Privacy Policy
Last Updated: December 30, 2025
Effective Date: December 21, 2025
SCUBE Technologies Ltd. ("we," "us," "our," or "SCUBE") operates the SolScada mobile application (the "App" or "Service"). This Privacy Policy explains how we collect, use, process, disclose, and safeguard your personal information when you use our App. This policy applies globally and complies with international data protection regulations including GDPR (EU), CCPA/CPRA (California), LGPD (Brazil), PIPEDA (Canada), APPI (Japan), PIPA (South Korea), PDPA (Singapore), and other applicable data protection laws.
By downloading, installing, and using SolScada, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy and consent to the collection, use, and processing of your information as described herein.
Table of Contents
- Scope and Applicability
- Data Controller Information
- Free App & No Payments
- Information We Collect
- Legal Basis for Processing
- How We Use Your Information
- User Roles and Access Permissions
- Data Sharing and Disclosure
- International Data Transfers
- Data Security
- Data Retention and Deletion
- Your Rights and Choices
- Region-Specific Privacy Rights
- Children's Privacy
- Cookies and Tracking Technologies
- Third-Party Services and SDKs
- Automated Decision-Making
- Data Breach Notification
- Changes to This Privacy Policy
- Contact Us
- Supervisory Authority Information
- Consent and Acceptance
- Governing Law
- Additional Disclosures
1. Scope and Applicability
This Privacy Policy applies to all users of the SolScada application regardless of geographic location. We process personal data in accordance with applicable laws in the jurisdictions where we operate and where our users are located.
1.1 Geographic Scope
This policy applies to users worldwide, including but not limited to:
- European Economic Area (EEA), UK, and Switzerland: Subject to GDPR requirements
- United States: Subject to CCPA/CPRA (California) and other state privacy laws
- Brazil: Subject to LGPD requirements
- Canada: Subject to PIPEDA and provincial privacy laws
- Japan: Subject to APPI requirements
- South Korea: Subject to PIPA requirements
- Singapore: Subject to PDPA requirements
- Other jurisdictions: Subject to applicable local data protection laws
1.2 When This Policy Applies
This policy applies when you:
- Download, install, or register for the SolScada application
- Use any features or services within the App
- Communicate with us regarding the App
- Access any data or information through the App
2. Data Controller Information
For the purposes of data protection laws, SCUBE Technologies Ltd. is the data controller responsible for your personal information.
SCUBE Technologies Ltd.
Registered Address:
Navana Mashira, House-275K, Level-7
Road-27 (Old), 16 (New), Dhanmondi
Dhaka-1209, Bangladesh
Email: kawsar@scube.com.bd
Phone: +880 1329 665767
Data Protection Officer: Available upon request for privacy-related inquiries
EU Representative: For users in the European Union, you may contact our EU representative at the email address provided above.
UK Representative: For users in the United Kingdom, you may contact our UK representative at the email address provided above.
3. Free App & No Payments
SolScada is completely FREE.
- No subscription fees
- No in-app purchases
- No advertisements
- No payment or billing information collected
- All user roles (Super Admin, Group Admin, Admin, User) are 100% FREE
- All permissions and features are FREE - no paid upgrades
- Creating users and managing permissions requires NO payment
π Your Privacy Matters
- No third-party tracking or analytics
- No advertising SDKs
- No data selling to third parties
- 100% in-house authentication system
- Your data stays between you and SCUBE Technologies only
4. Information We Collect
We collect and process various categories of personal information to provide and improve our services. The specific data collected depends on your use of the App and the permissions you grant. We only collect data necessary for app functionality and never sell your personal information to third parties.
4.1 Personal Information (Required for Account Creation)
When you register for an account, we collect the following required information:
- Identity Information: Full name, email address
- Authentication Credentials: Password (stored using industry-standard encryption and hashing - we never store plain-text passwords)
- User Role Information: Assigned role (Super Admin, Group Admin, Admin, or User) determining access permissions within your organization
- Account Status: Approval status (pending/approved), account creation timestamp, last login date
π Note: Account creation requires admin approval. Your account will remain in "pending" status until approved by an authorized administrator.
4.2 Optional Personal Information
You may voluntarily choose to provide additional information to enhance your profile and app experience. Providing this information is completely optional and not required to use the app:
- Contact Information: Phone number, physical address
- Profile Information: Profile picture, job title, department, additional profile details
4.2.1 Company Information
When creating or managing a company within the app, you may provide:
- Company Name: The name of your organization or business entity
- Company Logo/Image: Visual branding image for the company (PNG, JPG, JPEG formats supported)
During Registration: Company selection is optional. If you don't search for and select a specific company, a default company will be automatically assigned to your account. You can change this later after admin approval.
4.2.2 Solar Site Configuration
When adding or configuring solar installation sites, you provide:
- Site Name: Identifier or name for the solar installation location
- Site IP Address: Network IP address required for connecting to the site's monitoring equipment and data collection systems
- Site Image: Photograph or visual documentation of the solar installation (PNG, JPG, JPEG formats supported)
- Site Location/Address: Text description of the site location (not GPS tracking - see Section 4.5)
Purpose: This information is essential for establishing connections to solar monitoring equipment, organizing multiple sites, and providing visual context for system management.
