WhatsApp

Privacy Policy

Effective Date: July 1, 2024
 
PLUGCY LLC (“Plugcy,” “we,” “us,” “our,” or the “Company”), a Delaware limited liability company, is steadfastly committed to safeguarding the privacy, confidentiality, and security of your personal data. This Privacy Policy (the “Policy”) delineates, with exhaustive precision, the practices and procedures governing the collection, use, storage, disclosure, and protection of personal data when you engage with our website www.plugcy.com, mobile application (“Plugcy App”), or any ancillary services, including but not limited to our peer-to-peer electric vehicle (EV) charging platform, sale of fast-charging equipment, and artificial intelligence-driven energy network services (collectively, the “Services”). By accessing or utilizing our Services, you expressly acknowledge and consent to the data practices articulated herein.
 
This Policy is meticulously crafted to ensure compliance with all applicable data protection and privacy laws, including, without limitation, the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (“CCPA/CPRA”), Mexico’s Ley Federal de Protección de Datos Personales en Posesión de los Particulares (“LFPDPPP”), the Delaware Consumer Privacy Act (effective January 1, 2025), and other jurisdictional mandates as applicable. This Policy is intended to provide maximum transparency, empower users with robust control over their data, and shield Plugcy from legal and regulatory risks while fostering trust.
If you do not agree with the terms of this Policy, you must immediately cease using our Services. For inquiries, concerns, or to exercise your privacy rights, please refer to Section 16 (Contact Information).
Table of Contents
  1. Scope and Application
  2. Definitions
  3. Information We Collect
  4. Methods of Data Collection
  5. Purposes of Data Processing
  6. Legal Bases for Processing
  7. Data Sharing and Disclosure
  8. International Data Transfers
  9. Data Retention and Deletion
  10. Data Security Measures
  11. Your Privacy Rights and Choices
  12. Cookies and Tracking Technologies
  13. Children’s Privacy
  14. Third-Party Links and Integrations
  15. Updates to This Privacy Policy
  16. Contact Information
  17. Governing Law and Dispute Resolution
  18. Severability and Entire Agreement
1. Scope and Application
This Policy governs the collection, processing, storage, and disclosure of personal data by Plugcy LLC in connection with the Services, which encompass:
  • A peer-to-peer EV charging platform facilitating connections between EV owners and charging station providers.
  • The sale of fast-charging equipment for electric vehicles.
  • AI-driven energy network services optimizing energy consumption, charging efficiency, and grid integration.
This Policy applies to all users of the Services, including individuals, businesses, and entities, regardless of geographic location, with tailored provisions for residents of Mexico, the United States, the European Union, and other jurisdictions where Plugcy operates or markets its Services. This Policy does not apply to data collected by unaffiliated third-party websites, applications, or services, even if accessible via links or integrations within our Services. Users are strongly encouraged to review the privacy policies of such third parties.
2. Definitions
For purposes of this Policy, the following terms have the meanings ascribed below:
  • Personal Data: Any information relating to an identified or identifiable natural person, as defined under applicable law (e.g., GDPR Art. 4(1), CCPA §1798.140(o)).
  • Processing: Any operation performed on personal data, including collection, storage, use, disclosure, or deletion, whether automated or manual.
  • Data Subject: An individual whose personal data is processed by Plugcy (i.e., you, the user).
  • Controller: Plugcy LLC, the entity determining the purposes and means of processing personal data.
  • Processor: A third party processing personal data on behalf of Plugcy under a written agreement.
  • Sensitive Personal Data: Data revealing racial or ethnic origins, health, biometric data, or other categories requiring heightened protection under applicable law.
3. Information We Collect
We collect the following categories of personal data, as necessary to provide and enhance our Services:
3.1 Personal Data Provided by You
  • Account and Identity Information:
    • Full name, email address, phone number, username, and password for account creation and authentication.
    • Government-issued identification (e.g., driver’s license, passport number) for identity verification and fraud prevention.
    • Biometric data, such as facial images, for optional facial verification processes to enhance account security.
  • Payment and Billing Information:
    • Credit/debit card details, bank account information, or other payment method data for processing transactions (e.g., purchasing fast chargers or paying for charging services).
    • Billing address and related financial details for invoicing and tax compliance.
  • EV-Related Information:
    • Vehicle details, including make, model, vehicle identification number (VIN), battery capacity, and charging preferences.
    • Charging history, including timestamps, locations, and energy consumption metrics.
  • User Communications:
    • Content of communications submitted via customer support channels, feedback forms, or surveys.
  • Marketing Preferences:
    • Preferences for receiving newsletters, promotional offers, or targeted advertisements.
3.2 Personal Data Collected Automatically
  • Device and Technical Information:
    • Internet Protocol (IP) address, device type, operating system, browser type and version, unique device identifiers, and network information.
  • Usage Data:
    • Interaction data, such as pages viewed, features accessed, time spent on the Services, clickstream data, and referral URLs.
  • Location Data:
    • Precise geolocation data (e.g., GPS coordinates) collected with your explicit consent via device permissions to facilitate peer-to-peer charging and location-based services.
    • Approximate location derived from IP address or Wi-Fi signals for analytics and fraud detection.
  • Cookies and Tracking Data:
    • Data collected via cookies, web beacons, pixel tags, and similar technologies to track user behavior and enhance functionality (see Section 12).
3.3 Personal Data from Third Parties
  • Service Providers:
    • Data from payment processors (e.g., Stripe) to confirm transactions.
    • Analytics data from providers (e.g., Google Analytics) to understand usage patterns.
    • Marketing data from platforms (e.g., Mailchimp) to manage promotional campaigns.
  • Third-Party Authentication:
    • Limited profile information (e.g., name, email) from single sign-on services (e.g., Google, Apple) when you use these to log in, subject to the third party’s privacy policy.
  • Publicly Available Data:
    • Information from public sources (e.g., social media profiles) where permitted by law and with your consent.
3.4 Sensitive Personal Data
We may process sensitive personal data, including:
  • Biometric data (e.g., facial images for verification).
  • Precise geolocation data for peer-to-peer charging. Such data is processed only with your explicit, informed, and revocable consent, and we implement heightened safeguards to ensure compliance with applicable laws (e.g., GDPR Art. 9, LFPDPPP Art. 10).
4. Methods of Data Collection
We collect personal data through the following mechanisms:
  • Direct Submission: When you create an account, complete forms, make purchases, submit inquiries, or configure preferences via the website or Plugcy App.
  • Automated Collection: Through cookies, tracking technologies, and device sensors (e.g., GPS, camera) with your permission, as detailed in Section 12.
  • Device Permissions: With your explicit consent, we access device features such as location services, camera (for facial verification), or storage for specific functionalities.
  • Third-Party Sources: From service providers, authentication platforms, or public sources, as described in Section 3.3.
Certain data (e.g., name, email, payment details, EV information) is mandatory to access core Services, such as account creation, transaction processing, or peer-to-peer charging. Other data (e.g., precise location, marketing preferences) is optional, and you may decline to provide it, though this may limit access to certain features. We clearly indicate mandatory fields during data collection to ensure transparency.
5. Purposes of Data Processing
We process your personal data for the following purposes, as permitted by applicable law:
5.1 Provision and Operation of Services
  • Create, manage, and secure user accounts.
  • Process transactions for fast charger purchases and peer-to-peer charging services.
  • Facilitate connections between EV owners and charging providers via the peer-to-peer platform.
  • Deliver AI-driven energy network services, including optimization of charging schedules, energy consumption, and grid integration.
  • Provide customer support, respond to inquiries, and resolve disputes.
5.2 Service Improvement and Personalization
  • Analyze usage data to enhance the functionality, performance, and user experience of our Services.
  • Personalize content, such as recommending nearby charging stations or tailored product offerings based on your EV profile.
  • Conduct research and development to innovate and refine our AI energy network and charging solutions.
5.3 Marketing and Communications
  • Deliver promotional emails, newsletters, push notifications, or SMS about Plugcy’s products, services, or offers, subject to your consent where required (e.g., GDPR Art. 7, CAN-SPAM Act).
  • Display targeted advertisements based on your interests, usage patterns, or demographic data.
  • Evaluate the effectiveness of marketing campaigns through analytics tools.
5.4 Legal Compliance and Security
  • Comply with legal and regulatory obligations, including tax reporting, anti-money laundering (AML), know-your-customer (KYC) requirements, and responses to lawful requests from governmental authorities.
  • Detect, prevent, and investigate fraud, unauthorized access, or misuse of the Services.
  • Protect the rights, property, and safety of Plugcy, our users, and the public.
5.5 Automated Decision-Making and Profiling
We may employ automated processes to optimize charging recommendations, personalize content, or detect suspicious activity. Such processes are subject to human oversight and do not produce legal or similarly significant effects without your consent. You may request detailed information about automated decision-making by contacting us (see Section 16).
6. Legal Bases for Processing
We process personal data in accordance with the following legal bases, as required by applicable law (e.g., GDPR Art. 6, LFPDPPP Art. 8):
  • Consent: For optional data collection (e.g., precise location, marketing communications, biometric data), we obtain your explicit, informed, and revocable consent.
  • Contractual Necessity: To fulfill our obligations under the Terms of Service, such as processing payments or providing peer-to-peer charging services.
  • Legal Obligation: To comply with tax, financial, or regulatory requirements (e.g., IRS reporting, Mexico’s SAT obligations).
  • Legitimate Interests: For purposes such as improving our Services, preventing fraud, or conducting analytics, where such interests are not overridden by your rights and freedoms.
  • Vital Interests: In rare cases, to protect the safety of users or the public (e.g., responding to emergencies).
For sensitive personal data, we rely on explicit consent or other permissible bases under applicable law (e.g., GDPR Art. 9(2), LFPDPPP Art. 10). You may withdraw consent at any time by contacting us or adjusting your account settings, though this may affect your ability to use certain Services.
7. Data Sharing and Disclosure
Plugcy does not sell, rent, or trade your personal data. We may disclose your data only under the following circumstances, with strict contractual safeguards:
7.1 Service Providers
We engage trusted third-party processors to perform functions essential to our Services, including:
  • Payment Processing: Stripe, Inc. or similar providers to process payments securely.
  • Analytics: Google Analytics or equivalent tools to analyze usage trends and improve functionality.
  • Marketing: Mailchimp or similar platforms to manage promotional communications.
  • Cloud Hosting: Amazon Web Services (AWS) for secure data storage and processing.
All processors are bound by data processing agreements (e.g., GDPR-compliant DPAs, CCPA service provider contracts) that restrict their use of your data to our specified purposes and mandate robust security measures.
7.2 Legal and Regulatory Compliance
We may disclose personal data to:
  • Comply with legal obligations, such as responding to subpoenas, court orders, or regulatory investigations.
  • Enforce our Terms of Service or protect our legal rights, including intellectual property.
  • Investigate or mitigate fraud, security incidents, or other unlawful activities.
7.3 Business Transfers
In the event of a merger, acquisition, reorganization, or sale of all or part of Plugcy’s assets, your personal data may be transferred to the acquiring entity. We will notify you in advance via email or a prominent notice on our Services and provide options to exercise your privacy rights.
7.4 With Your Consent
We may share your data for additional purposes if you provide explicit, informed consent (e.g., participating in a referral program or sharing data with a partner service).
7.5 Anonymized or Aggregated Data
We may share anonymized or aggregated data that cannot be used to identify you for purposes such as industry research, benchmarking, or reporting.
8. International Data Transfers
Plugcy operates primarily in Mexico but serves a global user base. Your personal data may be transferred to, stored, or processed in jurisdictions outside your country of residence, including the United States (where Plugcy and AWS servers are located) and other countries where our service providers operate.
For cross-border transfers, we implement safeguards to ensure compliance with applicable laws:
  • GDPR (EU Residents): We use Standard Contractual Clauses (SCCs) approved by the European Commission or other mechanisms to ensure adequate protection.
  • LFPDPPP (Mexico Residents): We comply with Mexico’s requirements for international data transfers under Articles 36 and 37.
  • CCPA (California Residents): We ensure service providers adhere to CCPA requirements for data transfers.
  • Other Jurisdictions: Where required, we implement equivalent safeguards to protect your data.
By using our Services, you consent to such transfers where permitted by law. You may request additional information about our transfer mechanisms by contacting us.
9. Data Retention and Deletion
We retain personal data only for the duration necessary to achieve the purposes outlined in this Policy or as required by law. Specific retention periods include:
  • Account Data: Retained for the duration of your active account and up to 7 years post-deletion to comply with tax, financial, and legal obligations (e.g., IRS, Mexico’s SAT).
  • Payment Data: Retained for 7 years to comply with financial regulations and audit requirements.
  • EV and Charging Data: Retained for up to 3 years to support analytics and service optimization, unless you request earlier deletion.
  • Biometric Data: Deleted immediately after verification, unless required for ongoing fraud prevention (with your explicit consent) and retained no longer than 1 year.
  • Location Data: Retained only for the duration of the session or as needed to provide location-based services, unless you consent to longer retention.
  • Usage and Analytics Data: Retained for up to 3 years for service improvement and analytics.
  • Backup Data: Retained for up to 90 days for disaster recovery purposes, after which it is securely deleted.
Upon expiration of the retention period, we securely delete or anonymize your data using industry-standard methods (e.g., NIST 800-88 guidelines). You may request deletion of your data at any time, subject to legal retention obligations (see Section 11).
10. Data Security Measures
We implement state-of-the-art technical, organizational, and administrative measures to protect your personal data against unauthorized access, loss, alteration, or disclosure:
  • Encryption: Data is encrypted in transit using Transport Layer Security (TLS 1.3) and at rest using AES-256 encryption.
  • Access Controls: Role-based access controls restrict employee and contractor access to personal data on a need-to-know basis.
  • Authentication: Multi-factor authentication (MFA) and secure password hashing (e.g., bcrypt) protect user accounts.
  • Network Security: Firewalls, intrusion detection systems, and regular vulnerability scans safeguard our infrastructure.
  • Audits and Monitoring: We conduct annual third-party security audits and continuous monitoring to identify and mitigate risks.
  • Biometric Data Protections: Facial verification data is processed in a secure, isolated environment and deleted promptly after use.
In the unlikely event of a data breach, we maintain a comprehensive incident response plan, including:
  • Notification to affected users and relevant authorities (e.g., EU supervisory authorities, INAI, California Attorney General) within 72 hours, as required by law.
  • Investigation and mitigation to contain the breach and prevent recurrence.
  • Transparent communication to inform users of their rights and remedies.
11. Your Privacy Rights and Choices
You have robust rights over your personal data, subject to applicable law and jurisdictional variations:
11.1 Universal Rights
  • Access: Obtain a copy of your personal data and details about how it is processed.
  • Rectification: Correct inaccurate or incomplete data.
  • Deletion: Request deletion of your data, subject to legal retention obligations.
  • Restriction: Limit processing of your data in certain circumstances (e.g., while a correction request is pending).
  • Objection: Object to processing for specific purposes, such as direct marketing or profiling.
  • Data Portability: Receive your data in a structured, commonly used, machine-readable format for transfer to another service.
11.2 Jurisdiction-Specific Rights
  • GDPR (EU Residents):
    • Withdraw consent at any time without affecting prior processing.
    • Request information about automated decision-making or profiling.
    • Lodge a complaint with a supervisory authority (e.g., CNIL, ICO).
  • CCPA/CPRA (California Residents):
    • Opt out of the sale of personal data (Plugcy does not sell data).
    • Request disclosure of categories, sources, and purposes of data collection.
    • Request deletion without discrimination.
    • Designate an authorized agent to exercise rights on your behalf.
  • LFPDPPP (Mexico Residents):
    • Exercise ARCO rights (Access, Rectification, Cancellation, Opposition).
    • File complaints with the Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales (INAI).
  • Delaware Consumer Privacy Act (Effective January 1, 2025):
    • Similar rights to CCPA, including opt-out from targeted advertising and profiling.
11.3 Exercising Your Rights
To exercise your rights, you may:
  • Access, update, or delete your account data via the Plugcy App’s account settings.
  • Submit a request via our online privacy portal at www.plugcy.com/privacy.
  • Email [email protected] or write to PLUGCY LLC, Attn: Privacy Office, 8 The Green, Ste B, Dover, DE 19901, USA.
We will verify your identity (e.g., via email confirmation or ID verification) to prevent unauthorized requests. Responses will be provided within:
  • 30 days for GDPR and LFPDPPP requests (extendable by 30 days for complex cases).
  • 45 days for CCPA requests (extendable by 45 days with notice).
  • 15 days for Delaware Consumer Privacy Act requests (post-January 1, 2025).
11.4 Opt-Out Options
  • Marketing Communications: Unsubscribe via the link in emails, SMS, or push notifications, or update preferences in your account settings.
  • Cookies and Tracking: Manage preferences via our cookie consent tool (see Section 12).
  • Location Data: Disable location services in your device settings or the Plugcy App.
  • Biometric Data: Opt out of facial verification by disabling the feature in the Plugcy App.
