Data Privacy Policy - PVReactive

1. Data Controller

PVReactive, operated by PV Reactive SAS, is the data controller for the personal data processed through this application.

2. Data We Collect

When you connect your solar monitoring account to PVReactive, we collect and process:

From your monitoring portal (via OAuth):

Plant/installation metadata (name, location, nominal power)
Device information (inverter model, serial number, status)
Energy production measurements (power, energy yields, hourly data)
System notifications and alarms

Authentication data:

OAuth access tokens and refresh tokens (stored encrypted)
Token expiration timestamps

3. Purpose of Data Processing

Your data is processed for the following purposes:

Monitoring your photovoltaic installations' performance
Detecting anomalies and generating maintenance alerts
Providing production reports and performance analytics
Comparing actual production against theoretical estimates

4. Data Storage and Security

All OAuth tokens are encrypted at rest using AES-256 encryption
Data is stored on secured servers hosted in the European Union
Access to personal data is restricted to authorized personnel only
All API communications use TLS/HTTPS encryption in transit

5. Data Sharing

We do not sell, rent, or share your data with third parties. Data retrieved from your monitoring portal is used exclusively within PVReactive for the purposes described above.

6. Data Retention

Your data is retained for the duration of your PVReactive account. Upon account deletion or OAuth revocation, your tokens are immediately deleted and production data is removed within 30 days.

7. Your Rights (GDPR)

Under the General Data Protection Regulation, you have the right to:

Access your personal data
Rectify inaccurate data
Delete your data ("right to be forgotten")
Restrict processing
Data portability
Revoke consent at any time by disconnecting OAuth access

8. Contact

For any privacy-related inquiry, please contact us at contact@pvreactive.com.