← Back to Energy Battery
Privacy Policy
Last updated: 2026-05-28
This policy explains what data we collect when you use Energy Battery (the "Service"), why we collect it, who we share it with, and what choices you have. Throughout this policy, "we," "us," and "our" refer to Jen Built It LLC.
1. What we collect
- Account data. Your email address and a salted PBKDF2 hash of your password. We never store your password in plain text.
- Check-in data. The energy levels (1–10) you log, the time of day you choose (morning, afternoon, evening), any tags you select, any short notes about what charged or drained you, and the date of each check-in.
- Profile data. Your timezone preference, your newsletter opt-in status, and the timestamp of that opt-in.
- Security data. The IP address of your request (used for rate-limiting and abuse prevention) and counts of failed login attempts. We don't store request IPs long-term — they live only inside the rate-limit window (typically minutes to an hour).
- Email verification and password reset tokens. Short-lived one-time tokens stored as SHA-256 hashes so a database read cannot replay them.
2. Why we collect it
- To create and secure your account (legal basis: contract).
- To save your check-ins so you can review your energy patterns over time (legal basis: contract).
- To verify Pro status when you upgrade through Jen's App Hub (legal basis: contract).
- To prevent fraud, abuse, and credential stuffing (legal basis: legitimate interest).
- To send you product updates only if you check the optional newsletter box (legal basis: consent).
3. Who we share it with
We use a small set of vendors to operate the Service. Each vendor only receives the minimum data they need.
- Cloudflare hosts the Service and our database (Cloudflare Workers + D1).
- Resend sends transactional emails (verify-your-email, password reset).
- n8n (self-hosted at n8n.jen8nflows.cloud) receives an internal operator notification when you sign up. The notification carries your email address and your app-newsletter consent flag, and is used by Jen to track signups and (if you consented) to add you to the newsletter list. The notification endpoint is authenticated with a shared secret.
- Kit stores newsletter subscribers, only if you opted in. Kit handles unsubscribes for the newsletter.
- Jen's App Hub issues a signed entitlement token if you have a Pro subscription. Energy Battery verifies that token locally; no payment details ever reach this Service.
We do not sell your personal data. We do not share your data with advertisers. We do not transfer your data to third parties for their own marketing.
4. Cross-app Pro verification
If you have an active Pro subscription on Jen's App Hub, the Hub issues your browser a short-lived signed JWT. Energy Battery verifies that JWT locally using a shared secret to confirm your Pro status (which unlocks the full Patterns view and 90-day history). The only data passed in that token is your email address and the date your Pro access runs through. No payment data, no credit card information, no profile data is shared with Energy Battery.
5. Cookies and local storage
We use a token stored in browser localStorage to keep you logged in. We do not use advertising cookies, third-party tracking pixels, or cross-site analytics. localStorage may also store small preferences (your timezone, dismissed onboarding) that never leave your device.
6. How long we keep your data
- Account and check-in data: until you delete your account. When you delete your account, your user record, all check-ins, all password reset tokens, and all email verification tokens are removed in a single batch operation.
- Rate-limit / security records: typically minutes to one hour; never more than a day.
- Newsletter consent: until you unsubscribe from Kit.
7. Your rights
Depending on where you live (GDPR, UK GDPR, CCPA/CPRA, and similar laws), you may have the right to:
- Access the personal data we hold about you (use the Export Data option in the app, or request via email)
- Correct inaccurate data (edit your timezone and newsletter consent in Settings; for email changes contact support)
- Delete your account and your data (use the Delete Account button on the Patterns tab)
- Export a copy of your data in a portable format (GET
/api/account/export while authenticated, or request via email)
- Withdraw newsletter consent at any time (uncheck the newsletter box in Settings, or unsubscribe from any newsletter email)
- Opt out of any sale or sharing of personal information — although we do not sell or share personal information for cross-context behavioral advertising (see Do Not Sell or Share My Personal Information)
- Lodge a complaint with your local data protection authority
To exercise any of these rights, use the in-app controls described above, or email privacy@jenbuiltit.com. We respond within 30 days.
8. Children
The Service is not directed at children under 16 and we do not knowingly collect personal data from them. If you believe a child has created an account, email privacy@jenbuiltit.com and we will delete it.
9. International users
The Service is operated from the United States. By using the Service from outside the US, you consent to the transfer of your data to the US. We rely on Standard Contractual Clauses or equivalent safeguards with our sub-processors where required.
10. Security
We protect your data using TLS in transit, salted PBKDF2 (100,000 iterations) for passwords, parameterized SQL queries, role-scoped database access, IP and per-user rate limiting, per-account lockout after repeated failed logins, signed HS256 session tokens with revocation versioning, SHA-256-hashed-at-rest verification and reset tokens, CSRF origin checks on sensitive mutations, and least-privilege secrets management. No system is perfectly secure, but if we detect a breach affecting your data, we will notify you and the appropriate authorities as required by law.
11. Changes to this policy
If we update this policy in a way that materially changes how we handle your data, we will notify you by email (for account holders) or post a notice on the Service. The "Last updated" date at the top will always reflect the current version.
12. Contact
Questions about this policy or your data:
Jen Built It LLC
10800 S Lloyd Drive
Worth, IL 60482
USA
privacy@jenbuiltit.com