Privacy Policy of SolarScanner

Scope of This Policy

This Privacy Policy applies to all SolarScanner products and services, including:

• The SolarScanner website (www.solarscanner.ai) ("Website")
• The SolarScanner mobile application for iOS and Android devices ("Mobile App")
• The SolarScanner embeddable plugin for third-party websites ("Plugin")

Throughout this document, we refer to all of these collectively as "this Application," "the Service," or "SolarScanner." Where specific provisions apply only to certain platforms (Website, Mobile App, or Plugin), we will clearly indicate this.

By using any SolarScanner product or service, you agree to the collection and use of information in accordance with this Privacy Policy.

Table of Contents

1. Summary
2. Owner and Data Controller
3. Types of Data Collected
4. Platform-Specific Data Collection
5. Device Permissions (Mobile App)
6. Plugin Data Collection and Processing
7. Mode and Place of Processing the Data
8. The Purposes of Processing
9. Detailed Information on the Processing of Personal Data
10. Google APIs and Services
11. Further Information About the Processing of Personal Data
12. Cookie Policy
13. Further Information for Users in the European Union
14. Further Information for Users in Switzerland
15. Further Information for Users in Brazil
16. Further Information for Users in the United States
17. Additional Information About Data Collection and Processing
18. Definitions and Legal References
19. Contact Us

1. Summary

Data We Collect Automatically

We automatically collect data when you use SolarScanner across any platform. This includes:

• Trackers and cookies (Website and Plugin)
• Usage Data
• Device information and identifiers
• Page views and in-app screens viewed
• IP address
• Browser information (Website and Plugin)
• Clicks and interactions
• Browsing/navigation history
• Language preferences
• Operating system information
• Mobile device identifiers (IDFA, Advertising ID) - Mobile App only
• Push notification tokens - Mobile App only
• Precise GPS location data - Mobile App only (with permission)

Data You Provide to Us

We collect the data you provide when you use our services. This includes:

• Email address
• Address/location data (when using our solar analysis features)
• Geographic coordinates (latitude and longitude)
• Photos and images (when using camera features in Mobile App)
• Answers to questions and survey responses
• Data communicated while using the service
• Account registration information

Location Data

When you use our solar analysis features on any platform, we collect location data including:

• Street addresses you enter
• Geographic coordinates (latitude and longitude)
• Building location information
• Precise GPS location (Mobile App only, with permission)

This location data is processed through our centralized backend servers and shared with Google via the Google Solar API and Google Places API to provide solar potential analysis for properties.

Camera Data (Mobile App Only)

When you grant camera permission on our Mobile App, we may collect:

• Photos of rooftops or properties for solar analysis
• Images you capture for documentation purposes

Camera data is processed through our backend and may be used in conjunction with the Google Solar API for enhanced analysis.

Trusted Third Parties That Help Us Process Your Data

• Google LLC (Google Solar API, Google Places API, Google Maps, Google Fonts, Google Workspace, YouTube)
• HubSpot, Inc.
• Cloudflare, Inc.
• PostHog, Inc.
• Vercel Inc.
• Zapier, Inc.
• Apple Inc. (for iOS App distribution, push notifications, and App Store)
• Google LLC (for Android App distribution, push notifications, and Play Store)

2. Owner and Data Controller

Owner contact email:support@solarscanner.ai

Data Controller vs. Data Processor Roles

SolarScanner acts in different capacities depending on the context:

As Data Controller:

• For users of our Website (www.solarscanner.ai)
• For users of our Mobile App
• For our business customers (Plugin Users) regarding their account data

As Data Processor:

• For End User data collected through the Plugin on our customers' websites
• When processing data on behalf of our business customers

When acting as a Data Processor, SolarScanner processes Personal Data only according to the instructions of the Data Controller (our business customer) and in compliance with our Data Processing Agreement.

