Privacy Policy

Privacy Policy

This privacy notice for Daylight Energy, LLC ("we," "us," or "our"), describes the categories of personal data that we collect, how we use your personal data, how we secure your personal data, when we may disclose your personal data to third parties, and when we may transfer your personal data outside of your home jurisdiction, ("process") when you use our services ("Services"), such as when you:

• Visit our website at https://www.godaylight.com, or any website of ours that links to this privacy notice
• Download and use our mobile application (Daylight Energy), or any other application of ours that links to this privacy notice
• Engage with us in other related ways, including any sales, marketing, or events

This Privacy Policy also describes your rights regarding the personal data that we hold about you We will only process your personal data in accordance with this Privacy Notice unless otherwise required by applicable law. We take steps to ensure that the personal data that we collect about you is adequate, relevant, not excessive, and processed for limited purposes.

This privacy notice is focused on U.S. privacy requirements (particularly California law, commonly understood to be the most protective in the U.S.) while ensuring compliance, to the extent applicable, with applicable state energy regulations and public utility commission requirements in all jurisdictions where we operate and does not cover GDPR or other non-U.S. frameworks. Our Services are not directed to persons under 18, and we do not knowingly process information from anyone under 18 years of age, and we do not knowingly process information from anyone under 18 years of age. By using our Services, you agree to the practices and terms set out in this Privacy Notice and our Terms of Service.

Questions or concerns? Reading this privacy notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at support@godaylight.com.

SUMMARY OF KEY POINTS

This summary provides key points from our privacy notice, but you can find out more details about any of these topics by clicking the link following each key point or by using our table of contents below to find the section you are looking for.

What personal information do we process? When you visit, use, or navigate our Services, we may collect and process personal information depending on how you interact with us and the Services, the choices you make, and the products and features you use. Learn more about personal information you disclose to us.

Do we process any sensitive personal information? We may process sensitive personal information when necessary with your consent or as otherwise permitted by applicable law. Learn more about sensitive information we process.

Do we receive any information from third parties? We may receive information from public databases, marketing partners, social media platforms, and other outside sources. Learn more about information collected from other sources.

How do we process your information? We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent. We process your information only when we have a valid legal reason to do so. Learn more about how we process your information.

In what situations and with which types of parties do we share personal information? We may share information in specific situations and with specific categories of third parties. We strive to collect only the information needed to provide and improve our Services. Learn more about when and with whom we share your personal information.

How do we keep your information safe? We have organizational and technical measures and safeguards in place to protect your personal information. However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Learn more about how we keep your information safe.

What are your rights? Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal information. Learn more about your privacy rights.

How do you exercise your rights? The easiest way to exercise your rights is by submitting a data subject access request, or by contacting us. We will consider and act upon any request in accordance with applicable data protection laws.

Want to learn more about what we do with any information we collect? Review the privacy notice in full.

TABLE OF CONTENTS

1. ​WHAT INFORMATION DO WE COLLECT?
2. ​HOW DO WE PROCESS YOUR INFORMATION?
3. ​WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?
4. ​DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?
5. ​HOW DO WE HANDLE YOUR SOCIAL LOGINS?
6. ​HOW LONG DO WE KEEP YOUR INFORMATION?
7. ​HOW DO WE KEEP YOUR INFORMATION SAFE?
8. ​DO WE COLLECT INFORMATION FROM MINORS?
9. ​WHAT ARE YOUR PRIVACY RIGHTS?
10. ​CONTROLS FOR DO-NOT-TRACK FEATURES
11. ​DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?
12. ​DO WE MAKE UPDATES TO THIS NOTICE?
13. ​HOW CAN YOU CONTACT US ABOUT THIS NOTICE?
14. ​HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

1. WHAT INFORMATION DO WE COLLECT?

Personal information you disclose to us

In Short: We collect personal information that you provide to us or information about you from your use of our Services, particularly the Daylight Energy and from third parties authorized by you.

We collect personal information that you voluntarily provide to us when you register on the Services, express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us.

Personal Information Provided by You. The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The personal information we collect may include the following:

Categories of personal data:

Contact details and personal identification

When you create an account on Daylight Energy or interact with us, we collect your name, physical address, billing address, email, telephone number, usernames, passwords, contact or authentication data. If you participate in certain programs, we might also collect your utility account number or login credentials to connect your utility account

Daylight Energy Setup

A core part of our service is collecting and analyzing your energy consumption and production data. We collect data from your utility bills (such as monthly kWh usage, billing amounts, and rate plans) and, with your permission, we may gather more granular usage data (hourly or daily electricity usage) via integration with your utility provider or smart meter. If you have solar panels or battery storage (including Daylight-provided systems or third-party systems connected to our platform), we collect data on energy production, battery charge status, and usage. We may also track individual appliance or device usage to the extent you use devices or sensors that provide such data (for example, if you connect an energy monitoring device or smart plugs that report appliance-level consumption).

Energy Usage Data

We collect detailed energy consumption, production, and equipment data to provide our services. This may include sensitive information such as hourly/daily electricity usage patterns (revealing household routines), solar generation/battery storage metrics, and appliance-level consumption (if you connect third-party monitors).

Inferences

Using the data collected, Daylight may draw inferences about you reflecting your preferences, characteristics, or future behavior. For example, we might analyze your hourly energy usage data to infer when you are typically home or use your consumption history to estimate your interest in certain energy-saving products. We may combine various data points (home size, appliance usage patterns, local weather and tariff data) to create a profile of your energy habits and needs. These behavioral profiles help us personalize your experience, though they are inherently predictive and may not always perfectly reflect your situation.

Smart Devices Integration

When you connect third-party smart devices (thermostats, EV chargers, solar inverters, etc.) or Daylight hardware to our platform, we collect, device IDs, status/settings (e.g., thermostat setpoints), real-time energy usage/production, operational telemetry (e.g., battery output, HVAC run times).

All such device integration data is collected and used to provide you with real-time insights, automated control features, and recommendations for energy savings.

Customer Support, Communications & Interactions

When you contact us for support, we collect the information you provide – including your name, contact details, message content, and attachments. Under California law, this may constitute sensitive personal information if your communications reveal account credentials, or household details. We retain correspondence records (support tickets, call logs) for up to specified minimum period to assist you and improve our services.

If you receive service updates, verification texts, or promotional emails, we track engagement metrics (e.g., email opens/link clicks) solely to refine communications.

Sensitive Personal Information

When necessary, with your consent or as otherwise permitted by applicable law, we may process the following categories of sensitive information: certain financial information

Social Media Login Data

We may provide you with the option to register with us using your existing social media account details, like your Facebook, Twitter, or other social media account. If you choose to register in this way, we will collect the information described in the section called "HOW DO WE HANDLE YOUR SOCIAL LOGINS?" below.

Application Data

If you use our application(s), we also may collect the following information if you choose to provide us with access or permission:

• Geolocation Information. We may request access or permission to track location-based information from your mobile device, either continuously or while you are using our mobile application(s), to provide certain location-based services. If you wish to change our access or permissions, you may do so in your device's settings.
• Push Notifications. We may request to send you push notifications regarding your account or certain features of the application(s). If you wish to opt out from receiving these types of communications, you may turn them off in your device's settings.

This information is primarily needed to maintain the security and operation of our application(s), for troubleshooting, and for our internal analytics and reporting purposes.

All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.

Information Automatically Collected

In Short: Some information such as your Internet Protocol (IP) address and/or browser and device characteristics is collected automatically when you visit our Services.

We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information. This information is primarily needed to maintain the security and operation of our Services, and for our internal analytics and reporting purposes.

Like many businesses, we also collect information through cookies and similar technologies.

The information we collect includes:

• Location Data. We collect location data such as information about your device's location, which can be either precise or imprecise. How much information we collect depends on the type and settings of the device you use to access the Services. For example, we may use GPS and other technologies to collect geolocation data that tells us your current location (based on your IP address). You can opt out of allowing us to collect this information either by refusing access to the information or by disabling your Location setting on your device. However, if you choose to opt out, you may not be able to use certain aspects of the Services.
• Device identifiers and attributes: device type, operating system, browser type, unique device ID
• Network and internet activity: IP address, date and time of access, pages or screens viewed, links clicked, and the pages you visited before coming to our site.
• Cookies: We use cookies and similar tech (like web beacons) to remember preferences & keep you logged in, analyze site/app usage (e.g., via Google Analytics), serve tailored ads (where permitted by law). You can control or block cookies through your browser settings, as described in the Your Rights and Choices section below.

