EKO Q

Global Commitment to Privacy

Effective date: June 12, 2026

EKO Instruments is committed to protecting your personal data. We abide by all applicable laws and regulations, with a particular focus on the EU General Data Protection Regulation (GDPR) as our global standard for data privacy. We may update this Privacy & Data Protection Policy from time to time to reflect changes in our practices or legal requirements. Any changes will be posted on this page, and where appropriate, notified to you.

Introduction

EKO Q is a web-based software-as-a-service (SaaS) platform provided by EKO Instruments for both business (B2B) and individual (B2C) users. This Privacy Policy explains what types of information we collect through the EKO Q application, how we use and protect that information, and the rights you have in relation to your personal data. It applies when you access EKO Q, its Application Programming Interface(s) or any other interface related to it (related apps, marketing dashboard, analytical dashboards, etc.). Protecting your privacy and personal information is one of our top priorities. If you have any questions about this Policy or how EKO Instruments handles your data, please contact us using the details in the Contact section below.

Types of Data We Collect

When you use EKO Q, we collect several types of data to provide and improve our services. We only collect data that is necessary for the purposes described in this Policy. The types of data we collect include:

Account Information: When you register an account, we collect personal identifiers such as your name and email address. If you register on behalf of a business, we may also collect your company contact information. You will also create login credentials (such as a password) to secure your account.
Contact and Profile Details: You may provide additional contact information like a phone number or job title, and other profile details at your discretion. These details help us communicate with you and personalize your experience.
Sensor and Application Data: EKO Q helps you manage, store, and analyze your sensor data. The platform may collect data generated by those measurement devices (for example, measurement readings, device identifiers, timestamps, and related metadata). This measurement data is stored in your account so that you can view and analyze it. While those irradiance measurement data typically do not identify an individual, it is treated as part of your account data under this Policy.
Usage Logs and Technical Data: When you use EKO Q, our systems automatically record certain information about your measurement data and your usage of the platform. This includes data such as your IP address, browser type, device type, operating system, referring/exit pages, timestamps of access, and actions taken on the platform (e.g., pages or features used). These usage logs help us troubleshoot issues, secure the platform, and understand how users interact with EKO Q. We may also collect general location information (e.g., city or country) inferred from your IP address to help us analyze usage by region.
Cookies and Session Data: We use cookies and similar technologies to keep you logged in and to remember your preferences. These may collect data like session tokens or other identifiers tied to your account.
Communications: If you contact EKO Instruments for support, feedback, or other inquiries regarding EKO Q (for example, via email or through a support form), we will collect the information you choose to provide in that communication. This may include your contact details (like email or phone number) and the content of your message.

We will make it clear when we request personal data from you, whether the provision of that data is mandatory or optional, and the consequences of not providing the data. We do not collect any special categories of personal data (such as sensitive personal information like health, genetic, or biometric data) through EKO Q. Additionally, we do not intentionally collect any information from children (see Children’s Privacy below).

Legal Basis for Processing

Under GDPR, EKO Instruments must have a valid legal basis to process your personal data. Depending on the context, one or more of the following legal bases may apply:

Performance of a Contract: We process personal data to provide the EKO Q services you have requested. For example, we require your name and email to create and administer your user account, and we use your data (like measurements inputs or usage actions) to deliver the platform’s functionality. Processing your data for customer support is also based on fulfilling our contractual obligations to you as a user.
Legitimate Interests: We may process certain data as necessary for our legitimate business interests, provided those interests are not overridden by your data protection rights. For instance, it is in our legitimate interest to collect usage logs and analytics data to improve our platform’s performance and features, to ensure the security of our service (e.g., detecting fraud or misuse), and to communicate important service updates. When we rely on this basis, we consider and balance any potential impact on your rights.
Consent: In some cases, we rely on your consent to process personal data. For example, if we ever want to use your personal data for a purpose that requires consent (such as using your email to send promotional marketing not related to the core service), we will ask for your explicit consent. You have the right to withdraw your consent at any time.
Legal Obligation: We also process personal data when required to comply with our legal obligations. For example, for financial and tax regulations we may need to retain administrative records. If authorities lawfully require us to provide personal data (such as for law enforcement or regulatory purposes), we will do so under the legal obligation basis.
Vital Interests or Public Interest: In very unlikely scenarios, we might process data to protect someone’s vital interests (life or safety) or for a task in the public interest, but these bases are generally not applicable to the EKO Q service’s typical operations.