3. Types of Data Collected

Among the types of Personal Data that this Application collects, by itself or through third parties, there are:

Identifiers and Contact Information:

• Email address
• Account credentials
• Mobile device identifiers (IDFA, Advertising ID)

Location Data:

• Street addresses
• Geographic coordinates (latitude and longitude)
• Precise GPS location (Mobile App)
• Building location information
• IP-based approximate location

Device and Technical Data:

• IP address
• Device information (model, OS version)
• Browser information
• Unique device identifiers
• Push notification tokens

Usage Data:

• Trackers and cookies
• Page views and screens viewed
• Clicks and interactions
• Navigation/browsing history
• App usage patterns
• Feature usage statistics

Camera and Media Data (Mobile App):

• Photos captured through the app
• Images from device gallery (with permission)

Analytics Data (Collected via Plugin):

• Traffic sources and referrers
• Marketing campaign data (UTM parameters)
• Device type and characteristics
• Session duration and engagement metrics
• Conversion events

User-Provided Data:

• Answers to questions and surveys
• Customer service communications
• Feedback and reviews

Complete details on each type of Personal Data collected are provided in the dedicated sections of this privacy policy or by specific explanation texts displayed prior to the Data collection.

4. Platform-Specific Data Collection

Website (www.solarscanner.ai)

When you visit our Website, we collect:

• Standard web analytics data (via PostHog, Cloudflare, HubSpot)
• Cookies and trackers for functionality and analytics
• Address/location data you enter for solar analysis
• Contact information if you sign up or contact us
• Form submissions and survey responses

Mobile App (iOS and Android)

When you use our Mobile App, we collect:

Automatically collected:

• Device identifiers (IDFA on iOS, Advertising ID on Android)
• Device information (model, OS version, screen size)
• App usage analytics
• Crash reports and diagnostics
• Push notification tokens (if enabled)

With your permission:

• Precise GPS location (for location-based solar analysis)
• Camera access (for capturing property/rooftop images)
• Photo library access (for selecting existing images)

User-provided:

• Account registration information
• Addresses entered for solar analysis
• Photos captured or selected for analysis

The Mobile App is available on:

• Apple App Store (iOS)
• Google Play Store (Android)

Both app stores require us to disclose our data practices. You can review our app's data safety/privacy nutrition labels on the respective store listings.

Plugin (Embedded on Third-Party Websites)

The SolarScanner Plugin is embedded on our customers' websites via a script tag. When End Users interact with websites using our Plugin, the following data may be collected:

Solar Analysis Data:

• Addresses entered by End Users
• Geographic coordinates for solar analysis
• Building and rooftop information from Google Solar API

Marketing Analytics Data (via PostHog):

• Traffic sources and referrers
• Marketing campaign attribution (UTM parameters, campaign IDs)
• Device type and browser information
• Session data and engagement metrics
• Page views and interaction events
• Conversion tracking

This data is collected on behalf of our Plugin Users (the website owners) who are the Data Controllers. SolarScanner processes this data as a Data Processor according to the instructions provided by our customers and our Data Processing Agreement.

5. Device Permissions (Mobile App)

The SolarScanner Mobile App may request the following device permissions:

Camera Permission

Purpose:

To capture photos of rooftops and properties for solar analysis

Data collected:

Photos and images you capture through the app

How it's used:

Images are processed through our backend and may be analyzed in conjunction with Google Solar API data to provide enhanced solar potential assessments

Your control:

You can grant or deny camera access when prompted. You can change this setting at any time in your device settings.

iOS: Settings > SolarScanner > Camera
Android: Settings > Apps > SolarScanner > Permissions > Camera

Location Permission (GPS)

Purpose:

To determine your current location for solar analysis and to provide location-based services

Data collected:

Precise geographic coordinates (latitude and longitude)

How it's used:

Your location is used to identify nearby buildings for solar analysis and to provide relevant local information

Your control:

You can choose to allow location access "While Using the App," "Always," or "Never." We recommend "While Using the App" for optimal privacy.

iOS: Settings > SolarScanner > Location
Android: Settings > Apps > SolarScanner > Permissions > Location

Photo Library Permission

Purpose:

To allow you to select existing photos from your device for analysis

Data collected:

Photos you explicitly select from your gallery

How it's used:

Selected images are uploaded and processed for solar analysis

Your control:

You can grant limited or full access, or deny access entirely

Push Notifications Permission

Purpose:

To send you updates about your solar analysis results, account notifications, and relevant information

Data collected:

Push notification token (device identifier for notifications)

How it's used:

To deliver notifications to your device

Your control:

You can enable or disable notifications in your device settings

Internet Permission

Purpose:

Required for app functionality, API communication, and data sync

Data collected:

Network requests and responses

How it's used:

Essential for the app to function and communicate with our servers and third-party APIs (including Google Solar API)

Note:

This permission is automatically granted and cannot be disabled

Important: We only request permissions that are necessary for the app's functionality. If you deny a permission, features requiring that permission will not be available, but other app features will continue to work.

