Last updated: 21 May 2026 · Version 1.0
This Privacy Policy explains how Heat Pump Tariffs ('we', 'us', or 'our') collects, uses, stores, and protects your personal data when you use our energy comparison website at https://heatpumptariffs.uk (the 'Site').
We are the data controller responsible for your personal data. You can contact us about any privacy matter using the details in Section 12.
ICO Registration: We are in the process of registering with the Information Commissioner's Office (ICO). Our registration number will be added here upon completion.
When you register on our Site, we collect: your full name, your email address, your password (stored in hashed form — never in plain text), and your Distribution Network Operator (DNO) region, selected by you to identify applicable energy tariffs in your area.
To provide our energy comparison service, we collect and store half-hourly (30-minute interval) smart meter readings that you upload manually, and half-hourly smart meter readings fetched automatically via your Bright app account (if you choose to connect it). We only hold meter reading data from 1 January 2025 onwards.
If you choose to connect your Bright app account, you will be asked to enter your Bright username and password. These credentials are transmitted securely over HTTPS and are stored temporarily solely for the purpose of authenticating with the Bright service. They are deleted as soon as an access token has been obtained. We do not use your Bright credentials for any other purpose.
Important: Because we temporarily store your Bright credentials, we apply strong encryption to protect them at rest. We strongly recommend using a unique password for your Bright account that you do not use elsewhere.
We may process your email address to send: password reset emails; notifications if your Bright app connection fails (only if you have opted in); and energy comparison results to your email address (only when you request this).
When you click a referral link to a supplier's website, that link contains an identifier associated with our Site. Please review the relevant supplier's own privacy policy for details of how they process your data once you visit their site.
We also record the click event ourselves to understand which suppliers and pages are most useful to our visitors. For each click we store: the supplier and tariff identifier (if known), the page on our Site you clicked from, the destination URL, and a timestamp. If you are logged in, your account identifier is also recorded; if you are not logged in (for example, you clicked a link from a public blog post), the click is recorded anonymously with no user identifier. We do not record your IP address, browser fingerprint, or any other identifying information against the click event.
We may automatically collect certain technical data when you visit our Site, including your IP address, browser type and version, and pages visited. We do not use any analytics or tracking services. No data is shared with third-party analytics providers.
When you create a new account, we enrol you in a short series of automated setup emails designed to help you get the most out of the service. These emails guide you through the steps needed to compare tariffs: verifying your account, selecting your electricity region, choosing your current tariff, connecting your smart meter data (via Bright, CSV upload, or sample data), and running your first comparison.
To send these emails at the right time and avoid sending you steps you have already completed, we track your progress through the setup process. Specifically, we record: which setup steps you have completed; when you visit our smart meter setup guide; when you click through from our Site to the Bright app (on Google Play or the Apple App Store) or to the Glowmarkt website, so we can time a follow-up reminder appropriately; and the times of day you are typically active on the Site, so we can send emails at a convenient hour rather than in the middle of the night.
We also keep an internal log of the automated emails we send to you (the type of email, the subject line, the time sent, and whether delivery succeeded) so that our support team can help you if you have a query about an email you received. For most email types we also retain the full HTML content of the email for 30 days to assist with support enquiries (for example, “what did the comparison report you sent me on the 5th say?”). After 30 days the email body is automatically deleted from the log, while the metadata above is retained. We never store the body of verification emails or password-reset emails (these contain one-time security tokens).
These setup emails are sent for a limited period (normally up to six weeks after registration) and stop automatically once you have connected your smart meter via Bright, or sooner if you unsubscribe. You can opt out of setup emails at any time using the unsubscribe link included in every setup email. Opting out of setup emails does not affect transactional emails (such as password resets and account verification) or the comparison reports you have specifically chosen to receive — those are managed separately in your profile settings.
The lawful basis for this processing is our legitimate interest in helping you successfully set up and use a service you have chosen to register for. You may object at any time by unsubscribing.
Under the UK General Data Protection Regulation (UK GDPR), we rely on the following lawful bases:
We do not sell your personal data. We may share your data only in the following circumstances:
As a UK resident, you have the following rights:
To exercise any of these rights, contact us at support@heatpumptariffs.uk. We will respond within one calendar month. You also have the right to lodge a complaint with the ICO.
We use only essential cookies that are strictly necessary for the Site to function. These include a session cookie that keeps you logged in during your visit. We do not use advertising, tracking, or analytics cookies, and no cookie consent banner is required.
You can control cookies through your browser settings. Disabling essential cookies will prevent you from logging in to the Site.
Our services relate to energy supply contracts. We do not knowingly collect personal data from children. If you believe a minor has provided us with personal data, please contact us and we will delete it promptly.
Our Site contains referral links to energy supplier websites. Once you leave our Site via such a link, this Privacy Policy no longer applies. We encourage you to read the privacy policies of any third-party sites before providing personal data.
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and update the 'Last updated' date at the top of this document.
Email: support@heatpumptariffs.uk
ICO: ico.org.uk · 0303 123 1113