Information from other sources (third parties)

We may receive information about you from other sources to supplement what you provide. For example:

• If you choose to connect your utility account via a third-party service (e.g. use APIs to verify your identity, verify your home’s title, process payments), or connect smart home devices, that service will provide us with your historical energy usage data, rates, and other account info from your utility company.
• If you undergo identity or credit verification through our integrated partners (e.g. an identity validation service, or a credit bureau API) as part of a transaction, we receive confirmation of your identity or credit score range necessary for the PPA/financing decision.
• We might receive property data from public records or third-party databases (for instance, confirming that you are the property owner of the address you provided, via title records API).
• If someone referred you to Daylight, we may have received your name and contact details from that person (as noted above), which we use solely to send you an invite or referral message.
• We could also receive marketing lead information from partners (for example, if you attended an event or signed up on a partner’s website requesting info about home energy upgrades, that partner might forward your details to us with your consent).

2. HOW DO WE PROCESS YOUR INFORMATION?

In Short: We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent.

We process your personal information for a variety of reasons, depending on how you interact with our Services, including:

To provide our Services to you

• To facilitate account creation and authentication and otherwise manage user accounts. We may process your information so you can create and log in to your account, as well as keep your account in working order.
• To deliver and facilitate delivery of services to the user. We may process your information to provide you with the requested service.
• To respond to user inquiries/offer support to users. We may process your information to respond to your inquiries and solve any potential issues you might have with the requested service.
• To fulfill and manage your orders. We may process your information to fulfill and manage your orders, payments, returns, and exchanges made through the Services.
• . To understand, triage and fix issues or concerns with our Services. .
• To evaluate and improve our Services, products, marketing, and your experience. We may process your information when we believe it is necessary to identify usage trends, determine the effectiveness of our promotional campaigns, and to evaluate and improve our Services, products, marketing, and your experience.
• Administer Rewards and Programs: When you participate in the Daylight rewards program or other promotions, we use your information to administer these programs.

To communicate with you

• To send administrative information to you. We may process your information to send you details about our products and services, changes to our terms and policies, and other similar information. To request feedback. We may process your information when necessary to request feedback and to contact you about your use of our Services
• To respond to your enquiries and receive your reports.
• To send you marketing and promotional communications. We may process the personal information you send to us for our marketing purposes, if this is in accordance with your marketing preferences. You can opt out of our marketing emails at any time. For more information, see "WHAT ARE YOUR PRIVACY RIGHTS?" below.
• To deliver targeted advertising to you. We may process your information to develop and display personalized content and advertising tailored to your interests, location, and more.
• To post testimonials. We post testimonials on our Services that may contain personal information.
• To administer prize draws and competitions. We may process your information to administer prize draws and competitions.
• To evaluate and improve our Services, products, marketing, and your experience. We may process your information when we believe it is necessary to identify usage trends, determine the effectiveness of our promotional campaigns, and to evaluate and improve our Services, products, marketing, and your experience.
• To identify usage trends. We may process information about how you use our Services to better understand how they are being used so we can improve them.
• To determine the effectiveness of our marketing and promotional campaigns. We may process your information to better understand how to provide marketing and promotional campaigns that are most relevant to you.

Product improvements

• To evaluate the potential for participation in energy efficiency programs. To plan, implement and evaluate energy-use and efficiency programs, such as demand response programs.
• To evaluate potential energy upgrades. To assess the suitability of your home for energy upgrades, including but not limited to solar systems, more efficient HVAC, electrical upgrades, etc.
• To protect our Services. We may process your information as part of our efforts to keep our Services safe and secure, including fraud monitoring and prevention. This includes monitoring for suspicious account activity or unauthorized access, verifying identity to prevent fraud, and using data to troubleshoot and debug technical issues that could compromise security. If we detect potential fraud or misuse (for example, someone attempting to game the rewards system or an unauthorized login attempt), we will use relevant data (IP address, account behavior, etc.) to investigate and take appropriate action. We may also use surveillance measures like audit logs to track access to sensitive information within our company, helping protect your data from internal misuse.

Other circumstances

• Legal Compliance & Enforcement: We process personal information to:
  • Comply with legal obligations, including, responding to lawful requests from authorities, fulfilling regulatory reporting requirements (e.g., aggregated energy savings for state incentive programs), fulfilling regulatory reporting requirements under applicable state energy laws (e.g., aggregated energy savings for state incentive programs, renewable energy credit reporting, energy efficiency program compliance), ensuring adherence to state and federal energy regulations, including public utility commission requirements, complying with state-specific privacy laws and energy data protection requirements and coordinating with utility partners to meet their regulatory obligations in each service territory.
  • Enforce legal rights, including preserving or using data to establish/defend legal claims, enforcing contracts, Terms of Service, or agreements (e.g., resolving disputes related to your account or PPA).
  • Notify of material changes to our Terms or Policy using your contact information, where legally mandated.

We will not use your personal information for purposes that are incompatible with the above, unless we obtain your consent or have a legal obligation to do so. If we intend to use your data in a materially new way, we will notify you or seek consent as required.

3. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

In Short: We may share or sell information in specific situations described in this section and/or with the following categories of third parties.

We may sell personal information in compliance with applicable law. This means that we may disclose your personal information to third parties in exchange for monetary or other valuable consideration. Before doing so, we will provide you with notice and an opportunity to opt out, if required by applicable privacy laws. If you choose to opt out, we will not sell your personal information. With respect to your utility account data, you may revoke access at any time through your account settings.

We understand that your personal and energy data is sensitive, and we only share it in specific circumstances. You agree that we may share your information with third parties for business purposes or at your direction, as outlined below:

Vendors, Consultants, and Other Third-Party Service Providers. We may share your data with third-party vendors, service providers, contractors, or agents ("third parties") who perform services for us or on our behalf and require access to such information to do that work. Where practicable, such third parties are contractually bound to protect your information and use it only for our specified purposes. The categories of third parties we may share personal information with are as follows:

• Energy market participants:
  • Regulatory & Grid Operations: (i) To comply with legal reporting obligations (e.g., aggregated or specific solar and battery generation data for federal, state, local or utility incentive programs like California’s SGIP or similar state initiatives) and (ii) for vital grid reliability during emergencies (e.g., load adjustments via connected devices during Flex Alerts or similar programs, with your opt-in). Sharing aggregated or anonymized data with state energy offices, public utility commissions, or other regulatory bodies as required by applicable state energy laws and regulations. Participation in interstate energy programs or regional grid coordination activities as authorized by applicable state regulations.
  • Customer-Requested Services: (i) To enable programs you join (e.g., sharing pseudonymized account specific usage data with utilities like PG&E for demand response) and (ii) to facilitate peer-to-peer energy trading (e.g., wallet IDs and trade volumes with service platforms, with explicit consent).
  • Partner Integrations: To fulfill contractual agreements (e.g., solar production data shared with financiers like for PPA billing).
  • Utility Data
• Communication & Collaboration Tools. These include email, text, and push notification providers (to send out communications on our behalf, such as an email newsletter or an installation reminder text).
• Technical support and customer service tools (for managing support tickets, chat communications, or call centers if we use third-party support services).
• Data Analytics Services (who assist in analyzing app usage or measuring the effectiveness of our communications and features).
• Data Storage Service Providers (or secure storage of databases and files, including your energy data and account info)
• User Account Registration & Authentication Services.Solar Installers.
• Home Service Providers: When you request energy upgrades or device integrations, we share minimized data with necessary third parties such as installers/contractors (solar, batteries, retrofits) (contact info, address, project specs, and OEMs/shippers (Daylight Store orders) (Shipping details for delivery/warranty service. All partners are: (i) contractually bound to use data solely for your service; (ii) Required to implement confidentiality safeguards; (iii) prohibited from secondary data use.
• Utility & Energy Program Partners: In cases where our Services interface with your utility or with wider energy programs, we share minimized data with utilities/program partners only when essential for demand response/net metering enrollment (e.g., name, address, utility account, battery feed-in data) and community energy initiatives (e.g., aggregated solar data with community choice aggregators/grid operators).Retail Energy Suppliers
• Payment processors and financial services partners (who handle credit card transactions, bank drafts for PPA payments, or digital wallet integrations - we do not store full payment account details on our own servers; these are handled by compliant payment processors).
• Identity verification and credit bureaus (for running credit checks or ID verifications when you apply for certain programs; they receive the necessary personal data to provide a credit decision or verification result, and we receive back summary information like approval status or credit score band).