6. Plugin Data Collection and Processing

For Plugin Users (Business Customers)

If you have installed the SolarScanner Plugin on your website, please note the following important information:

Data Controller Responsibilities:

You, as the website owner, are the Data Controller for Personal Data collected from your website visitors (End Users) through the Plugin. This means you are responsible for:

• Obtaining valid consent from End Users before data collection (where required)
• Including appropriate disclosures in your privacy policy about the use of SolarScanner and the data collected
• Responding to End User requests regarding their data rights
• Ensuring your use of the Plugin complies with applicable privacy laws

SolarScanner's Role as Data Processor:

SolarScanner acts as a Data Processor on your behalf. We:

• Process End User data only according to your instructions
• Maintain appropriate security measures to protect the data
• Assist you in responding to End User data rights requests
• Delete or return data upon termination of our agreement
• Provide information necessary for you to demonstrate compliance

Data Processing Agreement (DPA):

Our relationship is governed by a Data Processing Agreement that outlines:

• The types of data processed
• The purposes of processing
• Security measures in place
• Sub-processor arrangements
• Data subject rights procedures
• Data breach notification procedures

To request a copy of our DPA, please contact support@solarscanner.ai

What You Must Disclose to Your End Users

Your privacy policy should include disclosures about:

1. Use of SolarScanner Plugin - That your website uses the SolarScanner Plugin for solar analysis services and what data is collected through the Plugin
2. Analytics Collection - That marketing analytics data is collected via PostHog; categories of data: traffic sources, campaigns, device info, etc.; purpose: to understand website traffic and marketing effectiveness
3. Third-Party Data Sharing - That address/location data is shared with Google via the Google Solar API; link to Google's Privacy Policy: https://policies.google.com/privacy
4. Data Processing - That SolarScanner processes data on your behalf as a Data Processor; that data may be transferred to servers in the United States
5. User Rights - How End Users can exercise their privacy rights; contact information for privacy inquiries

For End Users (Visitors to Websites Using the Plugin)

If you are visiting a website that uses the SolarScanner Plugin:

• The website owner is the Data Controller for your data
• Please refer to that website's privacy policy for information about how your data is collected and used
• To exercise your privacy rights, contact the website owner directly
• SolarScanner processes your data on behalf of the website owner

Data We Process Through the Plugin:

• Address/location information you enter for solar analysis
• Marketing analytics: traffic source, campaign data, device type, browser information, session data, and interaction events
• Solar analysis results and building information from Google Solar API

How This Data Is Used:

• To provide solar potential analysis for the address you enter
• To help website owners understand their traffic and marketing effectiveness
• To improve the SolarScanner service

Your Rights:

Even though SolarScanner is a Data Processor (not the Controller), we support your privacy rights. Contact the website owner to exercise rights such as:

• Access to your data
• Correction of inaccurate data
• Deletion of your data
• Objection to processing

7. Mode and Place of Processing the Data

Methods of Processing

The Owner takes appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Data.

The Data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In addition to the Owner, in some cases, the Data may be accessible to certain types of persons in charge, involved with the operation of this Application (administration, sales, marketing, legal, system administration) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by the Owner.

Centralized Backend Architecture

All SolarScanner platforms (Website, Mobile App, and Plugin) connect to our centralized backend servers for data processing. This architecture means:

• Address/location data from all platforms is processed through the same backend infrastructure
• Google Solar API requests are made from our backend servers
• Analytics data is aggregated and processed centrally
• Security measures are applied consistently across all platforms

Data Flow:

1. User enters address or grants location permission
2. Data is transmitted securely to SolarScanner backend servers
3. Backend makes requests to Google Solar API and other services
4. Results are returned to the user's device or browser
5. Analytics data is processed and stored for reporting

Place

The Data is processed at the Owner's operating offices and in any other places where the parties involved in the processing are located.

