Your Data Is Safe With Us

At Energiebee, security is not an afterthought, it is built into every layer of how we design, develop, and operate our products. From the moment your Energiebee Device connects to your home network to the instant energy data appears in your App, we apply rigorous measures to ensure your information remains private, protected, and under your control.

We are committed to complying with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and recognised industry security standards. We continuously review and improve our security practices as technology and threats evolve.

All data transmitted between your Energiebee Device, the App, and our servers is protected using Transport Layer Security (TLS 1.2 or higher) — the same encryption standard used by banks and financial institutions. This ensures that your energy data cannot be intercepted or read by unauthorised parties while in transit.

Data stored on our servers — including your account information, energy usage records, and device settings — is encrypted at rest using industry-standard AES-256 encryption. This means that even in the unlikely event of unauthorised access to our storage systems, your data would be unreadable without the correct decryption keys.

Your account password is never stored in plain text. We use a one-way cryptographic hashing algorithm (bcrypt) so that your password cannot be recovered or read by anyone, including Energiebee staff.

Your Energiebee Device communicates with our platform over an encrypted channel. Each Device is assigned a unique, cryptographically secure identifier at the point of manufacture, ensuring that only your authorised Device can communicate with your account.

We apply the following measures at the device level:

Secure boot — The Device firmware is verified at startup to ensure it has not been tampered with or replaced with unauthorised software.

Firmware signing — All software updates are digitally signed by Energiebee before being delivered to your Device. Your Device will only accept updates that carry a valid Energiebee signature, protecting against malicious software.

Automatic security updates — When security patches are available, they are delivered automatically to your Device to keep it protected without requiring action from you.

Isolated communication— Your Device only communicates with Energiebee’s verified cloud infrastructure. It does not make outbound connections to unknown or unverified servers.

The Energiebee mobile application is designed with security at its core:

Authentication — Access to your account requires your email address and a strong password. We enforce minimum password complexity requirements to reduce the risk of weak credentials.

Session management — App sessions are time-limited and will require re-authentication after a period of inactivity, reducing the risk of unauthorised access if your device is lost or left unattended.

Two-factor authentication (2FA) — We offer optional two-factor authentication for your Energiebee account, adding an additional layer of protection beyond your password. We strongly recommend enabling this feature.

Biometric login — On supported devices, you can use fingerprint or face recognition to access the App securely and conveniently.

Certificate pinning — The App verifies the identity of our servers before transmitting any data, protecting against man-in-the-middle attacks even on untrusted networks.

Your data is hosted on secure, enterprise-grade cloud infrastructure. Our hosting environment is provided by a reputable, ISO 27001-certified cloud provider operating data centres within the United Kingdom and European Economic Area (EEA).

Key infrastructure security measures include:

Access controls — Only authorised Energiebee personnel with a legitimate business need can access production systems. Access is granted on a strictly need-to-know basis and is logged and audited.

Multi-factor authentication — All internal system access by Energiebee staff requires multi-factor authentication. Shared or generic credentials are not permitted.

Network segmentation — Our systems are divided into isolated network zones so that a compromise of one area cannot easily spread to others.

Firewall and intrusion detection — We deploy web application firewalls (WAF), network firewalls, and intrusion detection systems (IDS) to monitor and block malicious traffic.

DDoS protection — Our infrastructure is protected against distributed denial-of-service attacks to maintain availability of the App and Website.

We do not rely on security measures alone — we actively test and monitor our systems to identify and address vulnerabilities before they can be exploited:

Penetration testing — We engage independent security professionals to conduct penetration testing of our platform, App, and infrastructure on a regular basis.

Vulnerability scanning — Automated scanning tools continuously check our systems for known vulnerabilities, misconfiguration, and outdated software components.

Security monitoring — Our systems are monitored around the clock for anomalous activity, unauthorised access attempts, and potential threats. Alerts are investigated promptly by our security team.

Dependency management — We regularly review and update the third-party software libraries used in our App and platform to ensure known security vulnerabilities are patched quickly.

We recognise that people are a critical part of any security strategy. All Energiebee employees and contractors who handle personal data are required to:

• Complete data protection and security awareness training upon joining and on a regular basis thereafter;
• Adhere to our internal data handling, access control, and acceptable use policies;
• Report any suspected security incidents immediately to our security team;
• Sign confidentiality agreements as part of their employment or engagement terms.

Access to personal data is restricted to those who genuinely need it to carry out their role. We regularly review access permissions and revoke them promptly when they are no longer required.

Despite our best efforts, no system can be guaranteed to be completely immune to security incidents. In the event of a data breach that poses a risk to your rights and freedoms, we are committed to acting swiftly and transparently:

• We will notify the Information Commissioner’s Office (ICO) within 72 hours of becoming aware of a qualifying breach, in accordance with UK GDPR;
• We will notify you directly without undue delay if the breach is likely to result in a high risk to your personal rights and freedoms;
• Our notification to you will clearly describe the nature of the breach, the data involved, the likely consequences, and the steps we are taking to address it;
• We will take immediate remedial action to contain the breach, recover compromised data where possible, and prevent recurrence.

If you suspect that your Energiebee account has been compromised, please contact us immediately at security@energiebee.com.

Security is a shared responsibility. There are steps you can take to help protect your Energiebee account and data:

• Use a strong, unique password for your Energiebee account — avoid reusing passwords from other services;
• Enable two-factor authentication (2FA) in the App settings for an extra layer of protection;
• Keep the Energiebee App updated to ensure you always have the latest security improvements;
• Do not share your login credentials with anyone, including people you trust;
• Log out of the App when using a shared or public device;
• Contact us immediately at security@energiebee.com if you notice any suspicious activity on your account or receive unexpected communications claiming to be from Energiebee.

Where we share data with trusted third-party service providers (such as cloud hosting, payment processing, or analytics providers), we ensure they meet our security standards through:

• Contractual obligations requiring them to implement appropriate technical and organisational security measures;
• Data processing agreements (DPAs) compliant with UK GDPR;
• Due diligence assessments before onboarding new suppliers;
• Ongoing monitoring of supplier security practices.

We only share the minimum amount of data necessary for third parties to perform their services on our behalf.

Energiebee is committed to meeting recognised data security and privacy standards. Our security programme is aligned with:

UK GDPR & Data Protection Act 2018 — We process personal data lawfully, transparently, and securely in accordance with UK data protection law.

Cyber Essentials — We work towards alignment with the UK government-backed Cyber Essentials framework, which covers the fundamental security controls needed to protect against the most common cyber threats.

OWASP Top 10 — Our development practices are guided by the Open Web Application Security Project (OWASP) Top 10, addressing the most critical web application security risks.

This Data Security page was last reviewed and updated on 15 May 2026. Energiebee Limited is a company registered in England and Wales.