Privacy Policy

AARUBI Ltd is the data controller for personal data processed through this website.

Website: energy.aarubi.co.uk

Email: support@aarubiai.com

Account data — when you register: full name, email address, company name, phone number (optional), and password (stored as a secure hash).

Energy bill files — PDF and image files you upload for analysis. These are processed by our AI and the extracted data is stored against your account.

Extracted bill data — supplier name, contract dates, meter readings, billing amounts, VAT details, and other fields extracted from your bills.

Usage data — pages visited, features used, error logs. Collected only with your consent to analytics cookies.

Communications — if you contact us by email, we retain that correspondence.

Providing the service — analysing your energy bills, storing your bill history, and displaying results. Lawful basis: contract performance.

Account communications — welcome emails, password reset, security alerts. Lawful basis: contract performance and legitimate interests.

Energy switching (with consent only) — if you click “Yes, contact me” on a bill result, we share your contact details and bill analysis with our energy advisors to help you find better rates. Lawful basis: explicit consent. You can withdraw this consent at any time by contacting us.

Service improvement — aggregated, anonymised analytics to improve the product. Lawful basis: legitimate interests.

We share data only where necessary to provide the service:

• Anthropic (Claude AI) — bill files are sent to Anthropic's API for analysis. Anthropic does not use API data to train its models. See Anthropic's privacy policy.
• Resend — transactional email delivery. Receives email addresses and email content only.
• Supabase — secure cloud database and file storage, hosted in the EU.
• AArubiAI energy advisors — only with your explicit consent via the bill results page.

We never sell your personal data to third parties.

You have the following rights regarding your personal data:

• Right of access — request a copy of all data we hold about you.
• Right to rectification — correct inaccurate data.
• Right to erasure — request deletion of your account and all associated data.
• Right to withdraw consent — withdraw energy review consent at any time without affecting previous processing.
• Right to data portability — receive your data in a machine-readable format.
• Right to object — object to processing based on legitimate interests.

To exercise any of these rights, email support@aarubiai.com. We will respond within 30 days.

You can also delete your account directly from your account settings, which will remove all your data within 30 days.

• Account data — retained while your account is active.
• Bill files and analysis data — retained for up to 2 years to support trend analysis.
• Deleted accounts — all data permanently deleted within 30 days of a deletion request.
• Backup systems — securely overwritten within 90 days of deletion.

• All data transmitted over HTTPS with TLS encryption.
• Passwords hashed using bcrypt — we never store plain-text passwords.
• Authentication via signed JWT tokens with short expiry periods.
• Database access restricted via Row Level Security and service-role keys.
• Hosted on Supabase infrastructure in the EU.

We use cookies for authentication and, with your consent, for analytics. See our full Cookie Policy for details.

For any privacy questions or to exercise your rights: support@aarubiai.com

If you are unhappy with how we have handled your data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO): ico.org.uk