Our Privacy and Security Notice

The ENERGY STAR website is provided as a public service by the Environmental Protection Agency and the Department of Energy. EPA and DOE are committed to protecting the privacy and security of all visitors to the website. ENERGY STAR does not collect personal information when you visit our website unless you choose to provide that information. This notice outlines specific detail on our privacy policy and the collection of information across our site.  

We do not collect any personally identifiable information (PII) about you unless you choose to provide such information to us. To help us improve the site, we do collect statistics about its usage, as defined below. None of this includes personally identifiable information. We also collect search terms to learn what topics are of most interest to visitors who use our web search tool. These search terms are not associated with individual users.

The ENEGY STAR Program operates under the statutory authority of the Clean Air Act Section 103(g). US Code 7403.  Specific information collected by the ENERGY STAR program is covered by the Paperwork Reduction Act (PRA) for ENERGY STAR, according to the following Control Numbers:

  • OMB Control Number: 2060-0528 (ENERGY STAR Partnership Agreements)
  • OMB Control Number: 2060-0347 (ENERGY STAR Commercial & Industrial Program)
  • OMB Control Number: 2060-0528 (ENERGY STAR Products Program)
  • OMB Control Number: 2060-0586 (ENERGY STAR Residential Program)

Below is information on the following topics: 

Information Collected and Stored Automatically

For site management, information is collected for statistical purposes. This government computer system uses software programs to create summary statistics, which are used for such purposes as assessing what information is of most and least interest, determining technical design specifications, and identifying system performance or problem areas.

The information we learn about you from your visit to our website depends upon what functions you perform when visiting our site.  If you do nothing during your visit but browse through the website, read pages, or download information, we will gather and store certain information about your visit automatically. This information does not identify you personally. We automatically collect and store only the following information about your visit:

  • The Internet domain (for example, "youragency.gov" if you connect from a government domain, "yourschool.edu" if you connect from a university's domain, or "xcompany.com" if you use a private Internet access account) and IP address (an IP address is a number that is automatically assigned to your computer whenever you are surfing the web) from which you access our website;
  • The type of browser and operating system used to access our site;
  • The date and time you access our site;
  • The pages you visit; and
  • If you linked to our website from another website, the address of that website.

We use this information to help us make our site more useful to visitors to learn about the number of visitors to our site and the types of technology our visitors use. We do not track or record information about individuals and their visits.

Where identifying information is asked of you (e.g., to respond to an information request, to send us a comment or question, or to utilize one of our systems designed to provide or store information for you), it is used only for the stated purpose of the tool or system. In all cases, such information is never sold to third parties. All information submitted by visitors is voluntary.

Personal Information

Users are NOT required to provide any information to search, retrieve, download, filter and otherwise use the data available on ENERGY STAR.  If you choose to provide us with personal information—like filling out a form on ENERGY STAR to ask questions, request information, etc. with an email address—we use that information to respond to your message, and to help get you the information you requested. Providing your email address is optional, and your email address will not be published. Any email address provided in connection with your question or suggestion will not be publicly viewable on the website. ENERGY STAR never collects information or creates individual profiles for commercial marketing.

In contacting ENERGY STAR with your questions and comments, you should NOT include additional personal information, especially Social Security numbers.

For certain ENERGY STAR Partners and Portfolio Manager Property Managers who need privileged access in order to carry out ENERGY STAR functions in their roles as official representatives of federal, state, local or tribal governments or certain non-governmental organizations, ENERGY STAR collects additional information such as name, organization, job title, and business address, business telephone number and business email address.

ENERGY STAR is not a Privacy Act System of Record. Submission of any information is voluntary, and the collection of email addresses for user accounts with administrative privileges is being done purely for the purpose of authentication.

We collect PII and other information only as necessary to administer our programs.  The information you provide will be used only for that purpose.  We do not sell or share the information collected at this site or any other information we collect.  You do not have to give us personal information to visit our website.


When inquiries are e-mailed to us, we store the question and the e-mail address so we can respond electronically. We do not store or use this information for any other purpose. Unless required by law, we do not publicly identify those who send questions or comments to our website.

E-mail sent to ENERGY STAR may be seen by a number of people who are responsible for answering questions. If the information specialist who answers the mail does not know the answer to your question, your query may be forwarded to another employee who is more knowledgeable in that area. In addition, you should be aware that e-mail is not necessarily secure against interception. If your communication contains sensitive or personal information, you may want to send it by postal mail or contact us by telephone.