Primary data processing locations:

• SolarScanner servers: United States (via Vercel)
• Google Solar API: United States
• PostHog analytics: United States
• Cloudflare CDN: Global (edge locations)

Depending on the User's location, data transfers may involve transferring the User's Data to a country other than their own.

Retention Time

Unless specified otherwise in this document, Personal Data shall be processed and stored for as long as required by the purpose they have been collected for and may be retained for longer due to applicable legal obligation or based on the Users' consent.

Specific retention periods:

• Solar analysis data: Retained for the duration of your account plus 2 years
• Marketing analytics data: 26 months (PostHog default)
• Server logs: 90 days
• Account data: Duration of account plus legal retention requirements

8. The Purposes of Processing

The Data concerning the User is collected to allow the Owner to provide its Service, comply with its legal obligations, respond to enforcement requests, protect its rights and interests (or those of its Users or third parties), detect any malicious or fraudulent activity, as well as the following:

Primary Purposes:

1. Solar Potential Analysis

• Processing addresses and location data via Google Solar API
• Analyzing rooftop solar potential
• Generating energy production estimates
• Processing images for enhanced analysis (Mobile App)

2. Service Delivery

• Providing solar analysis results
• Enabling account management
• Processing transactions and subscriptions
• Delivering notifications and updates

3. Analytics and Improvement

• Understanding how users interact with our services
• Improving our products and features
• Analyzing traffic patterns and user behavior
• A/B testing and feature optimization

4. Marketing Analytics (Plugin)

• Tracking traffic sources and referrers for Plugin Users
• Campaign attribution and performance measurement
• Conversion tracking and funnel analysis
• Device and browser analytics

5. Communication

• Responding to inquiries and support requests
• Sending service-related notifications
• Marketing communications (with consent)

6. Legal and Security

• Complying with legal obligations
• Preventing fraud and abuse
• Enforcing our terms of service
• Protecting our rights and property

9. Detailed Information on the Processing of Personal Data

Location Processing

Analytics

Connecting Data

Contacting the User

Content Performance and Features Testing (A/B Testing)

Displaying Content from External Platforms

Handling Activities Related to Productivity

Heat Mapping and Session Recording

Hosting and Backend Infrastructure

Managing Data Collection and Online Surveys

Traffic Optimization and Distribution

App Store Distribution

10. Google APIs and Services

Google API Services User Data Policy

This Application uses Google API Services, including the Google Solar API and Google Places API. Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

For more information about Google's data practices, please see:

• Google Privacy Policy
• Google Maps Platform Terms of Service
• Google Solar API Policies

What Data We Share with Google

When you use our solar analysis features on any platform, we share the following data with Google via our centralized backend:

1. Address Information: Street addresses you enter for solar analysis
2. Geographic Coordinates: Latitude and longitude coordinates of properties
3. Building Identification: Data used to identify specific buildings for analysis

How Google Uses This Data

Google uses this data to:

• Provide solar potential analysis through the Google Solar API
• Return building insights, including roof dimensions and solar potential
• Provide address auto-completion through the Google Places API
• Generate solar irradiance and shading data

Google's Data Retention

Google may retain logs of API requests in accordance with their privacy policy. This includes:

• Account identifiers (API keys, project numbers)
• IP addresses
• Request parameters (including location data)
• Date and time of requests

For complete information on Google's data practices, please review Google's Privacy Policy.

Attribution

Solar data provided by this Application includes data from Google. Where applicable, the following attribution applies: "Source: Includes solar data from Google"

11. Further Information About the Processing of Personal Data

Notification of Data Collection

Mobile App: Before collecting sensitive data (location, camera), the Mobile App will request your explicit permission through the operating system's permission dialogs. These dialogs explain what data will be collected and why.

Website: Cookie consent is obtained through our cookie banner before non-essential trackers are activated.

Plugin: Plugin Users are responsible for obtaining consent from their End Users before data collection, where required by applicable law.

