// Under the hood
How Joulo is built
What we store where, how sessions and payouts stay auditable, and which bodies can ask for proof • without the slogans.
A short explainer of how Joulo works under the hood: where your data sits, how we support ERE claims with evidence, and who can scrutinise us.
In short
Joulo rests on two separate layers:
- Front an edge network (Cloudflare) that serves the site, the dashboard and traffic to your charging station close to you, close to where charging happens.
- Back a PostgreSQL database in a European data centre for accounts, charging sessions and payouts.
Every session, every registration and every payout is traceable not because we enjoy hoarding data, but because the NEa, an external auditor and you may ask for proof.
Want to see what is live on the platform (deploys, code volume, counters)? Open /status. The fuller four-layer picture lives on /platform.
Where your data lives
| What | Where | Who can access it |
|---|---|---|
| Account, e-mail, settings | Database in a European data centre | You, with your login. We only for support after you ask. |
| Charging sessions (date, kWh, station) | Same | Same. |
| IBAN for payouts | Encrypted vault, separate from the database | Only the payout routine can use this with the right key not stored as plain text next to your profile. |
| Tokens for your linked account with a charge brand | Same | Same. |
| Photos of your MID meter | Private storage | Only you, via temporary links (valid 1 hour). |
| Raw OCPP messages from your station | Append-only archive | Audit evidence; not something we can rewrite after the fact. |
We do not keep data we do not need for registration, payout or support. IBANs and tokens do not sit as plaintext alongside the rest of your profile.
How we support ERE credit claims
ERE credits represent value. Value must be explainable. That is why we record every relevant session in two places:
- Working layer the database, with a history of changes. This is where we calculate; this is where you see sessions in the dashboard (per station, with a source label).
- Archive an append-only layer. No retroactive edits by anyone.
When the NEa or an auditor asks for substantiation, we put both side by side. No proof, no registration no correct registration, no payout that is how an inboekdienstverlener (registration service provider) must operate.
In the dashboard each session shows how the reading arrived:
- 🟢 Server-verified measured through our own OCPP link with your charging station.
- 🟡 Imported delivered via a connected API (Tesla, Easee, Wallbox, Zaptec, V2C, 50five, Plugchoice, …).
- ⚪ Manual entered by you; lower confidence for downstream validation.
MID: under the Dutch Regeling energie vervoer, required evidence differs per charging-point category. For typical grid-supplied charging at a metered delivery point, a legally controlled meter applies (in practice: MID certification where relevant). The product enforces that boundary: no meter, no pretending you qualify see also /what are EREs? and the /knowledge base.
OCPP: three things that matter to you
Stations that talk to us directly over OCPP 1.6J attach to our own Central System (CSMS) on the same edge network as the rest of Joulo. Three guarantees:
- One process per station each charge point gets its own long-lived process at the edge. No shared connection or memory with other customers. Between messages the process sleeps it wakes when a frame arrives.
- Nothing lost during DB work inbound messages go to a local queue (outbox) first, then to Supabase. If the database is briefly unavailable, the queue backs up and drains when it returns. Messages carry idempotency keys duplicates are not booked twice.
- Every frame is written out besides tables we store each inbound and outbound OCPP frame as a separate file in an append-only archive (including ~13 months hot, then cold storage).
From StartTransaction through MeterValues to StopTransaction you can reconstruct the flow per session two independent trails (database + frame archive).
Who sees what
The database enforces row-level access. Your sessions and related data do not appear for another user, even if the front end misbehaves policy lives in Postgres (RLS), not only in the browser.
Administrators use a separate role model; relevant actions are written to an audit table.
Security at the edge
- Firewall and edge rules filter malicious traffic.
- Bot policy: scrapers and abuse are blocked; major search crawlers and a small set of AI crawlers can be allow-listed.
- Partners and API users: OAuth 2 with scopes and per-token rate limits.
- Passwords are hashed; you can also sign in with a magic link.
- No passwords, tokens or IBANs in application logs.
Who audits us
- NEa Joulo B.V. has been on the official list of inboekdienstverleners since 2 February 2026. The REV account for technical submission is a separate step after recognition as a service provider.
- Capptions compliance software partner; audit trail under ERE claims.
- External auditor first batch and annually thereafter.
- You in the dashboard you see sessions and payouts down to kWh level.
Cancel, export, close account
- Cancel in the dashboard. Annual contract: cancel yearly (Wet van Dam, Dutch consumer law). No cancellation fee.
- Export sessions and payouts as CSV or JSON.
- Close account self-service as long as no ERE registrations have been filed with the NEa on your behalf that trigger a retention duty. If they have, we close the account and minimise personal data to what the law and audit trail require; registration history remains available for supervision.
More about the company and team: /about.
Check charger compatibility (Dutch visitors use /check-laadstation).
Short summary
| Component | What |
|---|---|
| Marketing + dashboard | SSR with React Router 7; logged-in area as SPA |
| Front | Cloudflare edge; own CSMS process per station for OCPP |
| Back | PostgreSQL in the EU, RLS per row, plus append-only audit archive |
| Mobile app | iOS and Android, same backend |
| Protocols | OCPP 1.6J under our own control |
| Cloud links | Tesla, Easee, Wallbox, Zaptec, V2C, 50five, Plugchoice (live) and Enphase |
| Releases | CI/CD via GitHub no manual production deploys |
| Observability | External uptime, structured logs, /status |
Read more
- /platform four-layer platform and live stats
- /what are EREs? what EREs are and how they work
- /knowledge base FAQ and background articles
- /status live counters and transparency
Questions? E-mail info@joulo.nl or call us.
Joulo B.V. Brummen, NL KvK 42023359
Want to go deeper into the stack?
For partners and developers we have more in-depth documentation of the platform, the OAuth stack, the OCPP CSMS and the white-label options.