We will always ensure that we have a valid legal ground to collect and use your data, and we will document our decision-making for these bases as required by GDPR.

How We Use Your Data

We use the personal and technical information collected through EKO Q for the following purposes:

To Provide and Operate the Service: We use your data to create and manage your account, authenticate you upon login, and deliver the functionality of the EKO Q platform. For example, we use your measurements data to generate analyses and visualizations for you, and your account details to personalize your dashboard and settings.
To Communicate with You: We process your contact information to send important communications related to your use of EKO Q. This includes sending transactional emails via our email service (Brevo) for actions like account activation, email verification, password resets, and notifications about significant changes or issues with the service. We may also respond to you directly via email or phone if you have reached out for support or have an open support ticket.
To Improve and Customize the Platform: We analyze usage data and feedback to understand how our users interact with EKO Q. This analysis helps us troubleshoot technical issues, optimize user experience, and develop new features or enhancements. For instance, understanding which features are most used can guide our development priorities. We may also use aggregated measurements data (in anonymized form) to improve our analytics algorithms or product offerings.
To Ensure Security and Prevent Misuse: Your logs and other technical data are used to monitor for suspicious activities and to protect against unauthorized access, cyberattacks, or other misuse of our platform. We may use IP addresses and other identifiers to block malicious actors and to safeguard user accounts and data.
For Legal and Compliance Reasons: We may use your information to enforce our Terms of Service or other agreements, to comply with applicable laws and regulations, and to respond to lawful requests from authorities. For example, retaining certain data for auditing or compliance, or using your data to verify your identity if you exercise data rights requests.
Optional Marketing Communications: EKO Q itself primarily sends service-related communications. We will not use your personal data for unsolicited marketing. However, if you are also an EKO Instruments newsletter subscriber or have explicitly opted in to receive marketing communications, we may send you updates about new products or services. You can opt out of marketing emails at any time, and opting out will not affect your access to EKO Q. (Transactional emails and important service notices will still be sent as needed, as they are not promotional.)
Research and Development: In some cases, we may use anonymized or aggregated data (that cannot identify you) derived from your usage for internal research, analytics, and product development. For example, aggregated sensor performance metrics across all users might be studied to improve the accuracy of our instruments and services. Such aggregated data contains no personally identifiable information.

We do not sell your personal data to third parties. We only share your data with third parties as described in this Policy (for example, with service providers acting on our behalf, or when required by law). All the uses of data are aligned with the purposes for which the data was originally collected, and we will not use your information in a manner that is incompatible with those purposes without informing you and obtaining consent if required.

Cookies and Analytics

Like most web applications, EKO Q uses cookies and similar tracking technologies to ensure the platform functions correctly and to enhance your user experience:

Functional Cookies: When you log into EKO Q, our system uses an authentication cookie (or similar mechanism) to maintain your session. This cookie allows you to stay logged in as you navigate the platform and ensures that the correct account information is displayed to you. We may also use cookies to remember certain preferences (for example, your language or other settings) so that you don’t have to reconfigure them each time. These cookies are essential for providing the service and do not require consent under GDPR, as they are necessary for the operation of the website.
Other Tracking Technologies: Aside from cookies, we may use local storage or similar mechanisms for caching data on your browser to improve performance (for instance, storing a small bit of data so that a page loads faster on repeat visits). We do not use any third-party advertising networks or social media trackers on the EKO Q platform.
Cookie Management: You have the ability to control and delete cookies if you wish. Most web browsers allow you to refuse new cookies, delete existing cookies, or notify you when new cookies are set. Please note, however, that if you disable or delete cookies related to EKO Q, some core functionality (like staying logged in) may not work properly. Since our analytics do not rely on cookies, disabling cookies will not affect the data collected by Umami, but you are already protected as that data is anonymized. We do not display cookie consent banners within the EKO Q application itself because we do not use non-essential or third-party cookies that require consent. If our practices change in the future, we will implement appropriate notice and consent mechanisms.