We also may need to share your personal information in the following situations:

• Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
• When we use Google Maps Platform APIs. We may share your information with certain Google Maps Platform APIs (e.g., Google Maps API, Places API). We use certain Google Maps Platform APIs to retrieve certain information when you make location-specific requests. This includes: Utility Meter Location; and other similar information. A full list of what we use information for can be found in this section and in the previous section titled "HOW DO WE PROCESS YOUR INFORMATION?" We obtain and store on your device ("cache") your location. You may revoke your consent anytime by contacting us at the contact details provided at the end of this document. The Google Maps Platform APIs that we use store and access cookies and other information on your devices. If you are a user currently in the European Economic Area (EU countries, Iceland, Liechtenstein, and Norway) or the United Kingdom, please take a look at our Cookie Notice.
• Affiliates. We may share your information with our affiliates, in which case we will require those affiliates to honor this privacy notice. Affiliates include our parent company and any subsidiaries, joint venture partners, or other companies that we control or that are under common control with us.
• Business Partners. We may share your information with our business partners to offer you certain products, services, or promotions.
• Offer Wall. Our application(s) may display a third-party hosted "offer wall." Such an offer wall allows third-party advertisers to offer virtual currency, gifts, or other items to users in return for the acceptance and completion of an advertisement offer. Such an offer wall may appear in our application(s) and be displayed to you based on certain data, such as your geographic area or demographic information. When you click on an offer wall, you will be brought to an external website belonging to other persons and will leave our application(s). A unique identifier, such as your user ID, will be shared with the offer wall provider in order to prevent fraud and properly credit your account with the relevant reward.
• Legal Compliance and Protection: We may disclose your information when we believe in good faith that such disclosure is necessary to comply with a legal obligation or request. This includes responding to subpoenas, court orders, or other legal process; cooperating with regulatory or law enforcement investigations (for example, providing information to a government agency if required by law or for safety reasons); or reporting to authorities as required by energy regulations. We may also disclose information as necessary to enforce our rights or agreements – for example, to collect overdue payments, to mitigate our liability in actual or threatened legal claims, or to investigate and prevent fraudulent or illegal activity involving our Services. In any scenario of required disclosure, we will attempt to limit the information to only what is necessary and will object to overbroad requests when appropriate.

4. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

In Short: We may use cookies and other tracking technologies to collect and store your information.

We may use cookies and similar tracking technologies (like web beacons and pixels) to access or store information. Specific information about how we use such technologies and how you can refuse certain cookies is set out in our Cookie Notice.

5. HOW DO WE HANDLE YOUR SOCIAL LOGINS?

In Short: If you choose to register or log in to our Services using a social media account, we may have access to certain information about you.

Our Services offer you the ability to register and log in using your third-party social media account details (like your Facebook or Twitter logins). Where you choose to do this, we will receive certain profile information about you from your social media provider. The profile information we receive may vary depending on the social media provider concerned, but will often include your name, email address, friends list, and profile picture, as well as other information you choose to make public on such a social media platform.

We will use the information we receive only for the purposes that are described in this privacy notice or that are otherwise made clear to you on the relevant Services. Please note that we do not control, and are not responsible for, other uses of your personal information by your third-party social media provider. We recommend that you review their privacy notice to understand how they collect, use, and share your personal information, and how you can set your privacy preferences on their sites and apps.

6. HOW LONG DO WE KEEP YOUR INFORMATION?

In Short: We keep your information for as long as necessary to fulfill the purposes outlined in this privacy notice unless a longer retention period is required by law.

We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy notice, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements). In practice, the length of time we keep different types of data will vary based on the context. However, no purpose in this notice will require us keeping your personal information for longer than thirty-six (36) months past the termination of the user's account.

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

7. HOW DO WE KEEP YOUR INFORMATION SAFE?

In Short: We aim to protect your personal information through a system of organizational and technical security measures.

We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process. Such measures include the following:

• Encryption: We transmit sensitive personal information (such as financial data and identity details) over the Internet using encryption protocols (e.g. HTTPS/TLS) to prevent eavesdropping. Certain sensitive information may also be encrypted at rest in our databases or on our servers. For example, passwords (if ever used) are stored in hashed form, and any sensitive fields like Social Security numbers are encrypted in our records.
• Access Controls: We limit access to personal information to those employees, contractors, and service providers who need the data to perform their job duties. All Daylight staff are bound by confidentiality obligations and trained on data privacy and security practices.
• Network and System Security: Our platform is built with security in mind. We employ firewalls, intrusion detection systems, and routine vulnerability scanning to protect our network and prevent attacks. We keep our software and infrastructure updated with the latest security patches.
• Monitoring and Testing: Daylight continuously monitors its systems for potential vulnerabilities and security events. We have systems in place to log and detect unusual activities. Periodically, we conduct security assessments and penetration tests through qualified experts to probe our defenses and ensure our applications and APIs are secure.
• Payment and Sensitive Data Handling: Any time we deal with payment information or identity verification data, we follow industry best practices (for example, complying with PCI-DSS standards for handling credit card data). As noted, much of that sensitive data is processed directly by our payment and verification partners, who specialize in secure data handling, meaning we do not keep full payment account numbers on our own servers. For data like utility credentials, we often rely on tokenized access (where you authenticate with the utility through a secure API and we get a token rather than your raw username/password).

