Last updated: December 4, 2025
This policy outlines three things:
- the data we gather and why we need it
- how we handle that data
- the rights you have regarding your information. We never sell your data.
This policy covers the suite of products and services offered by Carbon GPT, including our carbon accounting platform, AI development and consultancy services.
When we say “you,” we are referring to website visitors, potential clients, and the authorized users of our platform.
Note: This policy covers how we handle your account data. However, when you use our tools to process raw environmental data for your own stakeholders (like your employees' commute info or supply chain utility bills), Carbon GPT acts as a “data processor.” We handle that data strictly according to your instructions as the “data controller,” based on our Service Agreement and Data Processing Addendum (DPA).
What we collect and why
We stick to a simple rule: we only gather data that serves a specific purpose. Here is how that looks in practice:
Identity and account access
When you register for Carbon GPT, we request basic details like your name, email address, and organization name. We need this to set up your account, personalize your experience, and send you important updates. Occasionally, we might send optional surveys to learn how we can improve our services.
Selling your personal info is off the table. We won’t sell your data to third parties, and we won’t use your company name in our marketing materials unless you give us the green light.
Billing details
If you subscribe to a paid plan, you’ll need to provide payment details and a billing address. We don't store your credit card details on our servers. They are sent securely and directly to our payment processor. We retain a record of the transaction (like the last 4 digits of the card) for invoicing, tax calculations, and audit history.
Product data and AI inputs
We store the information you upload or input into Carbon GPT. This includes utility records, emission factors, and spreadsheets. We hold this data so the product works as promised.
We treat your proprietary data (like private financial records or strategy documents) as confidential. We do not use your private data to train our public-facing AI models without your explicit consent.
Technical data and Geolocation
We also log the IP addresses associated with account access to maintain security and detect potential fraud. We keep this log history for as long as your account remains active.
We also use cookies (small text files stored on your device) to recognize you when you sign in, remember your preferences, and assist with our security measures. You can control cookies through your browser settings, though disabling them may break some features of the platform.
Website analytics
We track general browsing activity to understand how people use our site. This includes data like your browser type, operating system, and which pages you visited. This helps us optimize our design and conversion rates. If you are logged in, this activity is linked to your account to help us understand user journeys.
Correspondence
If you email us for support or consulting advice, we keep a record of that conversation. This allows us to look back at past context if you need help again in the future.
Our Legal Basis for processing (GDPR)
If you are an individual in the European Economic Area (EEA) or UK, we collect and process information about you only where we have a legal basis for doing so under applicable EU laws. The legal basis depends on the Services you use and how you use them. This means we collect and use your information only where:
- We need it to provide you the Services, including to operate the Services, provide customer support and personalized features and to protect the safety and security of the Services