Third-Party Service Providers (Data Processors)

To operate the EKO Q service efficiently, EKO Instruments relies on a few trusted third-party service providers. These third parties process data on our behalf and are contractually obligated to keep your information secure and use it only for the specific services they provide to us. Below are the key third-party processors we use, along with a description of what they do and what data may be shared with them:

DigitalOcean (Hosting & Storage): EKO Q is hosted on DigitalOcean, a cloud infrastructure provider. Our servers are deployed in DigitalOcean’s data centers in Europe or the U.S. This means data you provide to EKO Q (your account information, sensor data, etc.) is stored on DigitalOcean’s infrastructure. DigitalOcean acts as a data processor by storing and handling data as we instruct. It is done in accordance with the Data Processing Agreement (DPA), including Standard Contractual Clauses, to ensure your data is protected according to GDPR standards. DigitalOcean implements industry-standard security measures for physical and network security.
Brevo (Transactional Email Service): Brevo (formerly known as Sendinblue) is our email service provider for sending transactional and operational emails. We use Brevo to send emails such as account verification links, password reset emails, notifications about sensor reports, and other service-related communications. To do this, we provide Brevo with the necessary contact information (typically your name and email address, and the content of the email to send). Brevo is a company based in the EU (France) and stores data on secure servers. They act as a data processor for us, meaning they only use your data to send emails as instructed by EKO Q. Brevo is GDPR-compliant and we have agreements in place to ensure the safety of your data. They do not use your email for their own purposes or marketing, and they do not have rights to share it.
Lucisun LuData (Satellite Irradiance and Meteo Reanalysis data provider): We rely on data from Lucisun LuData to supplement and cross-check the irradiance readings captured by your on-site pyranometers. To retrieve relevant irradiance and weather data, EKO Q may send minimal location information (such as approximate coordinates) to Lucisun LuData. No personal details are included beyond what is strictly necessary for matching and delivering the relevant satellite or meteorological data. Lucisun LuData acts as a data processor bound by contract to use this data solely to fulfill our requested services. We have a Data Processing Agreement (DPA) in place, including Standard Contractual Clauses where necessary, to ensure adherence to GDPR and similar data protection standards.
CAMS radiation service (Satellite Irradiance data provider) accessed via SoDa service by Vaisala: CAMS (Copernicus Atmosphere Monitoring Service) Radiation Service provides satellite-derived solar radiation data that we use alongside Lucisun to provide users more choice when doing their analysis. To request location-specific irradiance data, EKO Q sends latitude/longitude or similarly minimal location references to CAMS. We do not share personal identifiers; only the geographic information necessary to pull the corresponding radiation data. CAMS operates under EU data protection standards and processes only the limited geographic data needed to provide irradiance outputs.

We ensure that all third-party processors that handle EKO Q user data are bound by strong privacy terms. They are not allowed to access or use your data for any purpose other than providing their service to us. We do not share your personal data with any third parties for their own marketing or purposes unrelated to EKO Q. Aside from the providers above, the only other circumstances in which we might share data are: (a) if we are required by law or government authority, (b) if we need to disclose information to our professional advisors (e.g., lawyers, auditors) who are bound to confidentiality, or (c) in the event of a business transfer (for instance, if EKO Q or EKO Instruments undergoes a merger or acquisition).

International Data Transfers

Because EKO Instruments operates globally, your data may be transferred to and stored in countries outside of your own. In particular, application servers and databases are located in DigitalOcean data centers in Europe or in the U.S. This means that your personal data may be securely transferred between the EEA and the U.S. for processing.

Data Protection Safeguards: We apply appropriate safeguards, such as European Commission-approved Standard Contractual Clauses (SCCs) with our U.S.-based processors, encryption in transit and at rest, and access minimization. Internal transfers between EKO offices are covered by intra-group agreements. If you would like more information about our international data transfer practices or copies of the relevant safeguards in place, please contact us.

