Privacy & Security
      Back to home
      1. UtilityAPI Help Center
      2. Privacy & Security

      Privacy and Security

      At UtilityAPI, we treasure security and privacy. We go above and beyond what the U.S. Department of Energy requires for their SmartMeter DataGuard Standard. 

      • We encrypt all passwords and user information. We never see them and we don’t share them with anyone, ever.
      • Our access is read-only and we only collect data upon explicit authorization.
      • Data is never sold or shared with any other parties.
      • A customer can revoke access at anytime, easily, for any reason, with no questions asked.

      Want all the specifics? Check out our full Terms and Privacy Policy.

      ​Further information about our security and privacy standards:
      • We encrypt all utility login passwords we receive using OpenPGP (industry standard strong encryption).
      • Utility login passwords are never written to disk in plain text, even temporarily. They are decrypted, held in memory, then forgotten as soon as they are used.
      • We keep logs of when passwords are decrypted and by whom (only a limited subset of the collection software and our top sysadmins have permission).
      • Our website is 100% https encrypted with forward secrecy, so any credentials submitted to us are always encrypted in transit and cannot be decrypted in the future even if the TLS keys are compromised.
      • The account owner may request that we forget, revoke, and/or delete the credentials and any collected data from our servers at any time. We will immediately do it. 
      • We consider our access to be read-only. We will not change any billing or account settings while collecting the bill and interval history.
      • We only collect the minimum data necessary to provide the bill and interval history to the third party.
      • We do not collect any other sensitive data such as credit card numbers (the utility usually doesn't make these available anyway).
      • We do not share any collected data with any other party, except the one that has been explicitly approved in the authorization form.
      • We do not anonymize or aggregate or sell data to any other party (we are just a collection service).
      Even more notes on Terms
      • We do NOT share login access with anyone else, and we do not modify the account in any way (i.e. we treat the access as read-only). Our terms of service specifically allow us to share ONLY collected bill and usage data with the approved party.
      • We do NOT collect any more data than is necessary to get the billing and interval history. We do not collect any payment setting information such as credit card numbers.
      • The account owner may request that we revoke access or delete their data at any time. We will NOT be able to access their account or any temporary accounts created after they request to revoke access.
      Full, legal descriptions are here: