Privacy Policy
Effective date: June 24, 2026
Last updated: June 24, 2026
1. Who We Are
Humless ("we," "us," or "our") is a battery energy storage systems (BESS) company headquartered in Lindon, Utah. We design, manufacture, and distribute UL-certified lithium iron phosphate battery systems for residential, commercial, and off-grid applications. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at humless.com (the "Site") or engage with our services.
2. Information We Collect
2.1 Information You Provide Directly
- Contact & quote request forms: Name, email address, phone number, address, and details about your energy storage needs.
- Customer support inquiries: Information you provide when contacting us via email, phone, or our website contact form.
- Warranty registrations: Product details, purchase information, and installer data.
- Account creation: Email address and password (for authorized dealer or admin accounts only).
2.2 Information Collected Automatically
- Device & browser data: IP address, browser type and version, operating system, device type, screen resolution, and language preference.
- Usage data: Pages visited, time spent on pages, referring URLs, click patterns, and navigation paths.
- Cookies & similar technologies: Session identifiers, analytics data, and preference cookies. See our Cookie Policy for details.
- Log data: Server logs that record requests, timestamps, and response codes.
2.3 Information from Third Parties
- Analytics providers: Google Analytics provides aggregated and anonymized usage data.
- CRM platforms: We use customer relationship management tools to manage leads and customer interactions.
3. How We Use Your Information
We use the information we collect for the following purposes:
- Providing services: To respond to your inquiries, process quote requests, fulfill orders, and provide customer support.
- Communication: To send order confirmations, warranty information, product updates, and respond to your requests.
- Website improvement: To analyze usage patterns, diagnose technical issues, and improve our Site's functionality and content.
- Security: To detect, prevent, and address fraud, unauthorized access, and other harmful activities.
- Legal compliance: To comply with applicable laws, regulations, and legal processes.
- Business operations: To manage our business, including internal analysis, auditing, and record-keeping.
We do not sell your personal information. We do not use your personal information for automated decision-making or profiling that produces legal or similarly significant effects.
6. Data Retention
We retain your personal information only for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law. Specifically:
- Contact form submissions: Retained for up to 3 years after your last interaction.
- Quote & lead data: Retained for up to 3 years or as long as the customer relationship is active.
- Analytics data: Google Analytics data is retained for 14 months (Google's default).
- Account data: Retained until the account is deleted or deactivated.
- Warranty records: Retained for the duration of the warranty period plus applicable legal retention requirements.
7. Data Security
We implement industry-standard security measures to protect your personal information, including:
- TLS/SSL encryption for all data in transit (HTTPS enforced site-wide).
- HSTS (HTTP Strict Transport Security) with preloading.
- Content Security Policy (CSP) headers to prevent cross-site scripting.
- Encrypted password storage using bcrypt hashing.
- Access controls limiting data access to authorized personnel only.
- Regular security assessments and monitoring.
While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.
8. Your Privacy Rights
Depending on your location, you may have the following rights regarding your personal information:
- Right to know/access: Request what personal information we have collected about you.
- Right to delete: Request deletion of your personal information, subject to certain exceptions.
- Right to correct: Request correction of inaccurate personal information.
- Right to portability: Receive a copy of your data in a portable format.
- Right to opt out: Opt out of the sale or sharing of personal information (we do not sell your data).
- Right to non-discrimination: Exercise your rights without receiving discriminatory treatment.
- Right to limit use of sensitive data: Restrict our use of sensitive personal information (we do not collect sensitive personal information).
To exercise any of these rights, contact us at [email protected] or call 801-216-3965. We will verify your identity before processing your request and respond within the timeframes required by applicable law.
9. California Privacy Rights (CCPA/CPRA)
If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) provide you with specific rights regarding your personal information.
Categories of Personal Information Collected
| Category | Examples | Collected |
|---|---|---|
| A. Identifiers | Name, email, phone, IP address | Yes |
| B. Personal information (Cal. Civ. Code §1798.80(e)) | Name, address, phone number | Yes |
| C. Protected classifications | Age, race, gender | No |
| D. Commercial information | Products inquired about, quote history | Yes |
| E. Biometric information | Fingerprints, voiceprints | No |
| F. Internet/network activity | Browsing history, search history, interaction data | Yes |
| G. Geolocation data | Approximate location from IP | Yes |
| H. Sensory data | Audio, visual | No |
| I. Professional/employment info | Job title, company | Only if provided |
| J. Education information | — | No |
| K. Inferences | Profiles, preferences | No |
| L. Sensitive personal information | SSN, financial accounts, biometric, health | No |
Your CCPA/CPRA Rights
- Right to Know: You can request the categories and specific pieces of personal information we have collected about you, the sources, the business purpose, and the categories of third parties we share it with.