π Your Choice: You can skip any optional fields during registration or in your profile settings. Company and site information is only required when you need to manage organizations or solar installations. The app remains fully functional without this information.
4.3 Solar Plant Data and Technical Information
Our App collects and processes operational data related to solar energy monitoring and management:
- Real-Time Monitoring Data: Live AC/DC power readings, voltage, current, frequency measurements from connected solar installations
- Energy Generation Data: Energy production (kWh), daily/monthly/annual generation totals, historical energy output
- Performance Metrics: Performance Ratio (PR) values, capacity factor, system efficiency calculations
- Environmental Data: Module temperature, ambient temperature, solar irradiation measurements (W/mΒ²), weather conditions affecting performance
- Equipment Data: Inverter status and specifications, string monitoring data, device serial numbers, equipment health indicators
- Financial Data: Revenue calculations in BDT (Bangladesh Taka), savings estimates, electricity tariff information for cost analysis
- Historical Data: Performance trends, analytics reports, comparative performance data over time
- Site Information: Site name, geographic location coordinates, site IP address (for device connectivity), installed capacity (kWp), site photographs, plant layout diagrams, Single Line Diagram (SLD)
π Purpose: This solar plant data is essential for monitoring system performance, detecting issues, optimizing energy production, and providing you with actionable insights about your solar installations.
4.4 Technical and Device Information
We automatically collect certain technical information when you use the App:
- Device Information: Device type, model, manufacturer, operating system (iOS/Android) and version, unique device identifier
- Authentication Tokens: JWT (JSON Web Token) tokens for secure API access and session management (tokens automatically expire for security)
- Network Information: IP address, network connection type (WiFi/Cellular), mobile carrier name (if applicable)
- Usage Data: App feature usage patterns, session duration, screens/pages viewed, user interaction timestamps
- Performance Data: Crash reports, error logs, app performance metrics (collected on our own secure infrastructure - not shared with third parties)
- Time Zone and Language: Device time zone for accurate data display, preferred language settings for localization
π Security Note: Technical data is collected solely for app functionality, security, and performance improvement. We do not use analytics platforms that share your data with advertisers.
4.4.1 iOS Device Permissions
On iOS devices, the app requires the following permissions to provide full functionality:
- Photo Library Access:
- To select profile pictures from your photo library
- To save generated reports to Photos for easy sharing (optional)
- File Storage Access (Documents):
- To save generated reports to your device's Documents folder
- To allow access via the Files app
π Permission Control: You can manage these permissions anytime through your iOS device Settings β SolScada. Denying permissions may limit certain features (mainly report saving/sharing), but core monitoring functionality remains available.
4.4.2 Report Generation and Local Storage
When you generate and download performance reports, files are created and stored locally on your device:
- Report Types: Energy performance reports in PDF and Excel formats
- Report Content: Solar plant performance data, energy production metrics, financial calculations (revenue in BDT, savings estimates)
- Storage Location:
- iOS: Documents folder (On My iPhone β SolScada)
- File Access: Full control to view, share, rename, or delete via device file manager
- No Cloud Backup: Files stay on device unless you manually upload them
π Your Control: We do not store, backup, or access your downloaded reports on our servers after download. Complete control remains with you.
Required iOS Permissions for Report Downloads:
- Document Storage Access: To save reports to your Documents folder
- Photo Library (Optional): If you choose to save reports to your Photos for easy sharing
These permissions are requested only when you use the download feature and can be managed through iOS Settings β SolScada at any time.
4.5 Location Data
We do NOT collect or access your device's location data. Our app does not request location permissions and does not use GPS, Wi-Fi positioning, or cellular location services.
π Location Information You Provide: You may manually enter site addresses or location names for your solar installations. This is text data you voluntarily provide, not automatic location tracking.
What about IP addresses? While our servers may log your IP address for security and technical purposes (as described in Section 4.4), we do not use IP addresses to determine or track your physical location.
4.6 Sensitive Personal Information
We do not intentionally collect sensitive personal information (also known as "special categories" under GDPR/CCPA) including:
- Racial or ethnic origin
- Political opinions or religious beliefs
- Trade union membership
- Genetic or biometric data (e.g., fingerprints, facial recognition)
- Health, medical, or mental health information
- Sexual orientation or sex life details
- Criminal convictions, offenses, or background check information
If such data is inadvertently provided or collected, please contact us immediately at kawsar@scube.com.bd and we will delete it promptly.
4.7 Data We Explicitly Do NOT Collect
To protect your privacy, we explicitly do NOT collect the following types of data:
- GPS location data or real-time location tracking
- Contact lists from your device
- Social media account information
- Payment or credit card information
- Microphone recordings or voice data
- Camera access (except when you choose to upload photos)
- Browsing history from other apps or websites
- Biometric data (fingerprints, facial recognition)
5. Legal Basis for Processing
We process your personal information only when we have a valid legal basis. The legal basis depends on the specific processing activity and the applicable law in your jurisdiction.
5.1 For Users in the European Union (GDPR Article 6)
We rely on the following legal bases:
- Consent (Article 6(1)(a)): You have given clear consent for us to process your personal data for specific purposes
- Contract Performance (Article 6(1)(b)): Processing is necessary to provide the services you requested
- Legal Obligation (Article 6(1)(c)): Processing is necessary to comply with legal requirements
- Legitimate Interests (Article 6(1)(f)): Processing is necessary for our legitimate business interests that do not override your rights
Right to Object: Where we process data based on legitimate interests, you have the right to object to such processing.
