Privacy Policy

Data we collect

Authentication signals (email, password hash, session cookies), behavioral telemetry (pages visited, tools invoked, time spent), content (documents you upload, queries you submit, results we generate). For carbon-verification clients, we also collect operational telemetry from registered IoT sensors and remote-sensing feeds you grant us access to.

How we use it

To provide the service you signed up for. To improve our verification pipelines (carbon attestation, AI-documentation proof packs, financial verification). To meet our regulatory obligations (KYC/AML for financial counterparties, jurisdictional record-keeping). Never to sell data; never to enrich third-party advertising profiles.

Where it lives

Primary storage: GKE-hosted MongoDB, PostgreSQL, MinIO in us-central1-a. Client data flagged as sovereignty-first is stored in client-designated jurisdictions per contract.

Your rights

• Access — request a copy of any personal data we hold about you.
• Deletion — request deletion subject to retention obligations (carbon attestations have statutory retention; we'll be specific about what we can and cannot delete).
• Correction — request correction of inaccurate records.
• Portability — receive your data in machine-readable form.
• Objection — object to processing on legitimate-interest grounds.

Contact

Privacy enquiries: [email protected]. Data protection officer route is the same address with subject prefix [DPO].