Privacy Policy for OptiPilot

Last updated: September 7, 2025

OptiPilot is a service for managing electric vehicle charging. We value your privacy and handle your personal data in a secure and responsible manner.

Who is responsible?

Data controller: OptiPilot AB (org.nr 559425-4277), Sweden.
Contact for privacy questions: info@optipilot.se

What data we collect

When you log in with Google, we collect:

• Your email address
• Your Google account ID
• Your name and profile picture (if available)

We also store information about your charging sessions to display history and manage payments (e.g., start and end time, location/outlet, energy, cost) as well as technical logs for troubleshooting and security.

Purpose & legal basis (GDPR)

• Login and access to the service – to identify you and provide access (contract).
• Statistics & history – to display charging history and reports (contract/legitimate interest).
• Payments & documentation – to charge and fulfill accounting requirements (contract/legal obligation).
• Security & troubleshooting – to protect accounts and prevent abuse (legitimate interest).
• Communication – service messages about operation, security, and terms (contract/legitimate interest). Marketing occurs only with your consent.

How we protect the data

All data is stored on secure servers within the EU and protected with encryption, access controls, logging, and the principle of least privilege. We continuously work on risk assessments and security improvements.

Data sharing

We never sell your data. Sharing occurs only when necessary to deliver the service, e.g., with:

• Payment processors and accounting systems (payment/documentation)
• IT providers such as hosting and operations (storage/maintenance)
• Authorities when required by law

All data processors are governed by data processing agreements.

International transfers

We strive to store and process personal data within the EU/EEA. If data is exceptionally transferred outside the EU/EEA, it is done with appropriate safeguards, e.g., the EU Commission's standard contractual clauses.

Retention period

• Account and login information: as long as you have an active account.
• Charging history: as long as needed to display history, reports, and payment documentation.
• Accounting data: normally 7 years according to law.
• Technical logs: usually 12 months or shorter, unless longer retention is required for security or investigation.

Cookies and similar technology

We use necessary cookies for login and operation. Marketing or analytics cookies are used only after your consent (if applicable; you can withdraw consent at any time via browser settings or our cookie banner).

Your rights

Under GDPR, you have the right to:

• access your personal data (register extract)
• request correction of inaccurate data
• request deletion (“the right to be forgotten”) under certain conditions
• object to processing based on legitimate interest
• request restriction of processing
• receive data in a structured, commonly used, and machine-readable format (data portability)
• withdraw consent when processing is based on consent

To exercise your rights, contact us at info@optipilot.se. You also have the right to lodge a complaint with the Swedish Data Protection Authority (IMY): www.imy.se.

Children

The service is not intended for children under 16 years old. We do not knowingly collect personal data about children in this age group.

Automated decision-making

We do not apply automated decision-making that has legal consequences for you or significantly affects you in a similar way.

Changes to this policy

We may update this policy as needed. In the event of significant changes, we will inform you in the service or via email before they take effect.

Contact

Questions about this privacy policy? Contact privacy@optipilot.se.