Privacy Policy

Personal Information: When you use our ESG reporting platform, we may collect:

• Name and email address when you create an account or join our waitlist
• Company information and job title
• ESG reports and documents you upload for analysis
• Communication preferences and contact information

Technical Information: We automatically collect certain technical data:

• IP address, browser type, and device information
• Usage patterns and platform interaction data
• Cookies and similar tracking technologies for site functionality
• Error logs and performance data to improve our service

We use your information to:

• Provide our services: Analyze your ESG reports and provide sustainability insights
• Account management: Create and maintain your user account and preferences
• Communication: Send you analysis results, platform updates, and important notices
• Improvement: Enhance our AI models and platform functionality
• Support: Respond to your questions and provide customer assistance
• Legal compliance: Meet regulatory requirements and protect our legal rights

We implement industry-standard security measures to protect your data:

• Encryption: All data is encrypted in transit and at rest using AES-256 encryption
• Access controls: Strict authentication and authorization protocols
• Data centers: Secure cloud infrastructure with Digital Ocean and Google Cloud
• Regular audits: Ongoing security assessments and vulnerability testing
• Staff training: Our team is trained on data protection best practices

We do not sell your personal information. We may share limited data with:

• Service providers: Cloud hosting, email delivery, and analytics services
• Legal requirements: When required by law or to protect our rights
• Business transfers: In case of merger, acquisition, or sale of assets

Third-party services we use:

• Digital Ocean Spaces (file storage)
• Resend (email delivery)
• Vercel (hosting and analytics)
• Google Cloud Platform (AI processing)

You have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete information
• Erasure: Request deletion of your personal data
• Portability: Receive your data in a structured, machine-readable format
• Objection: Object to processing of your personal data
• Withdrawal: Withdraw consent where processing is based on consent

To exercise these rights, please contact us at [email protected]

We use cookies and similar technologies to enhance your experience and understand how our platform is used.

Google Analytics: We use Google Analytics 4 with enhanced privacy settings and consent mode v2 compliance. Data is anonymized and used solely for improving our platform.

We retain your data only as long as necessary:

• Account data: Until you delete your account or request deletion
• ESG reports: Stored securely for the duration of your subscription
• Usage data: Aggregated and anonymized data may be retained for service improvement
• Legal requirements: Some data may be retained longer to comply with applicable laws

EcoOops is based in Germany. Your data may be transferred to and processed in countries outside the European Economic Area (EEA). We ensure adequate protection through:

• Standard Contractual Clauses (SCCs) with service providers
• Adequacy decisions by the European Commission
• Other legally recognized transfer mechanisms

We may update this privacy policy from time to time. We will notify you of any material changes by:

• Posting the updated policy on our website
• Sending you an email notification
• Displaying a notice on our platform

Your continued use of our services after the changes take effect constitutes acceptance of the updated policy.