Your Control Over Your Data

You have control over your data:

Location Data:

• You may choose not to enter address information
• Mobile App: You can deny or revoke GPS location permission at any time
• You may request deletion of location data you've previously provided

Camera Data (Mobile App):

• Camera access is entirely optional
• You can deny or revoke camera permission at any time
• Photos are only uploaded when you explicitly choose to do so

Analytics Data:

• Website: Use our cookie preferences to opt out of analytics
• Mobile App: Disable analytics in app settings (if available) or through device privacy settings (Limit Ad Tracking on iOS, Opt out of Ads Personalization on Android)

Account Data:

• You may request access to, correction of, or deletion of your account data
• Contact support@solarscanner.ai to make such requests

Data Minimization

We only collect the minimum data necessary to provide our services:

• Location data is collected only when you initiate a solar analysis
• Camera data is collected only when you choose to capture or upload images
• Analytics data is limited to what is necessary for service improvement and marketing measurement

Sub-Processors

We use the following sub-processors to help deliver our services:

12. Cookies

Website and Mobile App Cookies

We use the following cookies:

• Essential: Authentication tokens to keep you logged in (required for the service to function)
• Functional: Google Maps API for address autocomplete during signup

We do not use analytics, advertising, or third-party tracking cookies.

Plugin Cookies

The SolarScanner Plugin may set cookies on websites where it is installed. These cookies are used for:

• Session management
• Analytics tracking (via PostHog)
• Remembering user preferences

Plugin Users are responsible for disclosing these cookies in their own cookie policies and obtaining appropriate consent from End Users.

13. Further Information for Users in the European Union

Legal Basis of Processing

The Owner may process Personal Data relating to Users if one of the following applies:

• Users have given their consent for one or more specific purposes.
• Provision of Data is necessary for the performance of an agreement with the User and/or for any pre-contractual obligations thereof;
• Processing is necessary for compliance with a legal obligation to which the Owner is subject;
• Processing is related to a task that is carried out in the public interest or in the exercise of official authority vested in the Owner;
• Processing is necessary for the purposes of the legitimate interests pursued by the Owner or by a third party.

Specific Legal Bases for Key Processing Activities:

Solar Analysis (Location Data):

Legal basis: Performance of contract; Consent. You provide your address to receive solar analysis results.

Camera Data (Mobile App):

Legal basis: Consent. You explicitly grant camera permission and choose to capture/upload images.

Analytics:

Legal basis: Legitimate interest (basic analytics); Consent (detailed tracking, session recording). Our legitimate interest is to understand and improve our services.

Marketing Communications:

Legal basis: Consent. You explicitly opt-in to receive marketing emails.

Further Information About Retention Time

Unless specified otherwise in this document, Personal Data shall be processed and stored for as long as required by the purpose they have been collected for and may be retained for longer due to applicable legal obligation or based on the Users' consent.

Therefore:

• Personal Data collected for purposes related to the performance of a contract between the Owner and the User shall be retained until such contract has been fully performed.
• Personal Data collected for the purposes of the Owner's legitimate interests shall be retained as long as needed to fulfill such purposes.

Once the retention period expires, Personal Data shall be deleted.

The Rights of Users Based on the General Data Protection Regulation (GDPR)

Users may exercise certain rights regarding their Data processed by the Owner. In particular, Users have the right to do the following, to the extent permitted by law:

• Withdraw their consent at any time.
• Object to processing of their Data.
• Access their Data.
• Verify and seek rectification.
• Restrict the processing of their Data.
• Have their Personal Data deleted or otherwise removed.
• Receive their Data and have it transferred to another controller.
• Lodge a complaint with a supervisory authority.

Details About the Right to Object to Processing

Where Personal Data is processed for a public interest, in the exercise of an official authority vested in the Owner or for the purposes of the legitimate interests pursued by the Owner, Users may object to such processing by providing a ground related to their particular situation to justify the objection.

Users must know that, however, should their Personal Data be processed for direct marketing purposes, they can object to that processing at any time, free of charge and without providing any justification.

How to Exercise These Rights

Any requests to exercise User rights can be directed to the Owner through the contact details provided in this document. Such requests are free of charge and will be answered by the Owner as early as possible and always within one month.

For Plugin End Users: If you are an End User and wish to exercise your rights, please contact the website owner (Data Controller) who uses the SolarScanner Plugin. They will coordinate with us as needed.

