clarigrid

Legal

Privacy statement

Last updated: 17 May 2026

1. Who we are

Clarigrid is an independent European energy-data platform based in Brussels, Belgium. We act as data controller for the personal data described below. You can reach us at any time via our contact form.

2. Our principle: minimal data

We keep the smallest amount of personal data needed to run the service. We do not run advertising, we do not sell data, and we do not share personal data with third parties for marketing.

3. What we collect and why

  • Account data — email address, optional name and affiliation. Used to authenticate you and to associate saved datasets with your account.
  • Saved datasets — the list of datasets you bookmark. Only visible to you.
  • API keys (opt-in only) — if you choose to use the SDK integration, you may store an API key with us so the SDK can authenticate on your behalf. Keys are stored only when you opt in, are accessible only to you, and are never shared with third parties. You can delete a stored key at any time and the record is removed from our database.
  • Contact messages — when you write to us through the contact form, we store your name, email and message so we can reply.

We do not use third-party analytics, advertising trackers, or fingerprinting. We do not profile you and we do not run automated decision-making.

4. Cookies and local storage

We do not use tracking or advertising cookies. Because of this, no cookie consent banner is required.

We do use your browser's local storage for one strictly-necessary purpose: keeping you signed in between visits. Under the ePrivacy Directive, storage that is strictly necessary to provide a service the user has requested does not require consent. You can clear it at any time from your browser settings; doing so will sign you out.

5. Legal basis for processing (GDPR Art. 6)

  • Contract — creating and operating your account, replying to your contact messages.
  • Consent — storing API keys (opt-in, withdrawable at any time).
  • Legitimate interest — basic security and abuse prevention.

6. How long we keep data

  • Account data: while your account is active. Deleted within 30 days of account closure.
  • Stored API keys: until you remove them, or until your account is closed.
  • Contact messages: up to 24 months, then deleted.

7. Where data is stored

Data is hosted on managed European infrastructure (Lovable Cloud / Supabase EU regions). We do not transfer personal data outside the EU/EEA in the normal course of operating the service.

8. Your rights under the GDPR

You have the right to:

  • access the personal data we hold about you;
  • have inaccurate data corrected;
  • have your data erased (“right to be forgotten”);
  • restrict or object to processing;
  • receive a portable copy of your data;
  • withdraw consent at any time (e.g. removing a stored API key).

To exercise any of these, write to us via the contact form. We respond within 30 days. You also have the right to lodge a complaint with your local supervisory authority — in Belgium, the Gegevensbeschermingsautoriteit / Autorité de protection des données (www.dataprotectionauthority.be).

9. Security

Data is transmitted over TLS and stored with row-level access controls so that account data and stored API keys are only accessible to the account that owns them.

10. Changes to this statement

We may update this statement to reflect changes in the service or in the law. The “last updated” date at the top of this page always reflects the current version.