However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information.

In the unlikely event of a data breach or security incident that compromises your personal information, we will notify you and the appropriate authorities as required by applicable law. We have a breach response plan in place to quickly mitigate and communicate any such incidents.

Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk. You should only access the Services within a secure environment. As a user, you also play a role in keeping your data safe. Please use unique, strong authentication for your accounts (if applicable) and safeguard your account credentials. Notify us immediately if you suspect any unauthorized access to your account or a security vulnerability in our Services.

8. DO WE COLLECT INFORMATION FROM MINORS?

In Short: We do not knowingly collect data from or market to children under 18 years of age.

We do not knowingly solicit data from or market to children under 18 years of age. By using the Services, you represent that you are at least 18 or that you are the parent or guardian of such a minor and consent to such minor dependent’s use of the Services. If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data we may have collected from children under age 18, please contact us at admin@godaylight.com.

9. WHAT ARE YOUR PRIVACY RIGHTS?

In Short: You may review, change, or terminate your account at any time.

Withdrawing your consent: If we are relying on your consent to process your personal information, which may be express and/or implied consent depending on the applicable law, you have the right to withdraw your consent at any time. You can withdraw your consent at any time by contacting us by using the contact details provided in the section "HOW CAN YOU CONTACT US ABOUT THIS NOTICE?" below.

However, please note that this will not affect the lawfulness of the processing before its withdrawal nor, when applicable law allows, will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.

Account Information

If you would at any time like to review or change the information in your account or terminate your account, you can:

• Log in to your account settings and update your user account.

Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, we may retain some information in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our legal terms and/or comply with applicable legal requirements.

Cookies and similar technologies: Most Web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove cookies and to reject cookies. If you choose to remove cookies or reject cookies, this could affect certain features or services of our Services.

If you have questions or comments about your privacy rights, you may email us at admin@godaylight.com.

10. CONTROLS FOR DO-NOT-TRACK FEATURES

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track ("DNT") feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this privacy notice.

1. DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

In Short: We comply with the most stringent State-level privacy laws and energy regulatory requirements across all jurisdictions where we operate.

What categories of personal information do we collect?

We have collected the following categories of personal information in the past twelve (12) months:

Category

Examples

Collected

1. Identifiers
   1. Contact details, such as real name, alias, postal address, telephone or mobile contact number, unique personal identifier, online identifier, Internet Protocol
   2. Address, email address, and account name
   3. Not Collected
      
2. Personal information as defined in the California Customer Records statute
   1. Name, contact information, education, employment, employment history, and financial information.
   2. Not Collected
      
3. Protected classification characteristics under state or federal law
   1. Gender and date of birth
   2. Not Collected
      
4. Commercial information
   1. Transaction information, purchase history, financial details, and payment information
   2. Not Collected
      
5. Biometric information
   1. Fingerprints and voiceprints
   2. Not Collected
      
6. Internet or other similar network activity
   1. Browsing history, search history, online behavior, interest data, and interactions with our and other websites, applications, systems, and advertisements
   2. Not Collected
      
7. Geolocation data
   1. Device location
   2. Not Collected
      
8. Audio, electronic, visual, thermal, olfactory, or similar information
   1. Images and audio, video or call recordings created in connection with our business activities
   2. Not Collected
      
9. Professional or employment-related information
   1. Business contact details in order to provide you our Services at a business level or job title, work history, and professional qualifications if you apply for a job with us
   2. Not Collected
      
10. Education Information
    1. Student records and directory information
    2. Not Collected
       
11. Inferences drawn from collected personal information
    1. Inferences drawn from any of the collected personal information listed above to create a profile or summary about, for example, an individual’s preferences and characteristics
    2. Yes
       
12. Sensitive personal Information
    1. Not Collected

We will use and retain the collected personal information as needed to provide the Services or for:

• Category K - As long as the user has an account with us

We may also collect other personal information outside of these categories through instances where you interact with us in person, online, or by phone or mail in the context of:

• Receiving help through our customer support channels;
• Participation in customer surveys or contests; and
• Facilitation in the delivery of our Services and to respond to your inquiries.

