. Security

We use reasonable technical and organizational measures to protect personal data. No internet service can be guaranteed to be perfectly secure, so we design data collection around minimization: collecting less data lowers the risk.

12. Children

GridPassport is not intended for children and we do not knowingly collect personal data from children.

13. Changes to this policy

We may update this policy as GridPassport moves from early product research to a commercial product. The latest version will always be posted on this page with the updated date.