Your e-mail address may also be stored in one of several electronic mailing lists maintained by us or a contractor.  All emails that we send have the option to un-subscribe if you no longer wish to receive communications. 

Session Cookies

This ENERGY STAR website currently utilizes "session" cookie technology for several user tools. "Session" cookies are used to distinguish one user from another as they navigate through a tool or application; the cookie disappears when a web user terminates a web session and closes the browser. They are not used to save personal information.

ENERGY STAR Portfolio Manager Privacy Statement

Portfolio Manager is used by the U.S. Environmental Protection Agency (EPA) States and Natural Resources Canada (NRCan) as the industry standard for benchmarking commercial building energy efficiency.

The security of your account information is very important to the EPA and NRCan. NRCan is responsible for the management of buildings located in Canada. EPA is responsible for the management of buildings located in the U.S. and in other countries (except Canada). This web application is designed with the following security features:

  • Secure, Password Protected Access – Upon registration, you establish your own account name and password. No information within your registered account will be examined without your expressed written or verbal permission. The tool generates an automatic reminder to encourage users to change their passwords  every 180 days.
  • Secure Communications – All building data and messages communicated over the web are secured by Secure Socket Layer (SSL) encryption to protect data transmissions. No information is transferred openly over the web.

Where identifying information is collected in Portfolio Manager (such as your name, contact information, building and energy meter data,etc), it is only used for the stated purpose of the tool, such as participating in the ENERGY STAR National Building Competition, applying for ENERGY STAR Certification, etc. Your information is never released to the public, is never sold to third parties, and we do not track or record information about individuals and their visits. The only exception are buildings that have applied for and received ENERGY STAR certification which are posted in our National Building Registry showing their name and address.

Information collected may be used for the purpose of identifying industry trends, evaluating the reach and impact of Portfolio Manager, or to gauge general usage statistics for the betterment of the site as a whole.

Except for authorized law enforcement investigations, no other attempts are made to identify individual users or their usage habits. Raw data logs are used for no other purposes and are scheduled for regular destruction in accordance with National Archives and Records Administration guidelines. For Canadian users, the retention and disposal of records created in Portfolio Manager is governed by the Canadian federal Library and Archives of Canada Act.

Your rights as an individual user of Portfolio Manager are governed by the Privacy Act of 1974; Title 5, Section 552a. Because Portfolio Manager information provided by Canadian users is under NRCan's control, this information is also subject to the Canadian federal Privacy Act and Access to Information Act. If you have any questions or comments about the information presented here, please send us your comments.

External Links or Links to External Sites

Our website has links to other federal agencies. We also link to other organizations' websites when we have a good business reason to do so. This does not constitute an endorsement of their policies or products. Once you link to another site, you are subject to the privacy policy of the new site.

Annual Auditing 

As a government agency, our ENERGY STAR systems (which includes Portfolio Manager) undergo independent government audit of our security controls prior to receiving an authorization to operate (ATO). This audit generates a Security Assessment Report (SAR) and occurs annually. For security reasons, EPA does not make the SAR available publicly.

Security Notice

For site security purposes and to ensure that this service remains available to all users, this government website employs commercial software programs to monitor network traffic to identify unauthorized attempts to upload or change information, or otherwise cause damage.

Except for authorized law enforcement investigations, no other attempts are made to identify individual users or their usage habits. Raw data logs are used for no other purposes and are scheduled for regular destruction in accordance with National Archives and Records Administration guidelines.

Unauthorized attempts to upload information or change information on this service are strictly prohibited and may be punishable under the Computer Fraud and Abuse Act of 1986 and the National Information Infrastructure Protection Act.

Your rights as an individual user of this website are governed by the Privacy Act of 1974; Title 5, Section 552a.

Vulnerability Disclosure Policy

To improve our ability to identify security issues that could lead to the compromise of sensitive data or the disruption of services, the EPA has implemented a vulnerability disclosure program which encourages cyber security researchers to report any vulnerabilities they have discovered so that the EPA can take appropriate actions to mitigate or fix those vulnerabilities in a timely manner. The EPA’s Vulnerability Disclosure Policy describes “good faith” expectations between the EPA and the researcher, what types of testing are authorized for which systems, how to report vulnerabilities, and what communication to expect once vulnerabilities are reported. For more information, review the EPA's Vulnerability Disclosure Policy.