5.2 For Users in Brazil (LGPD Article 7)
We process personal data based on the following legal grounds:
- Consent: You have provided free, informed, and unambiguous consent
- Contract Performance: Processing is necessary for the performance of a contract
- Legal or Regulatory Obligation: Processing is required by law or regulation
- Legitimate Interest: Processing serves legitimate interests that do not violate your fundamental rights
- Protection of Life or Physical Safety: When necessary to protect your life or safety
5.3 For Users in Canada (PIPEDA)
We process personal information based on:
- Consent: We obtain meaningful consent before collecting, using, or disclosing personal information
- Implied Consent: Where reasonable to assume consent based on your actions
- Legal Requirements: Where processing is required or authorized by law
You have the right to withdraw consent at any time, subject to legal or contractual restrictions.
5.4 For Users in Japan (APPI)
We process personal information based on:
- Purpose Specification: We specify purposes of use before or at the time of collection
- Consent: For sensitive information and third-party disclosures
- Legitimate Business Purpose: For operational and service delivery needs
5.5 For Users in South Korea (PIPA)
We process personal information based on:
- Explicit Consent: You have provided clear, informed consent
- Contract Performance: Processing is necessary for service delivery
- Legal Obligation: Processing is required by law
5.6 For Users in Singapore (PDPA)
We process personal data based on:
- Consent: Express or deemed consent has been obtained
- Legitimate Interests: Processing serves legitimate business interests
- Legal Authorization: Processing is authorized by applicable law
6. How We Use Your Information
We use the collected information for the following purposes:
6.1 Service Provision and Account Management
- Create and manage your user account using our secure JWT-based authentication system
- Verify your identity and authenticate access to the App
- Provide, maintain, and improve the SolScada monitoring services
- Process your requests and respond to your inquiries
- Enable you to access features appropriate to your role and permissions
6.2 Solar Monitoring and Analytics
- Display real-time and historical solar plant performance data
- Generate energy production reports and performance analytics
- Calculate revenue, savings, and financial metrics
- Monitor system health and equipment status
- Provide alerts and notifications about system performance
- Create comparative analysis and trend visualizations
- Generate downloadable reports (PDF/Excel) for offline access and record-keeping
- Save performance reports to your device's local storage for your convenience
6.3 Role-Based Access Control and Security
- Enforce appropriate permissions based on your assigned role
- Allow authorized administrators to create and manage user accounts
- Verify user authenticity through admin approval processes
- Protect against unauthorized access and maintain data integrity
- Detect, prevent, and respond to fraud, security threats, or illegal activities
6.4 Communication
- Send important notifications about your solar systems
- Provide technical support and respond to your inquiries
- Send service-related announcements (account verification, password resets, security alerts)
- Communicate updates about the App or our services
Note: We do not send marketing communications unless you explicitly opt in.
6.5 App Improvement and Analytics
- Analyze usage patterns to improve app functionality
- Identify and fix technical issues, bugs, and crashes
- Conduct internal research and development
- Enhance user experience and app performance
- Develop new features and services
Important: All analytics are processed on our own infrastructure without third-party tracking services.
6.6 Legal Compliance and Protection
- Comply with applicable laws, regulations, and legal processes
- Enforce our Terms of Service and other policies
- Respond to lawful requests from public authorities
- Protect our rights, privacy, safety, or property, and that of our users
- Resolve disputes and enforce agreements
7. User Roles and Access Permissions
SolScada uses a role-based access control (RBAC) system to manage user permissions. This system exists purely for security, authentication, verification, and operational purposes - NOT for monetization.
7.1 User Role Types and Permissions
Super Admin (System-Wide Access)
- Create and manage all user types (Group Admins, Admins, Users)
- Access all companies and solar plants in the system
- View and manage entire User Management section
- Full access to all monitoring data and analytics
- System-wide configuration and settings
- Approve or reject new administrator accounts
Typical Users: SCUBE Technologies staff, system administrators
Group Admin (Multi-Company Management)
- Create and manage Admins and Users within assigned scope
- Access assigned companies and their solar plants
- View User Management for assigned scope
- Monitor performance data for assigned plants
- Approve or reject new user accounts within scope
Typical Users: Parent companies overseeing subsidiaries, partners managing multiple clients
Admin (Company-Level Management)
- Create and manage Users within their specific company
- Access only their assigned company's solar plants
- View User Management for their company
- Monitor and manage company-specific plant data
- Approve or reject new user registration requests
Typical Users: Company managers, facility managers, plant owners
User (View-Only Access)
- View-only access to assigned solar plant data
- No access to User Management section
- Cannot create or manage other users
- Can only view monitoring data for specifically assigned plants
Typical Users: Operators, technicians, maintenance staff, stakeholders
7.2 Why We Use Role-Based Access Control
We implement different user roles for critical security and operational reasons:
- Authentication & Authorization: Ensures only authorized personnel access solar plant data
- Identity Verification: Admins verify legitimacy of users before granting access
- Data Security: Users access only information relevant to their responsibilities
- Privacy Protection: Prevents unnecessary access to sensitive data
- Principle of Least Privilege: Users receive minimum necessary access
- Accountability: Creates clear audit trails
- Regulatory Compliance: Helps meet data protection requirements
7.3 User Approval Process - Security & Verification
How User Accounts Are Created and Approved:
- Step 1: New user registers or receives invitation
- Step 2: Account enters pending state awaiting admin approval
- Step 3: Admin verifies user's identity and authorization
- Step 4: Approved users receive account with appropriate role
- Step 5: Users can access only data they're authorized to view
Why This Matters: Prevents unauthorized access and protects proprietary data
β οΈ CRITICAL: USER ROLES ARE NOT PAID FEATURES
User roles exist ONLY for security and organizational purposes. They are NOT monetization features:
- All roles (Super Admin, Group Admin, Admin, User) are 100% FREE
- Creating and managing users requires NO payment
- Approval process is for security verification, NOT payment
- NO "premium" or "pro" versions
- Admin approval verifies authentic, authorized personnel
8. Data Sharing and Disclosure
We respect your privacy and do not sell, rent, or trade your personal information.
8.1 No Sale of Personal Information
We do NOT sell your personal information to third parties. This applies to all users worldwide.
8.2 Within Your Organization
Information visibility is strictly controlled by role-based permissions:
- Super Admins: Can view all user data system-wide
- Group Admins: Can view data within their assigned scope only
- Admins: Can view data only within their specific company
- Regular Users: Cannot view other users' information
8.3 Service Providers and Processors
We engage trusted third-party service providers:
- Cloud Hosting Providers: For secure data storage
- Email Service Providers: For transactional notifications
- Infrastructure Providers: For application hosting
All service providers are contractually obligated to protect your data.
8.4 Legal Requirements
We may disclose information when required by law:
- In response to valid court orders or subpoenas
- To comply with applicable laws and regulations
- To respond to lawful requests from authorities
- To protect the rights, property, or safety of SCUBE Technologies, our users, or others
- To detect, prevent, or address fraud or security issues
8.5 What We DO NOT Share
- β Advertising networks or ad tech companies
- β Data brokers or aggregators
- β Social media platforms
- β Third parties for marketing purposes
- β Analytics companies (we use our own systems)
9. International Data Transfers
Your information may be transferred to, stored, and processed in countries other than your country of residence.
9.1 Transfers from the European Union/EEA
We implement appropriate safeguards including:
- Standard Contractual Clauses (SCCs): EU-approved contract terms ensuring adequate protection
- Adequacy Decisions: Transfers to countries recognized by the EU as providing adequate protection
- Additional Technical Safeguards: Encryption, access controls, and security measures
9.2 Transfers from Other Jurisdictions
For Brazil (LGPD), Canada (PIPEDA), Japan (APPI), South Korea (PIPA), and Singapore (PDPA), we ensure:
- Appropriate contractual protections are in place
- Consent is obtained where required by local law
- Compliance with local transfer requirements and regulations
- Adequate level of data protection in recipient countries
9.3 Security Measures for All Transfers
- End-to-end encryption in transit and at rest
- Multi-factor authentication and access controls
- Regular security assessments and audits
- Data processing agreements with all vendors
- Monitoring and logging of data access
10. Data Security
We implement comprehensive security measures to protect your personal information.
10.1 Technical Security Measures
- Encryption: TLS 1.2+ for data transmission, AES-256 for data storage
- Authentication: JWT tokens with automatic expiration and refresh mechanisms
- Password Security: Bcrypt/Argon2 hashing with salt, minimum 8 characters required
- Access Controls: Role-based access control (RBAC) and principle of least privilege
- Network Security: Firewalls, intrusion detection systems, DDoS protection
- Database Security: Encrypted backups, access logging, SQL injection prevention
10.2 Administrative Security
- Strict employee access controls with logging and monitoring
- Background checks for personnel with data access
- Confidentiality agreements and data protection training
- Regular security awareness training programs
- Comprehensive incident response and disaster recovery plans
- Annual security policy reviews and updates
10.3 Monitoring and Testing
- 24/7 security monitoring and threat detection
- Regular security audits and vulnerability assessments
- Annual third-party penetration testing
- Automated security scanning and patch management
- Continuous compliance monitoring
β οΈ Important Security Notice: While we implement robust security measures, no method of transmission or storage is 100% secure. Please report any security concerns immediately to kawsar@scube.com.bd
11. Data Retention and Deletion
We retain your personal information only as long as necessary for the purposes outlined in this Privacy Policy.
11.1 Retention Periods
- Account Data: Retained while account is active; deleted within 30 days after account deletion request
- Solar Performance Data: Retained for historical analysis purposes; can be deleted upon request
- Technical Logs: Retained for up to 12 months for security and troubleshooting
- Communication Records: Retained for 3 years for customer support and legal purposes
- Backup Data: Maintained for up to 90 days after deletion from active systems
- Legal Hold Data: Retained as required by applicable law or ongoing legal proceedings
11.2 How to Delete Your Account
- Open the SolScada mobile application
- Tap your profile icon at the top of the screen
- Select "Delete Account" from the menu
- Read the deletion warning and consequences
- Confirm your deletion request
- You will receive a confirmation email
Alternative Method: Email us at kawsar@scube.com.bd with your account deletion request.
