Security Policy

Last Updated: 17 September 2025

Powerfull Technology Limited (“Powerfull,” “we,” “us,” or “our”) is committed to protecting the security and privacy of our users. This Security Policy outlines the measures we take to safeguard user data and maintain the integrity of our platform.

A. Access Control

  • 1.

    User Credentials: Powerfull does not store or manage user credentials (e.g., Tesla or Octopus Energy account login details). These credentials remain managed by the respective service providers. Powerfull only uses secure API tokens generated by those providers, with limited permissions determined by the user’s account settings

  • 2.

    Principle of Least Privilege: Powerfull requests and uses only the permissions necessary for the platform to function. Access to user data is strictly limited to what is required for our features to work.

B. Data Encryption

  • 1.

    API Tokens: All API tokens obtained from providers (e.g., Tesla, Octopus Energy) are encrypted both in transit and at rest to ensure confidentiality and integrity.

  • 2.

    Storage: Tokens stored on user devices use platform-specific secure mechanisms:

    a. Web: Stored securely in localStorage.

C. API Security

  • 1.

    Official APIs: Powerfull only integrates with official APIs from providers such as Tesla and Octopus Energy. These APIs follow industry-standard security protocols.

  • 2.

    Token Management: Users may revoke API tokens at any time through their provider’s platform (e.g., Tesla or Octopus Energy). Once revoked, Powerfull immediately loses access to the data associated with those tokens.

D. Incident Response

  • 1.

    Incident Reporting: Users can report any suspected security issues or concerns by contacting us promptly at admin@powerfull.tech

  • 2.

    Response Protocol: If a security incident occurs, Powerfull will investigate immediately, take necessary actions to mitigate risk, and respond in line with our established security response procedures.

E. Conclusion

Powerfull is dedicated to maintaining the highest standards of data security and user privacy. Through strong encryption, strict access control, and adherence to industry best practices, we ensure a safe and reliable experience for all users.

This Security Policy will be reviewed and updated regularly to reflect evolving security requirements and best practices.