Piq Energy

PRIVACY POLICY

Last updated 5/28/2026

This privacy notice for Piq Energy Corp (“Company,” “Piq Energy,” “we,” “us,” or “our“), describes how and why we might collect, store, use, and/or share (“process“) your information when you use our services (“Services“), such as when you:

Visit our website at piqenergy.com, or any website of ours that links to this privacy notice
Use the Piq platform to run grid studies, manage project portfolios, evaluate sites, or access energy market data
Engage with us in other related ways, including sales inquiries, marketing, demonstrations, or events such as webinars

Data Controller and Data Processor. When we collect your account information, contact details, and payment information, we act as a data controller and process such information in accordance with this privacy notice. When you submit data to the Piq platform (such as grid study inputs, project specifications, and portfolio data), we act as a data processor on your behalf, and our processing of such data is governed by the terms of our customer agreement. This distinction is relevant under data protection laws such as the GDPR and determines which rights and obligations apply to the processing of your information.

Questions or concerns? Reading this privacy notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at privacy@piqenergy.com.

SUMMARY OF KEY POINTS

What personal information do we process? When you visit, use, or navigate our Services, we may process personal information depending on how you interact with Piq Energy and the Services, the choices you make, and the products and features you use.

We do not intentionally collect or process sensitive personal information (as defined under applicable privacy laws such as the CCPA or GDPR) through our Services. The personal information we collect is largely limited to your name, contact information (such as your email address and phone number), company information, payment information, and data related to your use of our Services.

We may receive information from third-party sources, such as business contact information from data enrichment services and company firmographic data from marketing platforms. We use this information for sales prospecting, account verification, and to supplement the information you provide to us.

We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent. We process your information only when we have a valid legal reason to do so.

We may share information in specific situations and with specific categories of third parties.

We have organizational and technical processes and procedures in place to protect your personal information. However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information.

Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal information.

The easiest way to exercise your rights is by sending a data subject request to privacy@piqenergy.com. We will consider and act upon any request in accordance with applicable data protection laws.

Want to learn more about what Piq Energy does with any information we collect? Review the notice in full below.

TABLE OF CONTENTS

1. WHAT INFORMATION DO WE COLLECT?

2. HOW DO WE PROCESS YOUR INFORMATION?

3. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

4. IS YOUR INFORMATION TRANSFERRED INTERNATIONALLY?

5. HOW LONG DO WE KEEP YOUR INFORMATION?

6. HOW DO WE KEEP YOUR INFORMATION SAFE?

7. DO WE COLLECT INFORMATION FROM MINORS?

8. WHAT ARE YOUR PRIVACY RIGHTS?

9. CONTROLS FOR DO-NOT-TRACK FEATURES

10. PIQ ENERGY AND STATE LAWS

11. DO WE MAKE UPDATES TO THIS NOTICE?

12. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

13. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

1. WHAT INFORMATION DO WE COLLECT?

We collect personal information that you voluntarily provide to us when you register for an account, subscribe to our Services, request a demonstration, or otherwise interact with us.

Personal Information Provided by You. The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. We limit our collection of personal information to what is necessary for the purposes described in this notice. The personal information we collect may include the following:

Your first and last name
Your email address
Your phone number
Company name and role or title; and platform usage and telemetry data

Payment Data. We may collect data necessary to process your payment if you subscribe to our Services, such as your payment instrument number (such as a credit card number), billing address, and the security code associated with your payment instrument. Payment transactions are processed by Striped Apps, Inc. d/b/a Measure. You may find their privacy notice here: https://getmeasure.com/legal/privacy-policy. We may also collect billing information directly in connection with your subscription.

All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.

Confidentiality of Customer Data

Grid study inputs, project specifications, portfolio data (including site lists and pipeline information), and study results that you submit to or generate through the Piq platform are treated as your confidential information. We maintain logical access controls to segregate each customer’s data from that of other customers. We do not access your study data except as necessary to provide, maintain, and support the Services, and we do not use your proprietary data to train models, generate benchmarks, or provide insights to other customers without your prior written consent. The current list of our sub-processors is maintained at piqenergy.com/sub-processors and is updated when changes occur. We will notify customers of any material changes to our sub-processor list, giving customers the opportunity to object.

Information automatically collected

In Short: Some information — such as your Internet Protocol (IP) address and/or browser and device characteristics — is collected automatically when you visit our Services.

We automatically collect certain information when you visit, use, or navigate our Services and the Piq platform. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information. This information is primarily needed to maintain the security and operation of our Services, and for our internal analytics and reporting purposes.

The information we may collect includes:

Log and Usage Data. Log and usage data is service-related, diagnostic, usage, and performance information our servers automatically collect when you access or use our Services and which we record in log files. Depending on how you interact with us, this log data may include your IP address, device information, browser type, and settings and information about your activity in the Services (such as the date/time stamps associated with your usage, pages and files viewed, searches, and other actions you take such as which features you use), device event information (such as system activity, error reports (sometimes called “crash dumps”), and hardware settings).
Device Data. We collect device data such as information about your computer, phone, tablet, or other device you use to access the Services. Depending on the device used, this device data may include information such as your IP address (or proxy server), device and application identification numbers, location, browser type, hardware model, Internet service provider and/or mobile carrier, operating system, and system configuration information.
Location Data. We collect approximate location data derived from your IP address. We do not collect precise geolocation data (such as GPS coordinates) from your device unless you affirmatively enable location-based features within the platform. You can opt out of allowing us to collect this information either by refusing access to the information or by disabling your Location setting on your device. However, if you choose to opt out, you may not be able to use certain aspects of the Services.

Cookies and Tracking Technologies

We use cookies and similar technologies (such as web beacons and local storage) to collect some of the information described above. The categories of tracking technologies we use include:

Strictly Necessary. These technologies are required for the operation of the Services, including session management and authentication. They cannot be disabled.
Analytics and Performance. We use analytics tools, including PostHog, to understand how users interact with the Services, identify usage trends, and improve platform functionality.
Error Monitoring. We use tools such as Sentry and Honeycomb to detect, diagnose, and resolve technical errors and performance issues.
You may control or disable non-essential cookies through your browser settings. Disabling certain cookies may affect the functionality of the Services. We do not use cookies for third-party advertising purposes.

2. HOW DO WE PROCESS YOUR INFORMATION?

We process your personal information for a variety of reasons, depending on how you interact with our Services, including:

To facilitate account creation and authentication and otherwise manage user accounts. We may process your information so you can create and log in to your account, as well as keep your account in working order.
To deliver and facilitate delivery of Services to the user. We may process your information to provide you with the requested service.
To respond to user inquiries/offer support to users. We may process your information to respond to your inquiries and solve any potential issues you might have with the requested service.
To send administrative information to you. We may process your information to send you details about our products and services, changes to our terms and policies, and other similar information.
To fulfill and manage your subscriptions. We may process your information to fulfill and manage your subscriptions and payments made through the Services.
To enable collaboration features. We may process your information if you choose to share grid study results or other data with authorized users within or outside your organization through the Platform.
To request feedback. We may process your information when necessary to request feedback and to contact you about your use of our Services.
To send you marketing and promotional communications. We may process the personal information you send to us for our marketing purposes, if this is in accordance with your marketing preferences. You can opt out of our marketing emails at any time.
To protect our Services. We may process your information as part of our efforts to keep our Services safe and secure, including fraud monitoring and prevention.
To identify usage trends. We may process information about how you use our Services to better understand how they are being used so we can improve them.
To determine the effectiveness of our marketing and promotional campaigns. We may process your information to better understand how to provide marketing and promotional campaigns that are most relevant to you.
To save or protect an individual’s vital interest. We may process your information when necessary to save or protect an individual’s vital interest, such as to prevent harm.
We do not use automated decision-making, including profiling, that produces legal or similarly significant effects concerning you without human involvement. To the extent the platform performs automated analyses of grid or energy data, such processing relates to technical infrastructure data and does not involve decisions about individuals.

3. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

Vendors, Consultants, and Other Third-Party Service Providers. We may share your data with third-party vendors, service providers, contractors, or agents (“third parties”) who perform services for us or on our behalf and require access to such information to do that work. We have contracts in place with our third parties, which are designed to help safeguard your personal information. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will also not share your personal information with any organization apart from us. They also commit to protect the data they hold on our behalf and to retain it for the period we instruct. The categories of third parties we may share personal information with are as follows:

Cloud Computing Services (Amazon Web Services)
Communication & Collaboration Tools
Product Analytics Services (PostHog)
Database Services (Supabase)
Finance & Accounting Tools
Government Entities (only when required by law or legal process)
Payment Processors (Stripe)
Error Monitoring and Observability Tools (Sentry, Honeycomb)
Product Engineering & Design Tools
Sales & Marketing Tools
Testing Tools
User Account Registration & Authentication Services
Website Hosting Service Providers

We also may need to share your personal information in the following situations:

Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. If such a transaction occurs, we will notify you before your personal information becomes subject to a different privacy policy. The acquiring entity will be bound by the commitments in this notice with respect to personal information collected prior to the transfer.
Business Partners. With your prior consent, we may share your information with business partners for purposes you have authorized. We do not share your data with third parties for their own marketing purposes without your express opt-in consent.

4. IS YOUR INFORMATION TRANSFERRED INTERNATIONALLY?

We operate and may process information in multiple jurisdictions, service providers, and other third parties may be located or process information outside of the jurisdiction in which you reside. In such cases, your information may be collected, used, disclosed, stored, and processed in these other jurisdictions for the purposes described in this privacy notice. The data protection and other laws of the United States might differ from your jurisdiction. In addition, your information may be subject to the laws of those other jurisdictions, including lawful requirements to disclose information to government authorities. We are committed to your privacy rights and if you want to know what we are doing to comply with rights that may be applicable to you, please contact us as the details set out below.

To the extent information, including information from the EU, EEA, and the United Kingdom, is transferred outside of those jurisdictions by your use of the Services, we rely on European Commission-approved standard contractual clauses or other lawful transfer mechanisms to ensure that your information receives an adequate level of protection in accordance with applicable data protection laws.

For Users in the European Economic Area and the United Kingdom

If you are located in the European Economic Area (EEA) or the United Kingdom (UK), the General Data Protection Regulation (GDPR) or UK GDPR applies to our processing of your personal data. The legal bases for our processing include: (a) performance of our contract with you or your organization, (b) our legitimate interests in operating, improving, and securing our Services, and (c) your consent, where applicable.

The legal basis for each of our processing activities is as follows:

Account creation and authentication: Performance of contract.
Service delivery and platform operations: Performance of contract.
Customer support and inquiry response: Performance of contract.
Billing and subscription management: Performance of contract.
Collaboration features: Performance of contract.
Analytics, usage trends, and product improvement: Legitimate interest in improving our Services.
Security monitoring and fraud prevention: Legitimate interest in protecting our Services and users.
Marketing and promotional communications: Consent (which you may withdraw at any time).
Compliance with legal obligations: Legal obligation.
Where we rely on legitimate interest as a legal basis, we have assessed that our interests do not override your fundamental rights and freedoms. You may contact us to obtain more information about these assessments.

In addition to the rights described in Section 8 of this notice, you have the right to: (i) request restriction of processing of your personal data, (ii) request portability of your personal data in a structured, commonly used, and machine-readable format, and (iii) lodge a complaint with a supervisory authority in your country of residence. The relevant supervisory authority for complaints may be the Data Protection Commission in Ireland (www.dataprotection.ie) or the Hellenic Data Protection Authority in Greece (www.dpa.gr), depending on the circumstances.

For questions about our processing of personal data from the EEA or UK, please contact us at privacy@piqenergy.com.

