Aligned
GDPR (EU)
Data minimization, lawful-basis tracking, 30-day SAR response, right to erasure with audit-trail retention.
Trust + security
Energy is YMYL. We treat your data accordingly.
"Your money or your life" pages get extra scrutiny — by Google's E-E-A-T raters and by the people whose utility credentials we hold. Below is the full posture: what we collect, how we encrypt it, who can read it, how long we keep it, and what happens when you ask us to delete it.
Last reviewed May 1, 2026 by the Seenra security team. We refresh this page on every control change — small revisions get a date bump, structural changes get a changelog entry.
KMS encryption posture
LivePer-tenant KMS keys, AES-256 at rest, TLS 1.3 in transit, and an audit log on every read. Decryption only happens at supplier handoff and is reviewed within 24 hours.
AES-256
At-rest encryption
TLS 1.3
In-transit encryption
0%
PII resold or shared with ad networks
< 72h
Disclosure response SLA
Eight pillars
What you can expect — without us using legalese to hide what we actually do.
Credentials encrypted at rest
Utility-portal credentials are KMS-encrypted with per-tenant keys. We never store passwords in plain text. Keys rotate on a documented schedule and old keys are revoked, not retained.
No full SSN
Residential supplier switching does not require an SSN. We do not ask for one. Some suppliers may request the last four digits as identity verification only — never collected or persisted by Seenra.
No PII resale
We do not sell email, phone, address, or utility account info. Period. Suppliers receive only the data needed to switch your supplier-of-record. Nothing routes to ad networks, data brokers, or third-party marketing pipelines.
GDPR + CCPA stance
You can request export or deletion of your data at any time via [email protected]. We respond within 30 days as required. Account deletion removes the personal layer; supplier-side records remain per their legal retention policy.
Responsible disclosure
Security researchers: [email protected]. We respond within 72 hours and coordinate a fix window before public disclosure. No formal bounty program yet — explicit thanks in our hall-of-fame plus Seenra-branded swag while we build out the program.
Regulator licensing
In states that license brokers separately, Seenra (or its supplier partner of record for that state) holds the active broker license. License IDs surface on each /state page. Your contract is always with the licensed entity, not a passthrough.
Audit logs
Every credential read, supplier switch, and rate quote is logged with actor, timestamp, IP, and reason code. Logs are retained 18 months and surfaced on request via [email protected].
Soft-delete window
Account deletion runs a 30-day soft-delete window — credentials are revoked immediately, but the audit trail remains queryable. After 30 days, the personal layer is hard-deleted and only the contract-of-record (legally required) remains with your supplier.
Posture matrix
Every data class we touch — what, how, how long.
This table is the source of truth. If it is not in this table, we do not collect it. If we change the table, we add a changelog entry below.
| Data class | Why we collect | How it is stored | Retention |
|---|---|---|---|
| Email + name | Required to send rate quotes and lock confirmations. | TLS 1.3 in transit; encrypted at rest in MariaDB on a private VPC subnet. | Soft-delete on request; hard-delete after 30 days. |
| Service address + ZIP | Required for rate determination — supply rates are zone-specific. | Stored as a normalized address; never used for direct mail or ad targeting. | Same as the rate-quote record — purged with the account. |
| Utility account number | Required to identify your supply-of-record at the utility. | Encrypted at rest with a per-tenant KMS key. Decrypted only at supplier handoff. | Retained for the contract term plus the regulatory retention window. |
| Utility-portal credentials | Optional — used only when the user opts into automatic bill verification. | KMS-encrypted with a per-tenant key, never logged in plaintext, revocable instantly. | Purged on account deletion or on opt-out, whichever is first. |
| Last 4 of SSN | Some suppliers require it for identity verification at switch time. | Passed through to the supplier; never persisted on Seenra infrastructure. | Zero retention on Seenra side. |
| Bill PDF / image | Optional upload to verify current rate and term. | Encrypted at rest; image text is parsed once at upload and the structured fields are stored separately. | 90-day rolling window unless the user opts to retain longer. |
Frameworks + certifications
What we are aligned to — and what we have not certified yet.
Aligned
CCPA / CPRA (California)
No sale of PII, opt-out support, sensitive personal information handling, and deletion within statutory windows.
Aligned
NIST Cybersecurity Framework
Identify, Protect, Detect, Respond, Recover — mapped against our control set in the security ops runbook.
In progress
SOC 2 Type II
Currently in Type I readiness review. Type II window opens Q3 2026. We will publish the report ID here when we have one.
Aligned
State PUC licensing
Active broker licenses (or licensed supplier partner of record) in every deregulated state we operate in. License IDs on each /state page.
In progress
State broker bonds
Bonded in markets that require it; bonds posted in each state's PUC supplier docket. Bond expiration dates tracked internally.
Responsible disclosure
Email [email protected]Found something? We want to hear it before our customers do.
Email [email protected] with a clear write-up. We respond within 72 hours, coordinate a fix window, and credit you in the hall of fame on this page once a fix is shipped.
- PGP key available on request — fingerprint posted on /security.txt.
- No legal action against good-faith research that follows the disclosure window.
- No formal bounty program yet; explicit thanks + Seenra swag while we build it out.
Common questions
Quick answers from the editorial desk
Do you sell my email or phone number to suppliers or marketing platforms?
No. Seenra does not resell PII. The only data we share with a supplier is what the supplier needs to switch your supply-of-record — nothing more. Nothing routes to ad networks, data brokers, or third-party marketing pipelines, ever.
Are you SOC 2 certified?
Not yet. We are working toward SOC 2 Type II — current state is a Type I readiness review. We will publish the report ID on this page when we have one. We do not claim certifications we do not hold.
What happens if there is a breach?
If we discover a breach affecting your data, we notify you within 72 hours of discovery, document the scope and remediation, and file with the relevant state attorneys general per applicable breach-notification laws. The notification will identify the data classes affected and the steps you should take.
Can I request all the data you have on me?
Yes. Email [email protected] from the address associated with your account and we will return a CSV bundle within 30 days as required by GDPR + CCPA. Identity verification on the request is part of the process — we will not release a full data export to an unverified email.
Who can read my credentials inside Seenra?
Decryption happens only at supplier handoff and is logged with actor, timestamp, IP, and reason code. The on-call engineer is the only role with break-glass access, and any break-glass session is reviewed within 24 hours by a second engineer.
Where is my data stored?
On AWS infrastructure in the US-East-1 region — Lightsail compute and a private MariaDB instance on a dedicated VPC subnet. Backups are encrypted, retained 30 days, and never leave the region.
Lock the rate, with confidence.
Same utility. KMS-encrypted credentials. No PII resale, ever.