Legal

Data Protection

Effective date: 1 June 2026 · Aligned with DPDP Act 2023

1. Our Commitment

Green Credit AI is committed to handling all personal and organizational data with the highest standards of care, transparency, and security. We comply with the Digital Personal Data Protection (DPDP) Act 2023 of India and applicable international data protection standards.

2. Data We Process

—

Personal Data: Names, email addresses, organization affiliations, and account credentials.

—

Sustainability Data: ESG reports, carbon footprint records, supplier documents, and environmental metrics you upload.

—

Usage Data: Platform interaction logs, feature usage patterns, and AI query history.

—

Technical Data: IP addresses, device identifiers, and browser information for security purposes.

3. Legal Basis for Processing

We process data on the basis of: (a) your consent at registration, (b) contractual necessity to deliver platform services, (c) legitimate interests in improving our sustainability AI systems, and (d) legal obligations.

4. Security Measures

Technical and organizational measures we implement:

—AES-256 encryption for data at rest
—TLS 1.3 for all data in transit
—Role-based access control (RBAC) on all platform systems
—Regular security audits and penetration testing
—Incident response and breach notification procedures

5. Data Retention

We retain personal data for as long as your account is active plus 2 years, or as required by law. Sustainability data you upload is retained for the duration of your subscription. You may request deletion at any time.

6. Cross-Border Transfers

Your data is primarily processed and stored in India. If data is transferred internationally (e.g., to AI processing infrastructure), such transfers comply with applicable data protection frameworks and adequacy standards.

7. Contact Our Data Team

For data protection requests, inquiries, or to exercise your rights under the DPDP Act: hello@greencredit.live · Green Credit AI, Bengaluru, Karnataka, India.