Privacy Policy

Last updated: March 2026

KilowattAI (“we”, “us”, “our”) operates a smart-thermostat precooling optimization service. This Privacy Policy explains how we collect, use, and protect your information when you use our service.

1. Information We Collect

We collect the following categories of information:

  • Account information: your name and email address, collected when you create an account or sign in via Google OAuth.
  • Thermostat data: temperature readings, setpoints, HVAC runtime, equipment status, and schedule information obtained from your connected thermostat.
  • Home profile:your home location (ZIP code or coordinates), home size, insulation characteristics, and other information you provide to help us model your home's thermal behavior.
  • Energy usage patterns: historical and real-time thermostat activity used to calibrate our thermal models and estimate energy savings.
  • Utility rate information: your electricity rate plan, including time-of-use pricing schedules.

2. How We Use Your Information

We use your information to:

  • Run precooling optimization algorithms that adjust your thermostat ahead of peak-rate periods to reduce electricity costs.
  • Calibrate thermal models of your home to improve optimization accuracy over time.
  • Calculate and display estimated energy cost savings.
  • Authenticate your account and maintain your session.
  • Communicate service updates or important account notices.

3. Third-Party Services

Our service integrates with the following third-party platforms:

  • Ecobee API: to read thermostat data and send setpoint adjustments for Ecobee devices.
  • Google Nest / Google Device Access API: to read thermostat data and send setpoint adjustments for Nest devices.
  • Honeywell Home API: to read thermostat data and send setpoint adjustments for Honeywell devices.
  • OpenEI: to look up utility rate structures for your location.

We access these services only with your explicit authorization via OAuth. We do not sell your data to any third party.

4. Data Storage and Security

Your data is stored in a PostgreSQL database hosted on Google Cloud Platform. Thermostat vendor credentials (OAuth tokens) are encrypted at rest using AES-256 encryption. All network communication uses TLS. We follow industry-standard practices to protect your information from unauthorized access.

5. Data Retention

We retain your account data and thermostat history for as long as your account is active. If you delete your account, we will delete all associated personal data and thermostat records within 30 days. Aggregated, anonymized data that cannot identify you may be retained for service improvement purposes.

6. Your Rights

You have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate information in your account.
  • Delete your account and all associated data.
  • Export your data in a machine-readable format.
  • Revoke thermostat vendor access at any time by unlinking your device.

To exercise any of these rights, contact us at [email protected].

7. Notice to California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA). These include the right to know what personal information we collect, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell personal information. To submit a CCPA request, email [email protected] with the subject line “CCPA Request”.

8. Children's Privacy

Our service is not directed at children under 13. We do not knowingly collect personal information from children under 13.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the service. Continued use of the service after changes take effect constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy, contact us at: [email protected]