- Right to Delete: You can request deletion of personal information we collected from you, subject to exceptions.
- Right to Correct: You can request correction of inaccurate personal information.
- Right to Opt Out of Sale/Sharing: We do not sell or share (as defined by the CCPA/CPRA) your personal information. You may visit our Do Not Sell or Share My Personal Information page.
- Right to Limit Use of Sensitive Data: We do not collect sensitive personal information as defined by the CPRA.
- Right to Non-Discrimination: We will not discriminate against you for exercising your rights.
To submit a request, email [email protected] or call 801-216-3965. You may also designate an authorized agent to make a request on your behalf. We will respond within 45 days (extendable by an additional 45 days with notice).
Shine the Light (Cal. Civ. Code §1798.83): California residents may also request information about our disclosure of personal information to third parties for their direct marketing purposes. Since we do not share personal information for third-party marketing, no such disclosure occurs.
10. Other U.S. State Privacy Rights
Residents of the following states have additional privacy rights under their respective laws:
Virginia (VCDPA)
Virginia residents have the right to access, correct, delete, and obtain a copy of their personal data, and to opt out of the processing of personal data for targeted advertising, sale of personal data, or profiling. To exercise these rights or appeal a decision, contact us at [email protected]. We will respond within 45 days. You may appeal a refusal, and if the appeal is denied, you may contact the Virginia Attorney General.
Colorado (CPA)
Colorado residents have the right to access, correct, delete, and obtain a portable copy of their personal data, and to opt out of targeted advertising, the sale of personal data, or profiling. We will respond within 45 days (extendable by 45 days). You may appeal a refusal to the Colorado Attorney General.
Connecticut (CTDPA)
Connecticut residents have the right to access, correct, delete, and obtain a copy of their personal data, and to opt out of targeted advertising, the sale of personal data, or profiling. We will respond within 45 days (extendable by 45 days). You may appeal a refusal to the Connecticut Attorney General.
Utah (UCPA)
Utah residents have the right to access and delete their personal data, and to opt out of the sale of personal data or targeted advertising. We will respond within 45 days.
Texas (TDPSA)
Texas residents have the right to access, correct, delete, and obtain a portable copy of their personal data, and to opt out of targeted advertising, the sale of personal data, or profiling. We will respond within 45 days (extendable by 45 days). You may appeal a refusal to the Texas Attorney General.
Oregon (OCPA)
Oregon residents have the right to access, correct, delete, and obtain a copy of their personal data, and to opt out of targeted advertising, the sale of personal data, or profiling. We will respond within 45 days (extendable by 45 days). You may appeal a refusal to the Oregon Attorney General.
Montana (MCDPA), Iowa (ICDPA), Indiana (INCDPA), Tennessee (TIPA), Delaware (DPDPA), New Hampshire (NHPA), New Jersey (NJDPA), Nebraska (NDPA), Maryland (MODPA), Minnesota (MCDPA), Kentucky (KCDPA), Rhode Island (RIDPA)
Residents of these states have rights similar to those listed above, including the right to access, delete, correct, and opt out of sale or targeted advertising. Contact us at [email protected] to exercise your rights under your state's applicable law.
Universal Opt-Out Mechanisms: We honor Global Privacy Control (GPC) signals. If your browser sends a GPC signal, we will treat it as a valid opt-out request for the sale or sharing of personal information where required by applicable state law.
11. Do Not Track Signals
Some browsers offer a "Do Not Track" (DNT) feature. We honor Global Privacy Control (GPC) signals as required by applicable law. For other DNT signals, there is currently no industry standard for how websites should respond; however, our cookie consent banner allows you to control analytics and tracking preferences directly.
12. Children's Privacy
Our Site and services are not intended for children under the age of 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected personal information from a child under 16, we will take steps to delete such information promptly. If you believe a child has provided us with personal information, please contact us at [email protected].
13. International Users
Our Site is operated in the United States. If you access our Site from outside the United States, your information may be transferred to, stored in, and processed in the United States. By using our Site, you consent to the transfer of your information to the United States, which may have different data protection laws than your country of residence.
14. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where required by law, provide additional notice (such as a banner on our Site or an email notification). We encourage you to review this Privacy Policy periodically.
15. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact us:
