Privacy Policy

1. Introduction

Welcome to FairlyGreen ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our carbon emissions management and sustainability platform (the "Service").

By using FairlyGreen, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Service.

2.1 Information You Provide

We collect information that you provide directly to us when you:

• Create an account: Name, email address, password, role, and organization details
• Use our platform: Emissions data, facility information, supplier data, product information, and sustainability metrics
• Complete your profile: Contact information, department, and organizational role
• Subscribe to our newsletter: Email address
• Contact us: Name, email address, subject, and message content
• Make payments: Billing information processed securely through Stripe (we do not store full payment card details)

2.2 Automatically Collected Information

When you use our Service, we automatically collect certain information, including:

• Usage data: Pages visited, features used, time spent, and interaction patterns
• Device information: Browser type, device type, operating system, and IP address
• Log data: Access times, error logs, and system performance metrics
• Cookies and tracking: Authentication cookies, session data, and preferences (see Section 7 for details)

2.3 Third-Party Information

We may receive information about you from third-party services:

• Authentication providers: When you sign in using third-party authentication services
• Payment processors: Transaction information from Stripe for billing purposes
• Integration partners: Data from connected systems (PLM, ERP) when you use our API integrations

We use the information we collect to:

• Provide and maintain our Service: Process your emissions data, generate reports, and enable platform functionality
• Authenticate and authorize access: Verify your identity and manage user permissions
• Process payments: Handle subscription billing and manage your account
• Communicate with you: Send service-related notifications, respond to inquiries, and provide customer support
• Send marketing communications: Share newsletters, product updates, and promotional content (with your consent)
• Improve our Service: Analyze usage patterns, identify issues, and enhance user experience
• Ensure compliance: Meet regulatory requirements, enforce our terms, and prevent fraud
• Generate reports: Create compliance reports for CSRD, PEF, DPP, and other regulatory frameworks
• Support integrations: Enable API connections with your existing systems

We do not sell your personal information. We may share your information only in the following circumstances:

4.1 Service Providers

We work with trusted third-party service providers who assist us in operating our platform:

• Supabase: Database hosting, authentication, and data storage
• Stripe: Payment processing and subscription management
• Resend: Email delivery and transactional communications
• Sanity: Content management for our blog and marketing content
• Hosting providers: Cloud infrastructure and content delivery

These providers are contractually obligated to protect your information and use it only for the purposes we specify.

4.2 Organizational Sharing

Within your organization, data may be shared with:

• Authorized team members based on their roles and permissions
• Organization administrators who manage user access and settings
• Suppliers you invite to collaborate on emissions data (only the data you explicitly share)

4.3 Legal Requirements

We may disclose your information if required by law, court order, or governmental authority, or to protect our rights, property, or safety, or that of our users or others.

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections.

5. Data Security

We implement industry-standard security measures to protect your information:

• Encryption: Data in transit is encrypted using TLS/SSL, and sensitive data at rest is encrypted
• Authentication: Secure password hashing and multi-factor authentication support
• Access controls: Role-based permissions and least-privilege access principles
• Regular audits: Security assessments and vulnerability scanning
• Secure infrastructure: Hosting on compliant cloud platforms with robust security measures
• Data backups: Regular backups with secure storage and recovery procedures

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

6. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you
• Correction: Update or correct inaccurate or incomplete information
• Deletion: Request deletion of your personal information (subject to legal and contractual obligations)
• Portability: Receive your data in a structured, machine-readable format
• Objection: Object to processing of your information for certain purposes
• Restriction: Request restriction of processing in certain circumstances
• Withdraw consent: Withdraw consent for data processing where consent is the legal basis
• Opt-out: Unsubscribe from marketing communications at any time

To exercise these rights, please contact us at contact@fairlygreen.io. We will respond to your request within 30 days.

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

• Authentication: Maintain your login session and remember your preferences
• Security: Protect against unauthorized access and detect suspicious activity
• Functionality: Remember your settings and preferences
• Analytics: Understand how you use our Service to improve functionality

You can control cookies through your browser settings. However, disabling certain cookies may limit your ability to use some features of our Service.

For more detailed information about our use of cookies, please see our Cookie Policy.

8. Data Retention

We retain your personal information for as long as necessary to:

• Provide our Service to you
• Comply with legal obligations (e.g., tax, accounting, regulatory requirements)
• Resolve disputes and enforce our agreements
• Maintain historical records for compliance reporting (emissions data may be retained for regulatory compliance periods)

When you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it for legal or regulatory purposes.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country.

When we transfer data internationally, we ensure appropriate safeguards are in place, including:

• Standard contractual clauses approved by relevant data protection authorities
• Compliance with applicable data protection frameworks (e.g., GDPR, CCPA)
• Verification that our service providers maintain adequate data protection standards

10. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately, and we will take steps to delete such information.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

• Posting the updated policy on this page with a new "Last updated" date
• Sending an email notification to registered users for significant changes
• Displaying a notice on our platform

Your continued use of our Service after such changes constitutes acceptance of the updated Privacy Policy.

13. Additional Information

13.1 California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to delete personal information, and the right to opt-out of the sale of personal information (we do not sell personal information).

13.2 European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR). We process your personal data based on legitimate interests, contractual necessity, consent, or legal obligations. You have the right to lodge a complaint with your local data protection authority.

13.3 Data Processing Agreement

Organizations using our Service may request a Data Processing Agreement (DPA) to govern the processing of personal data. Please contact us at contact@fairlygreen.io to request a DPA.