How do we use and share your personal information?

Learn about how we use your personal information in the section, "HOW DO WE PROCESS YOUR INFORMATION?"

Will your information be shared with anyone else?

We may disclose your personal information with our service providers pursuant to a written contract between us and each service provider. Learn more about how we disclose personal information to in the section, "WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?"

We may use your personal information for our own business purposes, such as for undertaking internal research for technological development and demonstration. This is not considered to be "selling" of your personal information.

We have not sold or shared any personal information to third parties for a business or commercial purpose in the preceding twelve (12) months. We have disclosed the following categories of personal information to third parties for a business or commercial purpose in the preceding twelve (12) months:

The categories of third parties to whom we disclosed personal information for a business or commercial purpose can be found under "WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?"

California Residents

California Civil Code Section 1798.83, also known as the "Shine The Light" law permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided below.

If you are under 18 years of age, reside in California, and have a registered account with the Services, you have the right to request removal of unwanted data that you publicly post on the Services. To request removal of such data, please contact us using the contact information provided below and include the email address associated with your account and a statement that you reside in California. We will make sure the data is not publicly displayed on the Services, but please be aware that the data may not be completely or comprehensively removed from all our systems (e.g., backups, etc.).

CCPA Privacy Notice

This section applies only to California residents. Under the California Consumer Privacy Act (CCPA), you have the rights listed below. The California Code of Regulations defines a "residents" as:

1. every individual who is in the State of California for other than a temporary or transitory purpose and
2. every individual who is domiciled in the State of California who is outside the State of California for a temporary or transitory purpose All other individuals are defined as "non-residents."

If this definition of "resident" applies to you, we must adhere to certain rights and obligations regarding your personal information.

Your rights with respect to your personal data

Right to request deletion of the data Request to delete

You can ask for the deletion of your personal information. If you ask us to delete your personal information, we will respect your request and delete your personal information, subject to certain exceptions provided by law, such as (but not limited to) the exercise by another consumer of his or her right to free speech, our compliance requirements resulting from a legal obligation, or any processing that may be required to protect against illegal activities.

Right to be informed Request to know

Depending on the circumstances, you have a right to know:

• whether we collect and use your personal information;
• the categories of personal information that we collect;
• the purposes for which the collected personal information is used;
• whether we sell or share personal information to third parties;
• the categories of personal information that we sold, shared, or disclosed for a business purpose;
• the categories of third parties to whom the personal information was sold, shared, or disclosed for a business purpose;
• the business or commercial purpose for collecting, selling, or sharing personal information; and
• the specific pieces of personal information we collected about you.

In accordance with applicable law, we are not obligated to provide or delete consumer information that is de-identified in response to a consumer request or to re- identify individual data to verify a consumer request.

Right to Non-Discrimination for the Exercise of a Consumer’s Privacy Rights

We will not discriminate against you if you exercise your privacy rights.

Right to Limit Use and Disclosure of Sensitive Personal Information

We do not process consumer's sensitive personal information.

Verification process

Upon receiving your request, we will need to verify your identity to determine you are the same person about whom we have the information in our system. These verification efforts require us to ask you to provide information so that we can match it with information you have previously provided us. For instance, depending on the type of request you submit, we may ask you to provide certain information so that we can match the information you provide with the information we already have on file, or we may contact you through a communication method (e.g., phone or email) that you have previously provided to us. We may also use other verification methods as the circumstances dictate.

We will only use personal information provided in your request to verify your identity or authority to make the request. To the extent possible, we will avoid requesting additional information from you for the purposes of verification. However, if we cannot verify your identity from the information already maintained by us, we may request that you provide additional information for the purposes of verifying your identity and for security or fraud-prevention purposes. We will delete such additionally provided information as soon as we finish verifying you.

Other privacy rights

• You may object to the processing of your personal information.
• You may request correction of your personal data if it is incorrect or no longer relevant, or ask to restrict the processing of the information.
• You can designate an authorized agent to make a request under the CCPA on your behalf. We may deny a request from an authorized agent that does not submit proof that they have been validly authorized to act on your behalf in accordance with the CCPA.
• You may request to opt out from future selling or sharing of your personal information to third parties. Upon receiving an opt-out request, we will act upon the request as soon as feasibly possible, but no later than fifteen (15) days from the date of the request submission.