12. Cookies and Tracking Technologies
We utilize cookies, web beacons, pixel tags, and similar technologies to enhance functionality, analyze usage, and deliver personalized content. Cookies are categorized as follows:
  • Strictly Necessary Cookies: Essential for core functionality, such as session management, authentication, and security.
  • Performance Cookies: Collect anonymized data to monitor site performance and usage trends (e.g., Google Analytics).
  • Functional Cookies: Enable personalized features, such as saved preferences or language settings.
  • Targeting Cookies: Support targeted advertising and marketing campaign analytics.
You may manage cookie preferences through our cookie consent tool, accessible on our website and Plugcy App. Disabling non-essential cookies may impact certain features. For detailed information, including a list of cookies and their purposes, please review our Cookie Policy at www.plugcy.com/cookies.
We comply with applicable cookie laws, including GDPR e-Privacy requirements and CCPA opt-out rights. For EU users, we obtain affirmative consent before deploying non-essential cookies. For California users, we provide clear opt-out mechanisms for targeted advertising.
13. Children’s Privacy
Our Services are strictly intended for individuals aged 18 and older. We do not knowingly collect, process, or store personal data from individuals under 18 years of age. If we become aware that we have inadvertently collected data from a minor without verifiable parental consent, we will promptly delete such data and terminate the associated account.
Parents or guardians who believe their child has provided personal data to Plugcy may contact us at [email protected] to request review, deletion, or further assistance. We comply with the Children’s Online Privacy Protection Act (COPPA) and equivalent laws in other jurisdictions (e.g., GDPR Art. 8).
14. Third-Party Links and Integrations
Our Services may include links to or integrations with third-party websites, applications, or services (e.g., payment processors, social media platforms, or authentication providers). These third parties operate under their own privacy policies, and Plugcy is not responsible for their data practices. We strongly recommend reviewing the privacy policies of any third-party services you interact with.
Examples of third-party integrations include:
  • Stripe for payment processing.
  • Google for single sign-on or analytics.
  • Mailchimp for marketing communications.
15. Updates to This Privacy Policy
We reserve the right to amend this Policy to reflect changes in our data practices, Services, or legal requirements. Material changes will be communicated via:
  • Email to the address associated with your account.
  • A prominent notice on our website (www.plugcy.com) (www.plugcy.com) or Plugcy App.
  • In-app notifications for mobile users.
Updates take effect upon posting, unless otherwise specified. Your continued use of the Services after such updates constitutes acceptance of the revised Policy. We review this Policy at least annually to ensure ongoing compliance and alignment with best practices.
For transparency, we maintain an archive of prior versions of this Policy, accessible upon request by contacting [email protected].
16. Contact Information
For questions, concerns, complaints, or to exercise your privacy rights, please contact our designated Data Protection Officer:
PLUGCY LLC
Attn: Data Protection Officer
8 The Green, Ste B, Dover, DE 19901, USA
Email: [email protected]
Phone: +1 (302) 581-4070
EU Representative (GDPR Compliance):
[To be appointed, if required, based on Plugcy’s EU operations. Contact [email protected] for details.]
Mexico Data Protection Inquiries:
Users in Mexico may file complaints with the Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales (INAI) at www.inai.org.mx.
EU Supervisory Authorities:
EU residents may lodge complaints with their local data protection authority (e.g., CNIL in France, ICO in the UK).
17. Governing Law and Dispute Resolution
This Policy is governed by and construed in accordance with the laws of the State of Delaware, United States, without regard to its conflict of law principles, except where preempted by mandatory local laws (e.g., GDPR for EU residents).
Any disputes arising from or relating to this Policy or our data practices shall be resolved through binding arbitration in Dover, Delaware, administered by the American Arbitration Association (AAA) under its Commercial Arbitration Rules. The arbitration shall be conducted in English by a single arbitrator, and the award shall be final and binding. Notwithstanding the foregoing, users in jurisdictions where arbitration agreements are unenforceable (e.g., EU consumers) may pursue claims in their local courts.
Nothing in this Policy affects your statutory rights to seek remedies through judicial or regulatory authorities, as applicable.
18. Severability and Entire Agreement
If any provision of this Policy is deemed invalid, unlawful, or unenforceable by a court or competent authority, such provision shall be severed, and the remaining provisions shall remain in full force and effect. This Policy constitutes the entire agreement between you and Plugcy regarding the processing of your personal data, superseding any prior agreements or understandings, whether written or oral.
Shopping Basket