11.3 What Happens After Deletion
- Your account is immediately deactivated and you cannot log in
- Personal data is deleted from active systems within 30 days
- Backup copies are automatically deleted within 90 days
- Some data may be retained for legal compliance purposes
- Aggregated, anonymized data may be retained for analytics
- Data required for ongoing legal obligations will be retained as necessary
12. Your Rights and Choices
You have significant rights regarding your personal information. We are committed to facilitating the exercise of these rights.
12.1 Universal Rights (Available to All Users)
- Right of Access: Request a copy of your personal data we hold
- Right to Rectification: Update or correct inaccurate or incomplete information
- Right to Deletion: Request deletion of your account and associated data
- Right to Data Portability: Receive your data in a structured, machine-readable format
- Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
- Right to Object: Object to certain types of processing, including processing for legitimate interests
- Right to Restrict Processing: Request limitation of processing in certain circumstances
- Right to Control Local Files: Manage and delete downloaded reports from your device storage at any time
12.2 How to Exercise Your Rights
Through the App:
- Profile icon β Personal Info (view your information)
- Profile icon β Update Profile (modify your details)
- Profile icon β Change Password (update security credentials)
- Profile icon β Delete Account (permanently remove your account)
By Contacting Us:
- Email: kawsar@scube.com.bd
- Include: Your full name, registered email address, and specific request
- Response Time: We will respond within 30 days (or as required by applicable law)
- Verification: We may request additional information to verify your identity
12.3 No Fee for Requests
We do not charge a fee for processing your requests unless they are manifestly unfounded, excessive, or repetitive. In such cases, we may charge a reasonable administrative fee or decline the request.
13. Region-Specific Privacy Rights
13.1 European Union (GDPR)
If you are located in the EU, EEA, UK, or Switzerland, you have additional rights under GDPR:
- Right to Lodge Complaint: File a complaint with your local supervisory authority
- Right to Restrict Processing: Limit how we process your data in certain circumstances
- Right to Data Breach Notification: Be informed of data breaches affecting your rights
- Right to Object to Automated Decision-Making: Not be subject to decisions based solely on automated processing
- Right to Erasure ("Right to be Forgotten"): Have your data deleted in specific circumstances
13.2 California (CCPA/CPRA)
California residents have the following rights:
- Right to Know: Know what personal information is collected, used, shared, or sold
- Right to Delete: Request deletion of personal information we have collected
- Right to Opt-Out: Opt-out of the sale of personal information (we don't sell data)
- Right to Correct: Correct inaccurate personal information
- Right to Non-Discrimination: Not be discriminated against for exercising privacy rights
- Right to Limit: Limit the use and disclosure of sensitive personal information
13.3 Brazil (LGPD)
Brazilian users (data subjects) have the following rights:
- Confirmation and Access: Confirm existence of processing and access your data
- Correction: Correct incomplete, inaccurate, or outdated data
- Anonymization, Blocking, or Deletion: Request anonymization, blocking, or deletion of unnecessary or excessive data
- Portability: Receive data in a structured, commonly used format
- Information About Sharing: Know about sharing of data with public and private entities
- Revocation of Consent: Revoke consent at any time
- Opposition: Object to processing based on legitimate interest
13.4 Canada (PIPEDA)
Canadian residents have the following rights:
- Right to Access: Access personal information held by an organization
- Right to Challenge Accuracy: Challenge the accuracy and completeness of information
- Right to Withdraw Consent: Withdraw consent for data processing (with certain limitations)
- Right to File Complaint: File a complaint with the Privacy Commissioner of Canada
- Right to Know How Information is Used: Be informed about why and how information is used
13.5 Japan (APPI)
Japanese users have rights including:
- Right to disclosure of retained personal data
- Right to correction, addition, or deletion of retained personal data
- Right to suspension of use or erasure of retained personal data
- Right to suspension of provision to third parties
13.6 South Korea (PIPA)
South Korean users have rights including:
- Right to access and inspect personal information
- Right to correction of errors in personal information
- Right to deletion or suspension of processing
- Right to withdraw consent
13.7 Singapore (PDPA)
Singapore users have rights including:
- Right to access personal data
- Right to correct personal data
- Right to withdraw consent
- Right to file complaints with the Personal Data Protection Commission
13.8 Other Jurisdictions
We comply with data protection laws in all jurisdictions where we operate. If you are located in a jurisdiction not specifically mentioned, please contact us at kawsar@scube.com.bd to inquire about your specific rights under local law.
14. Children's Privacy
SolScada is not intended for use by children, and we do not knowingly collect personal information from children.
14.1 Age Restrictions
- Minimum Age: 16 years old globally (or 18 years in jurisdictions that require it)
- United States: 13 years old under COPPA (Children's Online Privacy Protection Act)
- EU/EEA: 16 years old under GDPR (may be lower in some member states)
- We do not knowingly collect, use, or disclose personal information from children below these age limits
14.2 If We Discover Child Data
If we learn that we have collected personal information from a child without proper parental consent:
- We will delete the information immediately upon discovery
- We will terminate the associated account
- We will take reasonable steps to notify the parent or guardian
- All actions will be completed within 30 days of discovery
14.3 Parental Rights and Notifications
If you are a parent or guardian and believe your child has provided personal information to us:
- Contact us immediately at kawsar@scube.com.bd
- Include your child's name and email address used for registration
- We will promptly delete the information and terminate the account
- You have the right to review any information we may have collected
15. Cookies and Tracking Technologies
We use minimal tracking technologies and NO third-party tracking to respect your privacy.
