Privacy Policy

Noissime Ltd ("Noissime", "we", "us", or "our") is committed to protecting your privacy and handling your personal data responsibly. This Privacy Policy explains how we collect, use, store, and share information when you use our website, platform, and services (collectively, the "Services").

Noissime Ltd is a company registered in England and Wales. We act as the data controller for the personal data we process. If you have any questions about this policy, please contact us at privacy@noissime.com.

1. Information We Collect

1.1 Information you provide to us

We collect information that you voluntarily provide when using our Services, including:

• Account information: your name, email address, job title, company name, phone number, and password when you create an account or request a demo.
• Organisation data: company details, location information, industry classification, and employee count that you enter during onboarding.
• Emissions data: activity data, emission factors, fuel consumption records, utility bills, invoices, and other documents you upload or enter into the platform for the purpose of calculating and tracking carbon emissions.
• Supplier information: names, email addresses, and contact details of your suppliers that you provide for supplier outreach campaigns.
• Communications: messages, feedback, and other content you send to us via email, forms, or in-platform channels.
• Payment information: billing address and payment method details. Payment card data is processed by our payment processor (Stripe) and is not stored on our servers.

1.2 Information we collect automatically

When you access our Services, we automatically collect certain technical information, including:

• Device and browser information: IP address, browser type and version, operating system, device type, and screen resolution.
• Usage data: pages visited, features used, session duration, click patterns, and navigation paths.
• Cookies and similar technologies: we use cookies, local storage, and similar tracking technologies as described in Section 7 below.
• Log data: server logs that record requests made to our systems, including timestamps, referring URLs, and response codes.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Providing our Services: to create and manage your account, calculate emissions, generate reports, and deliver the core functionality of the Noissime platform.
• Improving our Services: to understand how our platform is used, identify areas for improvement, develop new features, and optimise performance.
• Communication: to send you service-related notifications, respond to your enquiries, and provide customer support.
• Marketing: to send you product updates, newsletters, and promotional materials where you have opted in or where we have a legitimate interest. You can opt out of marketing communications at any time.
• Security and fraud prevention: to monitor for suspicious activity, prevent unauthorised access, and protect the integrity of our systems and your data.
• Legal compliance: to comply with applicable laws, regulations, and legal processes.
• Analytics and research: to produce aggregated, anonymised insights about emissions trends and benchmarks. Individual customer data is never disclosed in aggregate reporting.

3. Legal Basis for Processing

Under the UK General Data Protection Regulation (UK GDPR), we process your personal data on the following legal bases:

• Contract performance: processing necessary to perform our contract with you, including providing the Services you have subscribed to.
• Legitimate interests: processing necessary for our legitimate business interests, such as improving our Services, fraud prevention, and direct marketing to existing customers, provided these interests are not overridden by your rights and freedoms.
• Consent: where you have given clear consent for us to process your personal data for a specific purpose, such as marketing communications.
• Legal obligation: processing necessary to comply with legal or regulatory requirements.

4. Data Sharing

We do not sell your personal data. We may share your information with the following categories of recipients:

• Service providers: trusted third-party vendors who process data on our behalf, including cloud infrastructure providers (e.g., Supabase, Vercel), payment processors (Stripe), email delivery services, and analytics tools. These providers are contractually obligated to protect your data and may only process it for the purposes we specify.
• Your organisation: if you use Noissime through an organisational account, your administrator may have access to your activity and account information within the platform.
• Suppliers: when you use our supplier outreach features, limited information about your organisation may be shared with your suppliers as part of data collection campaigns. This is initiated and controlled by you.
• Legal and regulatory authorities: where required by law, regulation, legal process, or governmental request.
• Business transfers: in connection with a merger, acquisition, or sale of all or a portion of our business, your data may be transferred to the acquiring entity.

5. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Specifically:

• Account data: retained for the duration of your account and for 12 months after account closure, unless a longer retention period is required by law.
• Emissions and activity data: retained for the duration of your subscription. Upon cancellation, you have a 30-day export period, after which data is permanently deleted within 90 days.
• Marketing data: retained until you withdraw consent or opt out.
• Log and analytics data: retained for up to 24 months and then automatically deleted or anonymised.
• Financial records: retained for 7 years as required by UK tax and accounting regulations.

6. Your Rights

Under the UK GDPR, you have the following rights regarding your personal data:

• Right of access: you may request a copy of the personal data we hold about you.
• Right to rectification: you may request that we correct inaccurate or incomplete personal data.
• Right to erasure: you may request that we delete your personal data, subject to certain legal exceptions.
• Right to restrict processing: you may request that we limit the processing of your personal data in certain circumstances.
• Right to data portability: you may request a copy of your personal data in a structured, commonly used, and machine-readable format.
• Right to object: you may object to the processing of your personal data where we rely on legitimate interests as the legal basis.
• Right to withdraw consent: where processing is based on consent, you may withdraw that consent at any time.
• Right to lodge a complaint: you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe your rights have been infringed.

To exercise any of these rights, please contact us at privacy@noissime.com. We will respond to your request within one month, as required by law.

7. Cookies

We use cookies and similar tracking technologies to enhance your experience, analyse usage patterns, and deliver relevant content. The types of cookies we use include:

• Strictly necessary cookies: required for the operation of our website and platform, such as session management and authentication. These cannot be disabled.
• Performance and analytics cookies: help us understand how visitors interact with our website by collecting anonymous statistical data. We use these to improve site performance and user experience.
• Functional cookies: remember your preferences and settings, such as language and display options.
• Marketing cookies: used to deliver relevant advertisements and track the effectiveness of marketing campaigns. These are only set with your consent.

You can manage your cookie preferences through your browser settings or through our cookie consent banner when you first visit our website. Disabling certain cookies may affect the functionality of our Services.

8. Security Measures

We take the security of your data seriously and implement appropriate technical and organisational measures to protect it, including:

• Encryption of data in transit (TLS 1.2+) and at rest (AES-256).
• Role-based access controls and the principle of least privilege for all internal systems.
• Regular security assessments, penetration testing, and vulnerability scanning.
• Secure development practices including code review and automated security testing.
• Multi-factor authentication for administrative access.
• Incident response procedures and breach notification protocols.
• Employee security training and background checks for personnel with data access.

While we implement industry-standard security measures, no system is completely secure. We cannot guarantee the absolute security of your data, but we are committed to promptly addressing any security incidents.

9. International Data Transfers

Your data is primarily stored and processed within the United Kingdom and the European Economic Area (EEA). Where we transfer data outside the UK or EEA, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses approved by the UK Information Commissioner's Office, or transfers to countries that have been granted an adequacy decision.

10. Children's Privacy

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If you believe that we have inadvertently collected data from a child, please contact us and we will take steps to delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations. When we make material changes, we will notify you by email or through a prominent notice on our website. We encourage you to review this policy periodically.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: privacy@noissime.com
• Post: Noissime Ltd, London, United Kingdom
• Data Protection Officer: dpo@noissime.com