International Data Transfers

When you use our services, your data may be transferred to and processed in the United States by our third-party service providers, including Google LLC, Vercel Inc., and PostHog Inc. These transfers are made in accordance with applicable data protection laws and are subject to appropriate safeguards, including:

• Standard Contractual Clauses approved by the European Commission
• The EU-U.S. Data Privacy Framework (where applicable)
• Other legally recognized transfer mechanisms

14. Further Information for Users in Switzerland

This section applies to Users in Switzerland, and, for such Users, supersedes any other possibly divergent or conflicting information contained in the privacy policy.

Further details regarding the categories of Data processed, the purposes of processing, the categories of recipients of the personal data, if any, the retention period and further information about Personal Data can be found in the section titled "Detailed information on the processing of Personal Data" within this document.

The Rights of Users According to the Swiss Federal Act on Data Protection

Users may exercise certain rights regarding their Data within the limits of law, including the following:

• Right of access to Personal Data;
• Right to object to the processing of their Personal Data;
• Right to receive their Personal Data and have it transferred to another controller (data portability);
• Right to ask for incorrect Personal Data to be corrected.

How to Exercise These Rights

Any requests to exercise User rights can be directed to the Owner through the contact details provided in this document.

15. Further Information for Users in Brazil

This section applies to all Users in Brazil according to the "Lei Geral de Proteção de Dados" (the "LGPD"), and for such Users, it supersedes any other possibly divergent or conflicting information contained in the privacy policy.

The Grounds on Which We Process Your Personal Information

We can process your personal information solely if we have a legal basis for such processing. Legal bases include:

• Your consent to the relevant processing activities;
• Compliance with a legal or regulatory obligation;
• The carrying out of public policies provided in laws or regulations;
• The carrying out of a contract and its preliminary procedures;
• The exercising of our rights in judicial, administrative or arbitration procedures;
• Protection or physical safety of yourself or a third party;
• Our legitimate interests, provided that your fundamental rights and liberties do not prevail over such interests.

Your Brazilian Privacy Rights

You have the right to:

• Obtain confirmation of the existence of processing activities;
• Access your personal information;
• Have incomplete, inaccurate or outdated personal information rectified;
• Obtain the anonymization, blocking or elimination of unnecessary or excessive personal information;
• Obtain information on the possibility to provide or deny consent;
• Obtain information about third parties with whom we share your information;
• Obtain portability of your personal information;
• Obtain deletion of your personal information (with exceptions);
• Revoke your consent at any time;
• Lodge a complaint with the ANPD or consumer protection bodies.

How to File Your Request

You can file your request at any time by contacting support@solarscanner.ai

16. Further Information for Users in the United States

This section applies to Users who are residents in California, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Nevada, Delaware, Iowa, New Hampshire, New Jersey, Nebraska, Tennessee, Minnesota, Maryland, Indiana, Kentucky, Rhode Island and Montana.

Notice at Collection

Categories of Personal Information Collected:

Internet or other electronic network activity information

Personal Data: Trackers; Usage data; Device information; Page views; IP address; Browser information; Clicks; Browsing history

Identifiers

Personal Data: Trackers; IP address; Device information; Email address; Mobile device identifiers (IDFA, Advertising ID)

Geolocation data

Personal Data: Precise location (GPS); Address data; Geographic coordinates

Sensory data

Personal Data: Photos and images (Mobile App camera feature)

Inferences drawn from other personal information

Personal Data: User preferences; Behavior patterns; Marketing segments

Your Privacy Rights Under US State Laws

You may exercise certain rights regarding your Personal Information:

• The right to know what Personal Information we collect
• The right to access your Personal Information
• The right to correct inaccurate Personal Information
• The right to delete your Personal Information
• The right to obtain a copy of your Personal Information
• The right to opt out of the Sale of your Personal Information
• The right to opt out of Sharing for cross-context behavioral advertising
• The right to opt out of Targeted Advertising
• The right to limit use of Sensitive Personal Information
• The right to non-discrimination

How to Exercise Your Privacy Rights

To exercise your rights, contact us at support@solarscanner.ai

For opt-out requests, you can also use the privacy choices link on our website.

We will respond to your request within the timeframe required by applicable law (typically 45 days, with possible extensions).

