Our Privacy and Security Notice

The ENERGY STAR website is provided as a public service by the Environmental Protection Agency and the Department of Energy. EPA and DOE are committed to protecting the privacy and security of all visitors to the website. ENERGY STAR does not collect personal information when you visit our website unless you choose to provide that information. This notice outlines specific detail on our privacy policy and the collection of information across our site.

We do not collect any personally identifiable information (PII) about you unless you choose to provide such information to us. To help us improve the site, we do collect statistics about its usage, as defined below. None of this includes personally identifiable information. We also collect search terms to learn what topics are of most interest to visitors who use our web search tool. These search terms are not associated with individual users.

The ENEGY STAR Program operates under the statutory authority of the Clean Air Act Section 103(g). US Code 7403. Specific information collected by the ENERGY STAR program is covered by the Paperwork Reduction Act (PRA) for ENERGY STAR, according to the following Control Numbers:

OMB Control Number: 2060-0528 (ENERGY STAR Partnership Agreements)
OMB Control Number: 2060-0347 (ENERGY STAR Commercial & Industrial Program)
OMB Control Number: 2060-0528 (ENERGY STAR Products Program)
OMB Control Number: 2060-0586 (ENERGY STAR Residential Program)

The ENERGY STAR website also follows EPA Privacy and Security policies.

Below is information on the following topics:

Information Collected and Stored Automatically

For site management, information is collected for statistical purposes. This government computer system uses software programs to create summary statistics, which are used for such purposes as assessing what information is of most and least interest, determining technical design specifications, and identifying system performance or problem areas.

The information we learn about you from your visit to our website depends upon what functions you perform when visiting our site. If you do nothing during your visit but browse through the website, read pages, or download information, we will gather and store certain information about your visit automatically. This information does not identify you personally. We automatically collect and store only the following information about your visit:

The Internet domain (for example, "youragency.gov" if you connect from a government domain, "yourschool.edu" if you connect from a university's domain, or "xcompany.com" if you use a private Internet access account) and IP address (an IP address is a number that is automatically assigned to your computer whenever you are surfing the web) from which you access our website;
The type of browser and operating system used to access our site;
The date and time you access our site;
The pages you visit; and
If you linked to our website from another website, the URL of the referring page (if provided by the browser).

We use this information to help us make our site more useful to visitors to learn about the number of visitors to our site and the types of technology our visitors use. We do not track or record information about individuals and their visits.

Where identifying information is asked of you (e.g., to respond to an information request, to send us a comment or question, or to utilize one of our systems designed to provide or store information for you), it is used only for the stated purpose of the tool or system. In all cases, such information is never sold to third parties. All information submitted by visitors is voluntary.

Personal Information

Users are NOT required to provide any information to search, retrieve, download, filter and otherwise use the data available on ENERGY STAR. If you choose to provide us with personal information—like filling out a form on ENERGY STAR to ask questions, request information, etc. with an email address—we use that information to respond to your message, and to help get you the information you requested. Providing your email address is optional, and your email address will not be published. Any email address provided in connection with your question or suggestion will not be publicly viewable on the website. ENERGY STAR never collects information or creates individual profiles for commercial marketing.

In contacting ENERGY STAR with your questions and comments, you should NOT include additional personal information, especially Social Security numbers.

For certain ENERGY STAR Partners and Portfolio Manager Property Managers who need privileged access in order to carry out ENERGY STAR functions in their roles as official representatives of federal, state, local or Tribal governments or certain non-governmental organizations, ENERGY STAR collects additional information such as name, organization, job title, and business address, business telephone number and business email address.

ENERGY STAR is not a Privacy Act System of Record. Submission of any information is voluntary, and the collection of email addresses for user accounts with administrative privileges is being done purely for the purpose of authentication.

We collect PII and other information only as necessary to administer our programs. The information you provide will be used only for that purpose. We do not sell or share the information collected at this site or any other information we collect. You do not have to give us personal information to visit our website.

E-Mail

When inquiries are e-mailed to us, we store the question and the e-mail address so we can respond electronically. We do not store or use this information for any other purpose. Unless required by law, we do not publicly identify those who send questions or comments to our website.

E-mail sent to ENERGY STAR may be seen by a number of people who are responsible for answering questions. If the information specialist who answers the mail does not know the answer to your question, your query may be forwarded to another employee who is more knowledgeable in that area. In addition, you should be aware that e-mail is not necessarily secure against interception. If your communication contains sensitive or personal information, you may want to send it by postal mail or contact us by telephone.

Your e-mail address may also be stored in one of several electronic mailing lists maintained by us or a contractor. All emails that we send have the option to un-subscribe if you no longer wish to receive communications.

Cookies

Cookies are small files that web servers place on your web browser. They allow a website to remember your browser when it is used to visit the site later by uniquely identifying a browser on a device-- never a person. If you visit a site using both Chrome and Microsoft Edge, two unique cookies will be assigned to identify the browser that visited the website in each instance, not the person. This ENERGY STAR website utilizes both “persistent” and “session” cookie technology.

