Privacy Policy

1. Information We Collect

Account Data

When you create an account, we collect your name, email address, password (stored in hashed form), organization name, and billing information. If you sign in through a third-party provider, we may receive your name and email from that provider.

Usage Data

We automatically collect information about how you interact with the Service, including pages visited, features used, timestamps, IP addresses, browser type, device information, and referring URLs.

Uploaded Documents & ESG Data

You may upload invoices, utility bills, receipts, sustainability reports, and other documents to the Service for AI-powered data extraction and ESG reporting. This data may include financial information, energy consumption metrics, emissions data, and other business operational data.

2. How We Use Information

We use the information we collect for the following purposes:

• Service Delivery: To provide, maintain, and improve the Service, including document processing, emissions calculations, and report generation
• AI Processing: To extract and classify data from your uploaded documents using our AI-powered engine. Document content is sent to our AI processing partner (OpenAI) for extraction and is not retained by them beyond the processing session
• Analytics: To understand how users interact with the Service, identify trends, and improve user experience
• Communications: To send you transactional emails (password resets, billing receipts), service updates, and, with your consent, marketing communications
• Security & Fraud Prevention: To detect, prevent, and address technical issues, security threats, and fraudulent activity
• Legal Compliance: To comply with applicable laws, regulations, and legal processes

3. Data Storage & Security

We implement industry-standard security measures to protect your data:

• All data is encrypted in transit (TLS 1.2+) and at rest (AES-256)
• Multi-tenant data isolation ensures that your organization's data is logically separated from other customers' data
• Passwords are hashed using bcrypt with a high work factor
• Role-based access control limits data access within your organization
• Complete audit trails record all data access and modifications
• Regular security assessments and vulnerability testing

While we strive to use commercially acceptable means to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

4. Third-Party Services

We use the following third-party services to operate the platform:

• Stripe: For payment processing. Stripe processes your payment information directly and is PCI-DSS compliant. We do not store your full credit card details on our servers
• OpenAI: For AI-powered document extraction and data classification. Document content is processed via OpenAI's API and is not used to train their models
• Resend: For transactional email delivery (password resets, billing notifications, report delivery)
• QuickBooks (Intuit): For optional accounting data integration. Connection is authorized via OAuth and can be revoked at any time from your account settings

Each third-party service operates under its own privacy policy. We encourage you to review their policies. We only share the minimum data necessary for each service to function.

5. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. Specifically:

• Account data: Retained while your account is active and for up to 30 days after deletion request
• Uploaded documents: Retained while your account is active. Deleted within 30 days of account termination
• Audit logs: Retained for a minimum of 7 years to support regulatory compliance requirements
• Usage data: Retained in anonymized form for analytics purposes
• Billing records: Retained as required by tax and financial regulations

6. Your Rights

Depending on your location, you may have the following rights regarding your personal data under applicable data protection laws, including the GDPR and CCPA:

• Right of Access: You can request a copy of the personal data we hold about you
• Right to Rectification: You can request that we correct inaccurate or incomplete personal data
• Right to Erasure: You can request that we delete your personal data, subject to legal retention requirements
• Right to Data Portability: You can request your data in a structured, commonly used, machine-readable format
• Right to Data Export: You can export your ESG data, reports, and uploaded documents at any time through the Service dashboard
• Right to Restrict Processing: You can request that we limit how we process your data
• Right to Object: You can object to our processing of your personal data in certain circumstances

To exercise any of these rights, please contact us at greenledger@arisolutionsinc.com. We will respond to your request within 30 days.

7. Cookies

We use cookies and similar tracking technologies to operate and improve the Service:

• Essential Cookies: Required for authentication, session management, and security. These cannot be disabled
• Analytics Cookies: Help us understand how users interact with the Service. These can be disabled through your browser settings

We do not use advertising cookies or sell your data to advertisers. You can control cookie preferences through your browser settings.

8. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected personal data from a child under 16, we will take steps to delete that information promptly. If you believe a child under 16 has provided us with personal data, please contact us at greenledger@arisolutionsinc.com.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date at the top.

For significant changes, we will provide additional notice via email or through a prominent notice within the Service at least 30 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated Privacy Policy.

10. Contact Information

If you have any questions about this Privacy Policy or our data practices, please contact us:

• Email: greenledger@arisolutionsinc.com
• Website: greenledger.app/contact
• Company: ARI Solutions Inc.
• Data Protection Officer: dpo@arisolutionsinc.com