Data Retention

We will retain your personal data only for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. The retention period can vary depending on the type of data and the purpose of processing. Here is a summary of our retention practices:

Account Data: We retain the personal information associated with your EKO Q account (such as your profile info, sensor data, and usage logs) for as long as your account is active. If you choose to deactivate your account or request deletion, we will initiate the deletion of your personal data from our production systems. Inactive accounts may be retained for a reasonable period in case you reactivate, and we will inform you of such policies in advance.
Sensor Data: Measurements data are collected and stored in EKO Q and will be retained as long as you have an active account, so that you can access historical measurements. You have the ability to delete certain datasets or entries via the platform; deleting such data will remove it from active databases, though it may persist in backups for a limited time.
Support Communications: If you contacted us for support, we may retain those communications (including emails or ticket records) for a period of time after resolution. Typically, support records are retained for a few years, unless you request a deletion and we have no overriding reason to keep them.
Analytics Data: Analytics data collected via Umami is generally kept in aggregate form. Since this data does not identify users, we may keep aggregate usage statistics indefinitely to observe long-term trends. However, raw log data that could be tied to IP addresses is usually rotated or deleted within a short timeframe. For instance, server logs containing IP addresses are typically retained for security analysis for a few weeks to a few months, and then automatically purged or anonymized.
Backups: We perform regular backups of our database and systems to ensure we can recover from downtime or disasters. These backups are encrypted and stored securely. Backup files are retained for a limited retention cycle (e.g., backups might be kept for 30-60 days before being overwritten with newer backups). If you request deletion of your data, we will remove your data from our live systems and it will no longer be used, but it might remain in encrypted backups until those backups expire and are replaced. We treat data in backups as protected and will not restore or use deleted data unless absolutely necessary for security or legal reasons.

After the applicable retention period has elapsed, or upon your valid request for erasure, we will either securely delete or anonymize your personal data so that it can no longer be associated with you. If complete deletion (for example, from backups) is not immediately feasible, we will ensure the data is isolated and protected until deletion is possible.

Your Rights Under GDPR

If you are in the European Union, the United Kingdom, or other jurisdictions with similar data protection laws, you have certain rights regarding your personal data. EKO Instruments is committed to honoring these rights. Even if you are not in those regions, we extend many of these core rights to all our users as part of our commitment to privacy. Under GDPR (and equivalent laws), you have the following rights:

Right of Access: Request confirmation of whether we are processing your personal data and obtain a copy of the personal data we hold about you.
Right to Rectification: Request correction of inaccurate or incomplete personal data.
Right to Erasure: Request deletion of your personal data when it is no longer necessary for the purposes it was collected, subject to legal obligations.
Right to Restrict Processing: Request limitation of processing under certain circumstances.
Right to Object: Object to processing based on legitimate interests; unconditional right to object to direct marketing.
Right to Data Portability: Receive your personal data in a structured, commonly used, machine-readable format where applicable.
Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.
Right to Lodge a Complaint: File a complaint with a supervisory authority.

To exercise any of these rights, please contact us at eko-q@eko-instruments.com. We may need to verify your identity before fulfilling certain requests and will respond within applicable legal timeframes (typically one month under GDPR).

Children’s Privacy

EKO Q is a professional platform and is not intended for use by children. We do not knowingly allow anyone under the age of 16 to register an account or use the service. If you are under 16, please do not use this platform or submit any personal data to us. If we learn we have collected personal data from a child under 16, we will take immediate steps to delete that information.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy & Data Protection Policy or the handling of your personal data, please reach out to us. We are here to help and will respond promptly.

Data Controller: The data controller responsible for your information is EKO Instruments Co., Ltd., the owner of the EKO Q platform.
Email: You may email our data protection team at eko-q@eko-instruments.com. Please include 'EKO Q Privacy Inquiry' in the subject line for quicker routing.
Postal Mail: EKO Instruments Europe B.V., Lulofsstraat 55, 2521 AL, The Hague, The Netherlands

We will do our best to address any questions or issues you have about your personal data. If you contact us to exercise any of your data rights, please provide sufficient information for us to verify your identity and locate your data (for example, the email associated with your EKO Q account and the specific request).

Thank you for reading our Privacy & Data Protection Policy. Your trust is important to us, and we are continuously working to maintain and improve the security and transparency of the EKO Q platform. We encourage you to review this Policy periodically for any updates. By continuing to use EKO Q, you acknowledge that you have read and understood this Policy. If you do not agree with any aspect of this Policy, please discontinue use of the platform and contact us to address your concerns.