"Session" cookies are used to distinguish one user from another as they navigate through a tool or application; the cookie disappears when a web user terminates a web session and closes the browser. They help us to improve your user experience in our tools by saving your selection preferences or not requiring you to log-in with each page as you travel through the tool and are not used to save personal information.

“Persistent” cookies that are saved to your browser across visits are used to enhance your experience while also protecting your privacy. They allow the website:

To remember you when your browser comes back to the site, so you aren’t re-shown notifications that you’ve already cleared.
To get aggregate metrics on site usage to understand how people are using the site and how we can make it better. We use web metrics services to track website activity and to help us make our pages more useful to visitors. Government agencies only ever receive traffic statistics anonymously and in the aggregate; and
(In more advanced cases) to track your movements through multiples websites associated with the ENERGY STAR program, but not the whole web.

Most internet browsers automatically accept both persistent and session cookies. Although using cookies creates a much better experience for you, this site will also work without them. If you don't want to accept cookies, you can edit your browser's options to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit. Here's how you can disable cookies and/or Google Demographic and Interests reports, if in use.

ENERGY STAR Portfolio Manager Privacy Statement

Portfolio Manager is used by the U.S. Environmental Protection Agency (EPA) and Natural Resources Canada (NRCan) as the industry standard for benchmarking commercial building energy efficiency.

The security of your information is very important to the EPA and NRCan. NRCan is responsible for the management of data associated with buildings located in Canada. EPA is responsible for the management of data associated with buildings located in the U.S. and in other countries (except Canada). The Portfolio Manager web application is designed with the following security features:

Secure, Password Protected Access – Upon registration, you establish your own account name and password and no information in your account can be accessed by other users of any other parties other than system administrators. The tool generates an automatic reminder to encourage users to change their passwords every 180 days.
Secure Communications – All information and messages communicated over the web are secured by Secure Socket Layer (SSL) encryption to protect data transmissions. No information is transferred openly over the web.

All information collected in Portfolio Manager (including, but not limited to, your name, contact information, building characteristics and energy use data), is only used for the stated purposes of the tool, such as calculating performance metrics, providing user-requested technical assistance, applying for ENERGY STAR certification, etc. Information collected may also be used for the purpose of identifying trends, evaluating the reach and impact of Portfolio Manager, to gauge general usage statistics for the betterment of the tool, or to connect users with program resources that improve the user experience, provide technical assistance, and increase access to recognition opportunities.

Your information is never sold to third parties and is never released to the public. The only exceptions are for buildings that have applied for and received ENERGY STAR recognition (for which the building name, address, and ENERGY STAR score are posted on our program website), and in situations where the release of information may be required by law (though in these situations no information will be released without the expressed written consent of the account holder which could be used to identify a specific building).

Except for authorized law enforcement investigations and the purposes stated above, no other attempts are made to identify individual users or their usage habits. Raw data logs are used for no other purposes and are scheduled for regular destruction in accordance with National Archives and Records Administration guidelines. For Canadian users, the retention and disposal of records created in Portfolio Manager is governed by the Canadian federal Library and Archives of Canada Act.

Your rights as an individual user of Portfolio Manager are governed by the Privacy Act of 1974; Title 5, Section 552a. Because Portfolio Manager information provided by Canadian users is under NRCan's control, this information is also subject to the Canadian federal Privacy Act and Access to Information Act. If you have any questions or comments about the information presented here, please send us your comments.

External Links or Links to External Sites

Our website has links to other federal agencies. We also link to other organizations' websites when we have a good business reason to do so. This does not constitute an endorsement of their policies or products. Once you link to another site, you are subject to the privacy policy of the new site.

Annual Auditing

As a government agency, our ENERGY STAR systems (which includes Portfolio Manager) undergo independent government audit of our security controls prior to receiving an authorization to operate (ATO). This audit generates a Security Assessment Report (SAR) and occurs annually. For security reasons, EPA does not make the SAR available publicly.

Security Notice

For site security purposes and to ensure that this service remains available to all users, this government website employs commercial software programs to monitor network traffic to identify unauthorized attempts to upload or change information, or otherwise cause damage.

Except for authorized law enforcement investigations, no other attempts are made to identify individual users or their usage habits. Raw data logs are used for no other purposes and are scheduled for regular destruction in accordance with National Archives and Records Administration guidelines.

Unauthorized attempts to upload information or change information on this service are strictly prohibited and may be punishable under the Computer Fraud and Abuse Act of 1986 and the National Information Infrastructure Protection Act.

Your rights as an individual user of this website are governed by the Privacy Act of 1974; Title 5, Section 552a.

Vulnerability Disclosure Policy

To improve our ability to identify security issues that could lead to the compromise of sensitive data or the disruption of services, the EPA has implemented a vulnerability disclosure program which encourages cyber security researchers to report any vulnerabilities they have discovered so that the EPA can take appropriate actions to mitigate or fix those vulnerabilities in a timely manner. The EPA’s Vulnerability Disclosure Policy describes “good faith” expectations between the EPA and the researcher, what types of testing are authorized for which systems, how to report vulnerabilities, and what communication to expect once vulnerabilities are reported. For more information, review the EPA's Vulnerability Disclosure Policy.