5. HOW LONG DO WE KEEP YOUR INFORMATION?

We will only keep your information for as long as it is necessary to provide you with Services or for other purposes as described in this privacy notice, unless a longer retention period is required or permitted by law (such as tax, accounting or other legal requirements). We retain your personal information and customer data for the duration of your contractual relationship with us. Following termination or expiration of your subscription, we will delete or anonymize your account information and customer data within thirty (30) days. Billing and payment records are retained for the period required by applicable tax and accounting law. Security and access logs are retained for up to twelve (12) months following termination. Aggregated or de-identified data that cannot reasonably be used to identify you may be retained indefinitely.

When we have no ongoing legitimate business need to process your information, we will either delete or anonymize such information, or, if this is not possible (for example, because your information has been stored in backup archives), then we will securely store your information and isolate it from any further processing until deletion is possible.

6. HOW DO WE KEEP YOUR INFORMATION SAFE?

We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process. These measures include encryption of data in transit (TLS) and at rest, role-based access controls, multi-factor authentication for platform access, regular vulnerability assessments, logging and monitoring of system activity, and incident response procedures. Our infrastructure is hosted on Amazon Web Services (AWS) in the United States. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. We are committed to maintaining the security measures described in this notice to protect your personal information; however, transmission of personal information to and from our Services carries inherent risk. You should only access the Services within a secure environment.

Data Breach Notification

In the event of a security incident involving unauthorized access to, or acquisition of, your personal information, we will notify affected users and applicable regulatory authorities as required by law. We maintain an incident response plan that includes procedures for identification, containment, investigation, remediation, and notification. Where required by applicable law, we will provide notification within the timeframes specified by such law.

7. DO WE COLLECT INFORMATION FROM MINORS?

Our Services are designed for use by businesses and their authorized representatives and are not directed at individuals under 18 years of age. We do not knowingly collect personal information from anyone under 18. If we learn that personal information from users less than 18 years of age has been collected, we will take reasonable measures to promptly delete such data from our records. If you become aware of any data we may have collected from children under age 18, please contact us at privacy@piqenergy.com.

8. WHAT ARE YOUR PRIVACY RIGHTS?

We strive to provide you with the ability to access, review, correct, update, suppress, or otherwise limit our use of the information you have previously provided directly to us, including:

Via Your Account Settings. If you have registered with our Services, you may have the ability to access and use certain features and functionality that provide you with the ability to set certain privacy, permissions, and account options. Please be aware that if you limit the collection of certain information, you may not be able to use all of the features and functionality of the Services.
Via Email/Mail. You may also contact us at privacy@piqenergy.com. In your request, please specify clearly what information you would like to access, change, update, suppress, or delete.

Additionally, you may opt-out of:

Electronic Communications From Us. If you no longer want to receive marketing-related emails from us on a going-forward basis, you may opt-out of receiving these marketing-related emails by (a) contacting us via email in accordance with the procedure set forth above, and/or (b) using the opt-out mechanism that is contained in each such email. Please note that there are certain service notification emails that you may not opt-out of, such as notifications of changes to the Services or policies and emails related to the programs and Services you are involved in.
SMS messaging. You may terminate SMS messaging by replying “STOP”. SMS messaging will be terminated promptly unless you provide subsequent consent to receive messages.
Third Party Marketing Purposes. You may request that we do not disclose your information on a going-forward basis with third parties for their direct marketing purposes by contacting us via email in accordance with the procedure set forth above.

For any of the foregoing requests, we may request certain information to verify your identity. For all requests, we will strive to respond as soon as reasonably practicable.

Privacy Complaints

If you believe your privacy rights have been violated or you are dissatisfied with our response to a privacy inquiry, you may submit a complaint to us at privacy@piqenergy.com. We will acknowledge receipt of your complaint within five (5) business days and investigate and respond within thirty (30) days. If you are not satisfied with our response, you may escalate your complaint to the applicable supervisory authority or regulatory body, as described in Section 4 (for EEA and UK residents) or Section 10 (for US residents with applicable state privacy rights). We maintain a log of all privacy complaints and their resolution.

