Skip to main content
Voltara Systems

Privacy Policy

Last updated: 1 June 2026

Draft — pending legal review. This document is a working draft prepared for legal counsel review. It is not final and does not constitute legal advice.

How Voltara Systems collects, uses, and safeguards personal data — and the rights you hold over it.

This Privacy Policy explains how Voltara Systems (“Voltara”, “we”, “us”) handles personal data when you visit voltarasystems.net, request a demo, or use our software for designing and managing solar-EPC projects. Voltara provides software; payments are processed by Paddle.com as our merchant of record (see Subprocessors and our Refund & Cancellation policy).

Controller. The data controller for this site and service is [[PENDING: registered legal entity name]] (commercial registration [[PENDING: CR no.]]; tax ID [[PENDING: tax ID]]), trading as Voltara Systems, registered at [[PENDING: registered address]], Cairo, Egypt. Arabic legal name: [[PENDING: Arabic legal name]].

1. Data we collect

We collect only the data we need to provide and improve the service:

1.1 Account & contact data

When you request a demo, contact us, or create an account, we collect the name, work email, company name, role, and any message content you provide. If you become a customer, we hold account-administration details such as the seats and tier assigned to your organisation.

1.2 Customer content (project & lead data)

When you use the software, you and your team enter business content — for example sales leads, site and customer details, solar-design inputs and outputs, bills of materials, project tasks, and operational records. This is customer content: you control it, you decide what to enter, and we process it on your instructions to run the service for you. Where this content includes personal data about your own customers or staff, you act as the controller and Voltara acts as a processor on your behalf.

1.3 Usage & technical data

We collect basic technical data needed to operate and secure the service: IP address, browser and device type, pages and features used, timestamps, and diagnostic/error information. Today the public site uses only essential cookies (see Cookies). Should we add product analytics or error-monitoring tools in future, we will list them as subprocessors below and update this notice before they go live.

1.4 Billing data

Subscriptions and metered usage are sold and billed through Paddle, our merchant of record. Paddle collects and processes the payment details, billing address, and tax data needed to complete a purchase. Voltara does not receive or store full payment-card numbers; we receive a transaction reference and the subscription/entitlement status needed to provision your account.

2. Why we use data, and our legal bases

We process personal data for the purposes below. Where EU/GDPR-style law applies, the corresponding legal basis is shown; comparable bases apply under Egypt’s Personal Data Protection Law (Law No. 151 of 2020, “PDPL”).

  • To provide the service (run your account, store and process your content, deliver designs and project records) — performance of a contract.
  • To respond to demo requests and enquiriessteps taken at your request prior to a contract, and our legitimate interest in answering you.
  • To bill and account via Paddle, and to keep required financial records — performance of a contract and legal obligation.
  • To secure, maintain, and improve the service (diagnostics, abuse prevention, reliability) — our legitimate interest in a safe, working product.
  • To send service and, where permitted, occasional product communicationslegitimate interest or consent, with an opt-out in every marketing message.
  • To meet legal obligations and defend legal claimslegal obligation and legitimate interest.

Where we rely on consent, you may withdraw it at any time; this does not affect processing carried out before withdrawal.

3. Subprocessors

We keep our vendor list lean and engage subprocessors only under data-processing terms. The categories of subprocessor we use are:

Hosting & analytics

Vercel Inc.

Hosts and serves this website and the application front-ends, with the supporting content-delivery network. Also provides cookieless web analytics for this site: aggregated, anonymised traffic measurement with no cross-site tracking, no advertising cookies, and no sale of data.

Database & storage

Supabase EU region

Hosted Postgres database, authentication, and file storage for account and customer content. Configured in an EU region for data residency; access is isolated per tenant.

Payments — merchant of record

Paddle.com

Processes purchases, subscriptions, billing, and applicable taxes as the merchant of record. Paddle handles payment data under its own privacy notice.

Analytics & monitoring

Not yet in use

We do not currently run third-party product analytics or error-monitoring. If we adopt such tools, we will add them here and update this notice before they are enabled.

A current subprocessor list is available on request at support@voltarasystems.net. Each subprocessor processes data only to provide its service to us and under contractual confidentiality and security obligations.

4. International data transfers & residency

Voltara is based in Cairo, Egypt, and our subprocessors operate internationally. Customer content stored in our database and file storage is configured in an EU region to support data residency. Where personal data is transferred across borders — for example to a hosting or payment provider in another country — we rely on appropriate safeguards such as Standard Contractual Clauses or an equivalent recognised mechanism, and on the transfer rules of Egypt’s PDPL. The governing law and jurisdiction for this policy are [[PENDING: governing-law jurisdiction]].

5. Data retention

  • Account & customer content — kept for the life of your account and deleted or returned within a reasonable period after your account closes, unless we must retain it to meet a legal obligation.
  • Demo & enquiry data — kept while we follow up and for a limited period thereafter, then deleted if no relationship forms.
  • Billing & tax records — retained by us and by Paddle as required by applicable accounting and tax law.
  • Technical & security logs — kept for a short rolling window for diagnostics and security.

Specific retention periods are set out in our Data Processing Agreement for customers and may be refined on counsel review ([[PENDING: confirmed retention schedule]]).

6. Security

We apply technical and organisational measures appropriate to the data we handle: encryption of data in transit (HTTPS/TLS), encryption at rest through our database and storage provider, per-tenant access isolation, access controls and least-privilege for our team, and reliance on reputable providers (Vercel, Supabase, Paddle) with their own security programmes. No method of transmission or storage is perfectly secure; we work to protect your data but cannot guarantee absolute security.

7. Your rights

Subject to applicable law — including EU/GDPR-style rights and the rights granted by Egypt’s PDPL — you may:

  • Access the personal data we hold about you;
  • Correct inaccurate or incomplete data;
  • Erase data (the “right to be forgotten”), where applicable;
  • Restrict or object to certain processing, including direct marketing;
  • Port data you provided, in a structured, machine-readable format;
  • Withdraw consent where processing relies on it;
  • Lodge a complaint with a competent supervisory authority — in Egypt, the data-protection authority established under the PDPL, or, where applicable, your local EU supervisory authority.

Where Voltara acts as a processor on a customer’s behalf (customer content under §1.2), we will direct requests to the relevant customer (the controller) and support them in responding. To exercise your rights, contact us using the details below; we may need to verify your identity before acting.

8. Cookies

This website currently uses only essential cookies and similar technologies needed for it to function and to keep it secure; we do not use advertising cookies. The application may set cookies strictly necessary to keep you signed in and to maintain your session. If we later introduce analytics or other non-essential cookies, we will update this section and, where required, ask for your consent first.

9. Children

Voltara is a business-to-business service and is not directed to children. We do not knowingly collect personal data from anyone under the age of majority in their jurisdiction.

10. Changes to this policy

We may update this Privacy Policy as the service and our obligations evolve. When we make material changes, we will revise the “Last updated” date and, where appropriate, notify you. Continued use of the service after an update constitutes acceptance of the revised policy.

11. Contact & data-protection enquiries

For privacy questions, to exercise a data-subject right, or to reach our data-protection contact:

  • Email: support@voltarasystems.net
  • Post: [[PENDING: registered legal entity name]], [[PENDING: registered address]], Cairo, Egypt
  • Data-protection contact / DPO: [[PENDING: DPO / data-protection contact details]]

See also our Terms of Service and Refund & Cancellation policy.