Meval
Log InContactSign Up

Privacy Policy

Last updated: March 2026

1. Introduction

This Privacy Policy explains how HEBES Intelligence collects, uses, stores, and protects personal data when you use our web-based platform for measurement and verification (M&V) of energy savings in buildings ("Service").

We are committed to protecting your privacy in accordance with the EU General Data Protection Regulation (GDPR).

2. Categories of Data We Collect

We collect the following categories of data:

2.1 Account Data

  • Name
  • Email address
  • Password (hashed)
  • Organization (if applicable)

2.2 Building and Energy Data (User-Provided)

  • Building characteristics (geometry, size, usage type)
  • Energy consumption data
  • Meter readings
  • HVAC system configuration

2.3 Sensor and Time-Series Data

  • IoT sensor readings (temperature, humidity, occupancy, etc.)
  • Smart meter data (electricity, gas, heating/cooling)
  • Time-stamped operational data

This data may be linked to buildings and/or user accounts.

2.4 Usage and Technical Data

  • IP address
  • Device and browser information
  • Log data (access times, actions performed)
  • Error and performance logs

2.5 Derived Data

We may generate:

  • Energy performance indicators
  • Energy savings estimates
  • Analytical models and predictions
  • Verification reports

3. Legal Basis for Processing (GDPR Article 6)

We process personal data based on:

  • Contract (Art. 6(1)(b)): To provide the Service you request
  • Legitimate interests (Art. 6(1)(f)): To improve, secure, and maintain the Service
  • Legal obligation (Art. 6(1)(c)): Where required by applicable law
  • Consent (Art. 6(1)(a)): Where explicitly requested (e.g., optional analytics)

4. Purpose of Processing

We use your data to:

  • Provide access to the M&V platform
  • Process building and energy datasets
  • Run analytical and machine learning models
  • Generate energy efficiency insights and reports
  • Maintain system security and prevent abuse
  • Improve platform performance and functionality
  • Provide user support

We do not sell personal data.

5. Data Sharing and Disclosure

We may share data with:

5.1 Service Providers

  • Cloud hosting providers
  • Database and infrastructure providers
  • Monitoring and logging tools

These providers act as data processors under GDPR.

5.2 Legal Requirements

We may disclose data if required to:

  • Comply with legal obligations
  • Respond to lawful requests by authorities
  • Protect our rights or prevent fraud

5.3 No Unauthorized Sharing

We do not share your data with third parties for unrelated commercial purposes.

6. Data Retention

We retain data only as long as necessary:

  • Account data: for the duration of your account
  • Building and sensor data: as long as required to provide the Service
  • Logs: typically up to 6 months
  • Derived outputs: retained unless deletion is requested or contract ends

After retention periods, data is deleted.

7. Data Security

We implement appropriate technical and organizational measures, including:

  • Encryption in transit (TLS)
  • Access control and authentication
  • Role-based permissions
  • Secure storage infrastructure
  • Monitoring and logging for abuse detection

However, no system can guarantee absolute security.

8. Your Rights Under GDPR

You have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Request deletion ("right to be forgotten")
  • Restrict processing
  • Data portability
  • Object to processing
  • Withdraw consent (where applicable)
To exercise your rights,
contact us

9. Data Deletion

You may request deletion of your account and associated data. We will comply unless retention is required for legal or legitimate business purposes.

10. Cookies and Tracking

We may use cookies or similar technologies to:

  • Maintain session authentication
  • Improve user experience
  • Analyze platform usage (optional)

You can control cookies via browser settings.

11. Automated Decision-Making

The Service uses automated processing and machine learning to:

  • Analyze energy consumption patterns
  • Estimate energy savings
  • Generate performance models

These outputs are decision-support tools only and are not legally binding or fully autonomous decisions under GDPR Article 22.

12. Children's Data

The Service is not intended for individuals under 16 years of age. We do not knowingly collect data from minors.

13. Changes to This Policy

We may update this Privacy Policy periodically. Users will be notified of significant changes via the platform or email.

14. Contact

For privacy-related questions or requests,
contact us