Privacy Policy

At Decarbonizer, we are committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website www.decarbonizer.ai or use our ESG reporting services.

Last updated: April 9, 2025

The data controller responsible for your personal data is:

If you have any questions or concerns about our Privacy Policy or our data practices, please contact us at the email address above.

We may collect the following types of personal data when you use our website and services:

2.1 Information You Provide to Us

• Account Information: When you create an account, we collect your name, email address, company name, job title, and password.
• Company Data: Information about your company that you provide for ESG reporting purposes, including company size, industry, financial data, and sustainability metrics.
• Contact Information: When you contact us through our website, email, or phone, we collect your name, email address, phone number, and any other information you provide in your communication.
• Payment Information: When you subscribe to our services, we collect payment details necessary to process your transaction. Note that we do not store complete payment card details on our servers.

2.2 Information We Collect Automatically

• Usage Data: Information about how you interact with our website and services, including pages visited, features used, and time spent on the platform.
• Device Information: Information about the device you use to access our services, including device type, operating system, browser type, and IP address.
• Cookies and Similar Technologies: We use cookies and similar tracking technologies to collect information about your browsing activities. For more information, please see our Cookies section below.

We use your personal data for the following purposes:

• Providing Our Services: To create and manage your account, provide our ESG reporting services, process payments, and fulfill our contractual obligations to you.
• Improving Our Services: To analyze usage patterns, diagnose technical problems, enhance the functionality of our platform, and improve user experience.
• Communication: To respond to your inquiries, provide customer support, send service updates, and deliver marketing communications (if you have opted in).
• Research and Development: To develop new features, services, and products, and to conduct data analysis to improve our offerings.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.
• Security and Fraud Prevention: To detect, prevent, and address fraud, security breaches, and other harmful activity.

We process your personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. Our legal bases for processing include:

• Contractual Necessity: Processing is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into a contract.
• Legitimate Interests: Processing is necessary for our legitimate interests or those of a third party, provided those interests are not overridden by your rights and freedoms.
• Legal Obligation: Processing is necessary for compliance with a legal obligation to which we are subject.
• Consent: You have given consent to the processing of your personal data for one or more specific purposes.

We retain your personal data for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider:

• The amount, nature, and sensitivity of the personal data
• The potential risk of harm from unauthorized use or disclosure of your personal data
• The purposes for which we process your personal data
• Whether we can achieve those purposes through other means
• The applicable legal, regulatory, tax, accounting, or other requirements

When you delete your account, we will delete or anonymize your personal data, unless we need to retain certain information for legitimate business or legal purposes.

We may share your personal data with the following categories of recipients:

• Service Providers: Third-party vendors and service providers who perform services on our behalf, such as cloud hosting, data analysis, payment processing, and customer service.
• Business Partners: With your consent, we may share your information with business partners who offer complementary services that may be of interest to you.
• Legal Requirements: We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).
• Business Transfers: In connection with a merger, acquisition, reorganization, or sale of all or a portion of our assets, your information may be transferred as part of the transaction.
• With Your Consent: We may share your information with third parties when you have given us your consent to do so.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

Your personal data may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different from the laws of your country.

Specifically, our servers are located in the European Union, and our third-party service providers and partners operate around the world. This means that when we collect your personal data, we may process it in any of these countries.

However, we have taken appropriate safeguards to ensure that your personal data will remain protected in accordance with this Privacy Policy. These include implementing the European Commission's Standard Contractual Clauses for transfers of personal data between our group companies and third-party service providers, which require all parties to protect personal data to the same standard as required under the GDPR.

Under the GDPR and other applicable data protection laws, you have certain rights regarding your personal data:

• Right to Access: You have the right to request a copy of the personal data we hold about you.
• Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.
• Right to Erasure: You have the right to request that we delete your personal data in certain circumstances.
• Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data in certain circumstances.
• Right to Data Portability: You have the right to request that we transfer your personal data to another service provider in a structured, commonly used, and machine-readable format.
• Right to Object: You have the right to object to our processing of your personal data in certain circumstances, including for direct marketing purposes.
• Right to Withdraw Consent: If we rely on your consent to process your personal data, you have the right to withdraw that consent at any time.

To exercise any of these rights, please contact us at hello@decarbonizer.ai. We will respond to your request within 30 days. Please note that we may ask you to verify your identity before responding to such requests.

You also have the right to lodge a complaint with a data protection authority if you believe that we have not complied with the requirements of the GDPR or other applicable data protection laws.

We use cookies and similar tracking technologies to collect and use personal data about you, including to serve interest-based advertising. Cookies are small text files that are stored on your device when you visit a website.

We use the following types of cookies:

• Essential Cookies: These cookies are necessary for the website to function properly and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in, or filling in forms.
• Performance Cookies: These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site.
• Functional Cookies: These cookies enable the website to provide enhanced functionality and personalization. They may be set by us or by third-party providers whose services we have added to our pages.
• Targeting Cookies: These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant advertisements on other sites.

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.

We have implemented appropriate technical and organizational measures to protect your personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage. These measures include:

• Encryption of sensitive data
• Regular security assessments and penetration testing
• Access controls and authentication procedures
• Regular backups and data recovery procedures
• Staff training on data protection and security

While we take all reasonable steps to protect your personal data, no method of transmission over the Internet or electronic storage is 100% secure. Therefore, we cannot guarantee the absolute security of your data.

Our services are not intended for children under the age of 16, and we do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16 without verification of parental consent, we will take steps to delete that information.

We may update this Privacy Policy from time to time in response to changing legal, technical, or business developments. When we update our Privacy Policy, we will take appropriate measures to inform you, consistent with the significance of the changes we make.

We will obtain your consent to any material Privacy Policy changes if and where this is required by applicable data protection laws. You can see when this Privacy Policy was last updated by checking the "Last updated" date displayed at the top of this Privacy Policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: