Introduction
This privacy notice explains how Capture Energy Ltd (“Capture”, “we”, “us”, or “our”) collects, uses, stores, and protects your personal information.
This privacy notice applies to personal data collected through:
- Our website(s)
- Our mobile application(s)
- Our software platforms, APIs, and related services
- Our white-label services provided via installation and commercial partners
We are committed to handling personal information fairly, lawfully, and transparently, in accordance with UK data protection law.
Contact Details and Data Controller
Registered name: Capture Energy Ltd
Address: 5a Sandy's Row, London, England, E1 7HW
Email: team@capture.energy
For the purposes of UK data protection law, Capture Energy Ltd acts primarily as a Data Controller, regardless of the brand under which its services are provided. Where third parties process personal data on our behalf, they act as Data Processors.
Scope of This Privacy Notice
This privacy notice applies to the following individuals:
- Visitors to our website
- Users of our mobile application
- Existing and prospective customers
- End customers of installation or commercial partners using Capture’s white-label services, including apps operated by Capture Energy Ltd under different brands
- Individuals who contact us with enquiries or complaints
- Job applicants and employees (at a high level)
This notice does not apply to third-party websites or services that may be linked from our website or app. We encourage you to review the privacy policies of those third parties separately.
What Personal Information We Collect, Use, and Why
We only collect personal information that is necessary for defined purposes and aim to minimise the data we process.
Finance and HR Activities
Recruitment
- Individuals: Job applicants
- Personal data: Contact details; employment history; qualifications
- Lawful basis: Legitimate interests
- Recipients/processors: Notion
Staff Management
- Individuals: Employees
- Personal data: Contact details; personal address; bank details
- Lawful basis: Contract
- Recipients/processors: Notion, QuickBooks, Office 365, DocuSign, shared with our accountant
Marketing and Website Activities
Email Marketing
- Individuals: Potential customers
- Personal data: Contact details
- Lawful basis: Consent
- Recipients/processors: Monday, Zendesk
Inbound Lead Generation
- Individuals: Potential customers
- Personal data: Contact details; personal address; system details
- Lawful basis: Consent
- Recipients/processors: Webflow, Typeform, Slack, Monday, OneDrive
Website Tracking
- Individuals: Website visitors
- Personal data: IP address; behavioural and usage data
- Lawful basis: Consent
- Recipients/processors: Google Analytics, Hotjar, Google Tag Manager
Product and App Operations
App Analytics
- Individuals: Existing customers
- Personal data: IP address; behavioural data
- Lawful basis: Consent
- Recipients/processors: Posthog
Application Logs
- Individuals: Existing customers
- Personal data: System and technical details
- Lawful basis: Consent
- Recipients/processors: New Relic
Customer Support
- Individuals: Existing customersPersonal data:
- Personal data: Contact details; personal address; system details
- Lawful basis: Consent
- Recipients/processors: Zendesk, Monday, Metabase
Battery Management and Optimisation
- Individuals: Existing customers
- Personal data: Personal address; electricity consumption data; system and device details
- Lawful basis: Consent
- Recipients/processors: GCP, Supabase, Airflow, Metabase
Supplier Operations
- Individuals: Existing customers
- Personal data: Contact details; personal address; metering data and metadata; bank details; electricity consumption data
- Lawful basis: Consent
- Recipients/processors: Metabase, Monday, Retool
White-Label Partner Customers
In some cases, Capture provides services via installation or commercial partners under a white-label arrangement. These services may be provided under a partner-branded application or service name.
- Individuals: End customers of our partners
- Personal data: Contact details; personal address; electricity consumption and metering data; system and device details
- Purpose: Deliver and operate Capture’s white-label services; provide customer support; meet regulatory and market-operation requirements
- Lawful basis: Consent (obtained by the partner on Capture’s behalf)
- Recipients/processors: Supabase, GCP, Metabase, Monday, and other operational service providers
Where required, our partner may act as an independent Data Controller in respect of its own customer relationship and obligations, while Capture Energy Ltd acts as the operator of the software platform and processes personal data as a Data Controller and/or Data Processor depending on the specific processing activity.
Where necessary, Capture may contact white-label customers directly for service, operational, or support purposes.
Lawful Bases and Your Data Protection Rights
Under UK data protection law, we must have a lawful basis for collecting and using your personal information. The lawful bases we rely on include:
- Consent
- Contract
- Legitimate interests
The lawful basis applicable to each type of processing is set out in Section "What Personal Information We Collect, Use, and Why" above.
Your data protection rights include:
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to object to processing
- The right to data portability
- The right to withdraw consent at any time (where consent is the lawful basis)
To exercise your rights, please contact us using the details in Section "Contact Details and Data Controller". We will respond without undue delay and within one month.
Where We Get Personal Information From
We collect personal information:
- Directly from you
- Through your use of our website, app, or services
- From installation partners or commercial partners (where you are their customer)
- From suppliers, service providers, and market participants
- From publicly available or regulatory sources where permitted
Who We Share Personal Information With
Data Processors and Service Providers
We share personal data with trusted third parties where necessary to operate our business and deliver our services, including:
- Cloud and infrastructure providers
- Analytics and monitoring providers
- Customer support and CRM platforms
- Internal operations and finance tools
Where third parties process personal data on our behalf:
- Appropriate data processing agreements are in place where required
- Processing is limited to documented purposes
- Supplier security is assessed proportionately
- Cross-border transfers are assessed and recorded
Installation and Commercial Partners
Where services are provided under a white-label or partner-branded arrangement, a partner may receive personal data necessary to deliver, operate, and support the branded service for its customers.
Such sharing is limited to the minimum data required and is subject to appropriate contractual, technical, and organisational safeguards.
Legal and Regulatory Sharing
We may share personal information where required by law, regulation, or court order, including with regulators such as Ofgem and Elexon.
Sharing Information Outside the UK
Some of our service providers are located outside the UK. Where personal data is transferred internationally, we ensure appropriate safeguards are in place, such as:
- UK adequacy regulations
- UK Addendum to the EU Standard Contractual Clauses
Further information is available on request.
How Long We Keep Information
We retain personal data only as long as necessary for the purposes described in this notice and in line with our internal Data Retention Register.
Examples include:
- Application logs: 30 days
- Customer relationship data: up to 6 years after the relationship ends
- Mobile analytics: up to 1 year
- HR records: up to 6 years after employment ends
- Regulatory and settlement data: retained in line with legal requirements
After these periods, data is securely deleted or anonymised unless legal, regulatory, or technical reasons require longer retention.
Secure Deletion and Disposal
Personal data is deleted when no longer required, based on defined retention periods. Deletion uses platform-native mechanisms appropriate to the storage technology and risk classification.
For backups and logs, retention is often enforced through automated lifecycle controls. Where data cannot be deleted due to legal, regulatory, or platform limitations, this is documented along with the retention authority.
Cookies and Analytics
We use cookies and similar technologies on our website and app. Where required, we rely on your consent. Further information is available in our Cookie Policy.
Data Security
We have appropriate technical and organisational measures in place to protect personal data against unauthorised access, loss, misuse, or disclosure. Access to personal data is limited to those with a legitimate business need.
We have procedures in place to manage personal data breaches and will notify affected individuals and regulators where legally required.
Changes to This Privacy Notice
We keep this privacy notice under regular review and may update it from time to time. The latest version will always be available on our website or app.
How to Complain
If you have concerns about how we use your personal data, please contact us using the details in Section "Contact Details and Data Controller".
You also have the right to complain to the Information Commissioner’s Office (ICO).
Last updated: 13 January 2026