15.1 Technologies We Use
- Authentication Tokens (JWT): Secure JSON Web Tokens for maintaining login sessions and API authentication
- Local Storage: Browser/app local storage for saving user preferences, settings, and temporary data
- Session Storage: Temporary storage that clears when you close the app
- First-Party Analytics: Basic usage analytics processed exclusively on our own infrastructure
15.2 What We DO NOT Use
- β No third-party advertising cookies
- β No cross-site tracking cookies
- β No social media tracking pixels (Facebook Pixel, Twitter Pixel, etc.)
- β No browser fingerprinting techniques
- β No third-party analytics services (Google Analytics, Mixpanel, Amplitude, etc.)
- β No retargeting or remarketing cookies
- β No affiliate tracking cookies
15.3 Managing Cookies and Tracking
Since we only use essential cookies for app functionality:
- You can clear app data through your device settings
- Logging out will clear session data
- Deleting your account will remove all associated data
- There are no marketing or advertising cookies to opt out of
16. Third-Party Services and SDKs
We minimize third-party integrations to protect your privacy and maintain control over your data.
16.1 What We DO NOT Use
- β No Google Analytics, Firebase Analytics, or Google Marketing Platform
- β No Facebook SDK, Meta Pixel, or Instagram tracking
- β No advertising networks (AdMob, AdSense, etc.)
- β No third-party authentication providers (Google Sign-In, Facebook Login, etc.)
- β No A/B testing SDKs (Optimizely, VWO, etc.)
- β No crash reporting services (Crashlytics, Sentry, Bugsnag)
- β No attribution or marketing analytics (Adjust, AppsFlyer, Branch)
- β 100% proprietary, in-house authentication system
16.2 What We DO Use
- Cloud Infrastructure Provider: For secure hosting and data storage (with strict data processing agreements in place)
- Email Service Provider: For sending transactional emails only (account verification, password resets, security alerts - NOT marketing)
- In-House Systems: Custom-built authentication, analytics, and monitoring systems that we fully control
16.3 Data Processing Agreements
All third-party service providers are required to:
- Sign comprehensive data processing agreements
- Comply with applicable data protection laws
- Implement appropriate security measures
- Only process data according to our instructions
- Not use your data for their own purposes
- Notify us of any data breaches immediately
16.4 Your Data is Never Sold or Shared for Marketing
We do NOT and will NOT:
- Sell your personal information to anyone
- Share your data with advertising networks
- Provide your data to data brokers or aggregators
- Use your data for behavioral advertising
- Monetize your data in any way
- Share data with social media platforms
17. Automated Decision-Making and Profiling
We are committed to transparency about automated processing and do not engage in automated decision-making that produces significant legal or similar effects.
17.1 Limited Automated Processing
We use limited automation only for essential operational purposes:
- Account Management: Automated session management, automatic logout after inactivity for security
- Solar Data Processing: Automatic calculations for Performance Ratio (PR), system efficiency, revenue estimates
- Security: Automated fraud detection, spam prevention, unusual activity alerts
- System Optimization: Automatic data aggregation and basic analytics for app improvement
Important: None of these automated processes make decisions that legally affect you or significantly impact your rights.
17.2 No Profiling for Marketing or Discrimination
We do NOT create user profiles or use automated decision-making for:
- Marketing, advertising, or promotional purposes
- Behavior prediction or manipulation
- Creditworthiness or financial assessments
- Employment or hiring decisions
- Price discrimination or dynamic pricing
- Eligibility for services or benefits
- Any form of discrimination based on protected characteristics
17.3 Your Rights Regarding Automated Processing
You have the right to:
- Be informed about the existence of automated decision-making
- Understand the logic involved in automated processing
- Contest decisions made by automated systems
- Request human intervention for important decisions
- Express your point of view regarding automated decisions
18. Data Breach Notification
We have comprehensive procedures to detect, respond to, and notify users about potential data breaches.
18.1 Breach Detection and Response
Our security team continuously monitors for potential breaches through:
- 24/7 automated security monitoring and alerting
- Intrusion detection and prevention systems
- Regular security audits and vulnerability assessments
- Employee training on identifying and reporting security incidents
18.2 Notification Timelines
- EU/EEA (GDPR): Within 72 hours to supervisory authorities; without undue delay to affected users
- California (CCPA): Without unreasonable delay, as required by law
- Brazil (LGPD): Within a reasonable timeframe to authorities and affected users
- Canada (PIPEDA): As soon as feasible to authorities and affected individuals
- Other Jurisdictions: As required by applicable local laws
- Users: Notification without undue delay if breach poses risk to rights and freedoms
18.3 Information Provided in Breach Notifications
If we notify you of a data breach, our notification will include:
- Nature of the Breach: Description of what happened and how it occurred
- Data Affected: Categories and approximate number of affected users and data records
- Potential Consequences: Likely impact on affected individuals
- Measures Taken: Actions we have taken or propose to take to address the breach
- Recommended Actions: Steps you can take to protect yourself
- Contact Information: How to contact us for more information or questions
- Timeline: When the breach was discovered and our response timeline
18.4 How We Will Contact You
In the event of a data breach, we will notify you through:
- Email to your registered email address
- In-app notification within the SolScada application
- Public notice on our website (if large-scale breach)
18.5 Your Actions After a Breach
If you receive a breach notification from us:
- Follow the recommended actions in our notification
- Change your password immediately if credentials may be compromised
- Monitor your accounts for suspicious activity
- Contact us if you have questions or concerns
- Consider enabling additional security measures
19. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.