9. CONTROLS FOR DO-NOT-TRACK FEATURES

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals. We do honor the Global Privacy Control (GPC) signal as required by applicable law, including the California Consumer Privacy Rights Act. If additional standards for online tracking are adopted that we must follow in the future, we will inform you about that practice in a revised version of this privacy notice.

10. PIQ ENERGY AND STATE LAWS

Under the California Consumer Privacy Act as amended by the California Privacy Rights Act (the “CCPA”), California residents have additional rights to what is set out in this privacy notice which impact how your information is being processed:

As described in this privacy notice, we collect various types of information about you in order to fulfill specific business purposes, including for performance of business operations, management and administration, and legal and regulatory compliance. We do not sell or share your personal information as those terms are defined under the CCPA.

Subject to exceptions detailed in the CCPA, as a California resident, you have the right to request: (i) deletion of your information, (ii) correction of inaccurate information, (iii) to know and access the categories of information that we collect about you, including the specific pieces of information, (iv) to opt out of the sale or sharing of your personal information, and (v) to know the categories of information disclosed for a business purpose.

Submitting a request

You may ask us to disclose certain information to you about our collection and use of your information over the past 12 months. Once we receive and confirm your identity as a user of our Service, we can disclose that information to you. You may also make a request to have that information erased or deleted.

You may make these requests by contacting us at privacy@piqenergy.com.

You may submit requests at any time. If you are making an erasure request, it will help us if you include details of the information you would like erased. We may need to ask for additional information to verify your identity. If we cannot verify your identity, we may not be able to fulfill your request.

Please note that if you request that we remove your information, we may retain some of the information where reasonably necessary, including but not limited to completing a transaction or providing a good or service you requested, detecting and protecting against security incidents, debugging and error repair, exercising or defending legal claims, resolving disputes, troubleshooting problems, and complying with a legal obligation.

If your personal information is stored on archived or backup systems at the time of a deletion request, we will not use that information for any further processing, and it will be overwritten or deleted in accordance with our established retention schedule.

We will respond to your request within forty-five (45) days of receipt. If we need additional time, we will notify you of the reason and the extension, which will not exceed an additional forty-five (45) days. If you are located in the European Economic Area or the United Kingdom, we will respond within one (1) month of receipt, which may be extended by up to two (2) additional months where necessary, taking into account the complexity and number of requests.

We will not discriminate against you for submitting a right request.

Residents of Other US States with Privacy Laws

If you are a resident of a US state with an applicable consumer privacy law, you may have additional rights. These laws include, but are not limited to:

The Virginia Consumer Data Privacy Act and any regulations, amendments and/or updates thereto;
The Colorado Data Privacy Act and any regulations, amendments and/or updates thereto;
The Connecticut Act Concerning Personal Data Privacy and Online Monitoring and any regulations, amendments and/or updates thereto; and
The Utah Consumer Privacy Act and any regulations, amendments and/or updates thereto; and other applicable state consumer privacy laws, including those enacted in Texas, Oregon, Montana, and additional states.

Under these laws, you may have the right to:

Access the personal information we have collected about you and obtain a copy in a portable format;
Request deletion or correction of your personal information;
Opt out of targeted advertising, the sale of personal information, or profiling in furtherance of decisions that produce legal or similarly significant effects. To exercise any of these rights, please contact us using the information provided in Section 12 below.

11. DO WE MAKE UPDATES TO THIS NOTICE?

We may update this privacy notice from time to time. The updated version will be indicated by an updated “Revised” date and the updated version will be effective as soon as it is accessible. If we make material changes to this privacy notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this privacy notice frequently to be informed of how we are protecting your information.

12. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

If you have questions or comments about this notice, you may contact us by email at privacy@piqenergy.com.

13. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

Based on the applicable laws of your country, you may have the right to request access to the personal information we collect from you, change that information, or delete it in some circumstances. To request to review, update, or delete your personal information, please email us at privacy@piqenergy.com.