17. Additional Information About Data Collection and Processing

Legal Action

The User's Personal Data may be used for legal purposes by the Owner in Court or in the stages leading to possible legal action arising from improper use of this Application or the related Services.

The User declares to be aware that the Owner may be required to reveal personal data upon request of public authorities.

Security Measures

We implement appropriate technical and organizational measures to protect Personal Data, including:

• Encryption of data in transit (TLS/SSL)
• Encryption of data at rest
• Access controls and authentication
• Regular security assessments
• Employee training on data protection
• Incident response procedures

Data Breach Notification

In the event of a data breach affecting Personal Data, we will:

• Notify affected Users without undue delay (within 72 hours where required)
• Notify relevant supervisory authorities as required by law
• Document the breach and our response
• Take steps to mitigate any harm

Changes to This Privacy Policy

The Owner reserves the right to make changes to this privacy policy at any time by notifying its Users on this page and possibly within this Application and/or sending a notice to Users via any contact information available.

It is strongly recommended to check this page often, referring to the date of the last modification listed at the top.

Should the changes affect processing activities performed on the basis of the User's consent, the Owner shall collect new consent from the User, where required.

18. Definitions and Legal References

Personal Data (or Data) / Personal Information (or Information)

Any information that directly, indirectly, or in connection with other information allows for the identification or identifiability of a natural person.

Sensitive Personal Information

Personal Information that is not publicly available and reveals information considered sensitive according to applicable privacy law, including precise geolocation, racial or ethnic origin, religious beliefs, and biometric data.

Usage Data

Information collected automatically through this Application, which can include: IP addresses, URI addresses, time of request, browser and operating system information, time details per visit, and navigation path.

Geographic Position / Location Data

Information about the geographic location of a User, including latitude and longitude coordinates, street addresses, GPS data, and building identification.

User

The individual using this Application who coincides with the Data Subject.

Data Subject

The natural person to whom the Personal Data refers.

Data Processor (or Processor)

The natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Controller.

Data Controller (or Owner)

The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.

End User

A visitor to a website that uses the SolarScanner Plugin. The End User's data is controlled by the website owner (Plugin User) and processed by SolarScanner.

Plugin User

A business customer who has installed the SolarScanner Plugin on their website. The Plugin User is the Data Controller for End User data collected through the Plugin.

This Application

The means by which the Personal Data of the User is collected and processed, including the Website, Mobile App, and Plugin.

Service

The service provided by this Application as described in the relative terms and on this site/application.

Sale

Any exchange of Personal Information by the Owner to a third party for monetary or other valuable consideration.

Sharing

Any communication of Personal Information to a third party for cross-context behavioral advertising.

Targeted Advertising

Displaying advertisements selected based on Personal Information obtained from activities over time and across websites to predict preferences.

19. Contact Us

If you have any questions about this Privacy Policy, please contact us:

Email:support@solarscanner.ai

For Plugin Users: To request a Data Processing Agreement or discuss data processing arrangements, contact support@solarscanner.ai

For End Users: If you are visiting a website that uses the SolarScanner Plugin, please contact that website's owner to exercise your privacy rights. The website owner can then coordinate with us as needed.

Legal Information

This privacy statement has been prepared based on provisions of multiple legislations, including:

• General Data Protection Regulation (GDPR) - EU
• California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
• Virginia Consumer Data Protection Act (VCDPA)
• Colorado Privacy Act (CPA)
• Connecticut Data Privacy Act (CTDPA)
• Lei Geral de Proteção de Dados (LGPD) - Brazil
• Swiss Federal Act on Data Protection
• Apple App Store Guidelines
• Google Play Store Policies
• Google API Services User Data Policy
• Google Maps Platform Terms of Service

This privacy policy relates solely to this Application, if not stated otherwise within this document.

Third-Party Privacy Policies

For your reference, here are links to the privacy policies of our key third-party service providers:

• Google Privacy Policy
• Google Maps Platform Terms
• Google Solar API Policies
• PostHog Privacy Policy
• Cloudflare Privacy Policy
• Vercel Privacy Policy
• HubSpot Privacy Policy
• Zapier Privacy Policy
• Apple Privacy Policy
• Google Play Privacy

Last updated: November 25, 2025

© 2025 Contractor Web App (CWA) Ltd. All rights reserved.