19.1 How We Notify You of Changes
For Material Changes:
Material changes that significantly affect how we collect, use, or share your personal information will be communicated through:
- In-App Notification: Prominent notification when you open the app
- Email Notification: Message sent to your registered email address
- Advance Notice: Minimum 30 days before changes take effect
- Acceptance Requirement: May require you to accept updated policy before continuing to use the app
- Website Update: Posted on our website with clear indication of changes
For Non-Material Changes:
Minor updates, clarifications, or administrative changes will be handled through:
- Updated "Last Updated" date at the top of this policy
- Posted on our website without separate notification
- Effective immediately upon posting
- Available for review at any time in the app
19.2 Your Options When Policy Changes
- Accept: Continue using the app under the new terms
- Reject: Delete your account before changes take effect if you disagree
- Contact Us: Ask questions or request clarification about changes
- Review: Take time to carefully review changes before accepting
19.3 Version History
We maintain a version history of our Privacy Policy. You can request previous versions by contacting us at kawsar@scube.com.bd.
20. Contact Us and Data Protection Officer
SCUBE Technologies Ltd.
General Contact Information
Registered Address:
Navana Mashira, House-275K, Level-7
Road-27 (Old), 16 (New), Dhanmondi
Dhaka-1209, Bangladesh
Email: kawsar@scube.com.bd
Phone: +880 1329 665767
Business Hours: Sunday-Thursday, 9:00 AM - 6:00 PM (GMT+6, Bangladesh Time)
Data Protection Officer
Email: kawsar@scube.com.bd
For GDPR, LGPD, CCPA/CPRA, and other data protection inquiries
EU Representative
For users in the European Union: kawsar@scube.com.bd
UK Representative
For users in the United Kingdom: kawsar@scube.com.bd
20.1 Response Times
| Inquiry Type | Response Time |
|---|---|
| General Questions | 7 business days |
| Data Access Requests (GDPR, CCPA) | 30 days |
| Data Deletion Requests | 30 days |
| Brazil (LGPD) Requests | 15 days |
| Security Incident Reports | 24-48 hours |
| Privacy Rights Requests | 30 days (45 days if complex) |
20.2 How to Contact Us
When contacting us about privacy matters, please include:
- Your full name
- Registered email address
- Nature of your inquiry or request
- Any relevant details or supporting documentation
- Preferred method of response
21. Supervisory Authority Information
You have the right to lodge a complaint with your local data protection authority if you believe we have not complied with applicable data protection laws.
21.1 Major Supervisory Authorities
European Union
- European Data Protection Board: https://edpb.europa.eu
- Find your local Data Protection Authority at the link above
United Kingdom
- Information Commissioner's Office (ICO)
- Website: https://ico.org.uk
- Phone: +44 303 123 1113
- Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom
Brazil
- ANPD (Autoridade Nacional de Proteção de Dados)
- Website: https://www.gov.br/anpd
- Address: Setor Comercial Sul, Quadra 9, Lote C, EdifΓcio Parque Cidade Corporate, Torre C, 4ΒΊ andar, BrasΓlia-DF, CEP 70308-200
Canada
- Office of the Privacy Commissioner of Canada
- Website: https://www.priv.gc.ca
- Phone: 1-800-282-1376
- Address: 30 Victoria Street, Gatineau, Quebec K1A 1H3
California, United States
- California Privacy Protection Agency
- Website: https://cppa.ca.gov
- Address: 2101 Arena Boulevard, Sacramento, CA 95834
Japan
- Personal Information Protection Commission (PPC)
- Website: https://www.ppc.go.jp/en/
- Address: Kasumigaseki Common Gate West Tower 32F, 3-2-1 Kasumigaseki, Chiyoda-ku, Tokyo 100-0013, Japan
South Korea
- Personal Information Protection Commission (PIPC)
- Website: https://www.pipc.go.kr
- Phone: +82-2-2100-3081
Singapore
- Personal Data Protection Commission (PDPC)
- Website: https://www.pdpc.gov.sg
- Address: 10 Pasir Panjang Road, #03-01 Mapletree Business City, Singapore 117438
21.2 Filing a Complaint
When filing a complaint with a supervisory authority:
- Provide details of the privacy concern or violation
- Include relevant documentation and correspondence
- Mention that you have contacted us first (if applicable)
- Follow the authority's complaint procedures
Note: Filing a complaint with a supervisory authority does not prevent you from pursuing other legal remedies.