To exercise these rights, you can contact us by submitting a data subject access request, by email at admin@godaylight.com, or by referring to the contact details at the bottom of this document. If you have a complaint about how we handle your data, we would like to hear from you.

Virginia Residents

Under the Virginia Consumer Data Protection Act (VCDPA):

"Consumer" means a natural person who is a resident of the Commonwealth acting only in an individual or household context. It does not include a natural person acting in a commercial or employment context.

"Personal data" means any information that is linked or reasonably linkable to an identified or identifiable natural person. "Personal data" does not include de-identified data or publicly available information.

"Sale of personal data" means the exchange of personal data for monetary consideration.

If this definition of "consumer" applies to you, we must adhere to certain rights and obligations regarding your personal data.

Your rights with respect to your personal data

• Right to be informed whether or not we are processing your personal data
• Right to access your personal data
• Right to correct inaccuracies in your personal data
• Right to request deletion of your personal data
• Right to obtain a copy of the personal data you previously shared with us
• Right to opt out of the processing of your personal data if it is used for targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects ("profiling")

Exercise your rights provided under the Virginia VCDPA

You may contact us by email at admin@godaylight.com or submit a data subject access request.

If you are using an authorized agent to exercise your rights, we may deny a request if the authorized agent does not submit proof that they have been validly authorized to act on your behalf.

Verification process

We may request that you provide additional information reasonably necessary to verify you and your consumer's request. If you submit the request through an authorized agent, we may need to collect additional information to verify your identity before processing your request.

Upon receiving your request, we will respond without undue delay, but in all cases, within forty-five (45) days of receipt. The response period may be extended once by forty-five (45) additional days when reasonably necessary. We will inform you of any such extension within the initial 45-day response period, together with the reason for the extension.

Right to appeal

If we decline to take action regarding your request, we will inform you of our decision and reasoning behind it. If you wish to appeal our decision, please email us at admin@godaylight.com. Within sixty (60) days of receipt of an appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If your appeal is denied, you may contact the Attorney General to submit a complaint.

1. INTERNATIONAL TRANSFERS

In Short: We do not transfer your data outside the United States unless authorized or initiated by you.

We store the information we collect from or about you in the United States and may transfer it outside your country. When doing so, we put in place appropriate safeguards to afford adequate protection for your personal information.

Our Services are hosted in the United States and intended for visitors located within the United States. If you choose to use the Services from the EEA, the UK, or other regions of the world with laws governing data collection and use that may differ from US law, please note that you are transferring your personal information outside of those regions to the United States for storage and processing. We may transfer personal information from the EEA or the UK to the United States and other countries based on European Commission-approved or UK Government-approved Standard Contractual Clauses, or otherwise in accordance with applicable data protection laws.

Also, we may transfer your data from the United States to other countries or regions in connection with storage and processing of data, fulfilling your requests, utilizing third party analytics services, and operating the Services. When transferring personal data to a third party acting as an agent, we may: (i) transfer such data only for limited and specified purposes; (ii) ensure the agent is obliged to provide at least a comparable level of privacy protection; (iii) take reasonable steps to ensure effective processing consistent with Daylight’s obligations; (iv) request the agent to notify Daylight if it determines it cannot provide the same level of protection; (v) upon notice, take reasonable steps to stop and remediate unauthorized processing; and (vi) provide relevant privacy provisions of its contract with the agent upon request.

By providing any information, including personal information, on or to the Services, you consent to such transfer, storage, and processing.

2. DO WE MAKE UPDATES TO THIS NOTICE?

In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws.

We may update this privacy notice from time to time. The updated version will be indicated by an updated "Revised" date and the updated version will be effective as soon as it is accessible. If we make material changes to this privacy notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this privacy notice frequently to be informed of how we are protecting your information.

3. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

If you have questions or comments about this notice, you may email us at admin@godaylight.com or contact us by post at:

Daylight Energy, LLC

79 Walker St, Floor 5,

New York, NY 10013

HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

Based on the applicable laws of your country, you may have the right to request access to the personal information we collect from you, change that information, or delete it. To request to review, update, or delete your personal information, please fill out and submit a data subject access request.