22. Consent and Acceptance
22.1 Your Consent
By using SolScada, you acknowledge and confirm that you have:
- Read this entire Privacy Policy carefully
- Understood the information collection and processing practices described
- Had the opportunity to ask questions or seek clarification
- Been informed of your rights under applicable data protection laws
- Voluntarily agreed to our data collection, use, and processing practices
- Provided informed consent where required by law
22.2 Voluntary Consent
Your consent to this Privacy Policy is:
- Freely Given: Not provided under duress or unfair pressure
- Specific: Related to clearly defined purposes
- Informed: Based on clear and comprehensive information
- Unambiguous: Demonstrated through clear affirmative action
22.3 Withdrawal of Consent
You have the right to withdraw your consent at any time. You can do this by:
- Contacting us at kawsar@scube.com.bd with your withdrawal request
- Deleting your account through the app (Profile β Delete Account)
- Adjusting specific consent settings in your account preferences (where available)
Processing Time: Consent withdrawal will be processed within 30 days.
Note: Withdrawing consent does not affect the lawfulness of processing based on consent before withdrawal.
22.4 If You Do Not Agree
If you do not agree with this Privacy Policy or any part of it:
- Do Not Use the App: Refrain from downloading, installing, or using SolScada
- Delete Your Account: If you are already using the app, delete your account immediately
- Contact Us: Reach out with questions, concerns, or requests for clarification
- Seek Alternatives: Consider other solar monitoring solutions that better align with your privacy preferences
22.5 Continued Use
Continued use of the App after being notified of changes to this Privacy Policy constitutes acceptance of those changes, subject to applicable legal requirements for consent.
23. Governing Law and Dispute Resolution
23.1 Governing Law
- Primary Jurisdiction: This Privacy Policy is governed by the laws of Bangladesh
- International Compliance: We also comply with applicable data protection laws in your jurisdiction
- Conflict Resolution: In case of conflict, the stricter privacy protection standard applies
23.2 Dispute Resolution Process
Step 1: Direct Contact
Contact us directly to resolve any privacy-related disputes:
- Email: kawsar@scube.com.bd
- We will respond within 7 business days
- We aim to resolve issues within 30 days
Step 2: Mediation (Optional)
If direct resolution is unsuccessful:
- Either party may propose mediation
- Mediation costs to be shared equally
- Non-binding process
Step 3: Formal Legal Action
If mediation fails or is declined:
- Disputes may be brought to competent courts
- Subject to jurisdiction-specific rules
23.3 Regional Exceptions and Additional Rights
European Union/EEA and United Kingdom
- Can bring proceedings in courts of your EU member state of residence
- Right to lodge complaint with local supervisory authority
- GDPR rights take precedence over conflicting terms
California, United States
- Retain all rights under CCPA/CPRA
- Can file complaints with California Privacy Protection Agency
- No waiver of statutory rights
Brazil
- Retain all rights under LGPD
- Can file complaints with ANPD
- Brazilian consumer protection laws apply
Canada
- May file complaints with Privacy Commissioner of Canada
- Provincial privacy laws may also apply
- Federal Court jurisdiction for PIPEDA matters
23.4 No Waiver of Rights
Nothing in this Privacy Policy should be construed as a waiver of your rights under applicable data protection or consumer protection laws.
24. Additional Disclosures
24.1 Security Disclaimer
While we implement industry-standard security measures and continuously work to protect your information:
- No method of transmission over the internet is 100% secure
- No method of electronic storage is completely secure
- We cannot guarantee absolute security of your information
- You use the App at your own risk
- We encourage you to use strong passwords and enable available security features
24.2 Third-Party Links and Services
The App may contain links to third-party websites, services, or resources:
- This Privacy Policy does not apply to third-party sites or services
- We are not responsible for the privacy practices of third parties
- We recommend reviewing the privacy policies of any third-party sites you visit
- Links do not imply endorsement of third-party privacy practices
24.3 Aggregate and Anonymized Data
We may create aggregated, anonymized, or de-identified data from personal information:
- Anonymization Process: Data is processed to remove all identifying information
- Use: Used for analytics, research, and service improvement
- Sharing: May be shared without restriction as it cannot identify individuals
- Your Rights: Not subject to data subject access or deletion rights
- Standards: Created in accordance with applicable legal standards for anonymization
24.4 California Shine the Light Law
Under California Civil Code Section 1798.83 ("Shine the Light" law):
- We do not share personal information with third parties for their direct marketing purposes
- Therefore, no "Shine the Light" disclosure is required
- California residents may still request information about our compliance
24.5 Do Not Track Signals
Our App does not respond to Do Not Track (DNT) signals because:
- We do not track users across third-party websites
- We do not use third-party advertising or analytics that track users
- All data collection is first-party and essential for app functionality
24.6 Business Transfers
In the event of a merger, acquisition, reorganization, or sale of assets:
- Your personal information may be transferred as part of that transaction
- The acquiring entity must honor this Privacy Policy
- We will notify you via email and/or prominent notice in the app
- You will have the opportunity to delete your account before the transfer
- The new entity must comply with applicable data protection laws
24.7 Accessibility
We are committed to making this Privacy Policy accessible:
- Available in plain language
- Accessible through the app and our website
- Alternative formats available upon request
- Contact us if you need assistance accessing this policy
This Privacy Policy is effective as of December 21, 2025
Version 1.0.1 - Comprehensive Global Privacy Policy
Compliant with: GDPR, CCPA/CPRA, LGPD, PIPEDA, APPI, PIPA, PDPA
Β© 2025 SCUBE Technologies Ltd. All rights reserved.