Privacy Policy
Last updated: 30 May 2026
1. Who we are
This Privacy Policy explains how [tCO2e legal entity name] (“tCO2e”, “we”, “us”) collects, uses, and protects personal data when you use the tCO2e platform and websites (the “Service”). For enterprise customers, tCO2e acts as a processor of the data you submit, and you act as the controller.
2. Information we collect
Account information: name, work email, organisation, and role for enterprise users.
Uploaded content: the documents you or your suppliers upload (such as utility bills and invoices) and the data extracted from them. These documents may contain personal data depending on what you choose to upload.
Usage and technical data: log data, device and browser information, and basic analytics needed to operate and secure the Service.
3. How we use information
We use information to provide and operate the Service: to authenticate users, process and classify uploaded documents, calculate emissions estimates, generate reports, send transactional and invitation emails, and to maintain the security and reliability of the Service.
We do not sell personal data. We do not use your uploaded content to train our own or third-party AI models.
4. AI and sub-processors
To deliver the Service we share data with the following categories of sub-processors, under contracts that restrict their use of the data to providing services to us:
Anthropic — AI processing of document contents to classify documents and extract data. Anthropic does not train its models on data submitted through its API.
Supabase — database, authentication, and encrypted file storage for your account data and uploaded documents.
Render — cloud hosting of the application backend.
Resend — sending transactional and supplier-invitation emails.
We will keep an up-to-date list of sub-processors available on request and provide notice of material changes.
5. Sharing and disclosure
We share personal data only with the sub-processors above, with members of your own organisation as part of the Service, where you direct us to, or where required by law or to protect rights and safety. We do not otherwise disclose your data to third parties.
6. Data retention
We retain account data and uploaded content for as long as needed to provide the Service and as required by law. Enterprise customers may request deletion of their data, subject to legal retention obligations. Supplier upload links are time-limited.
7. Security
We apply technical and organisational measures to protect personal data, including encryption in transit, row-level security to isolate each customer's data, access controls, and private storage for uploaded files. No method of transmission or storage is completely secure, but we work to protect your data and to respond promptly to incidents.
8. International transfers
Our providers may process data in countries other than your own. Where personal data is transferred internationally, we rely on appropriate safeguards (such as standard contractual clauses) as required by applicable law.
9. Your rights
Depending on your location, you may have rights to access, correct, delete, or port your personal data, and to object to or restrict certain processing. Because we process most data on behalf of enterprise customers, we will refer individual requests relating to that data to the relevant customer, or assist that customer in responding. To exercise rights or raise a concern, contact hello@tc02e.com.
10. Cookies
We use strictly necessary cookies and similar technologies to keep you signed in and to secure the Service. We do not use advertising cookies.
11. Children
The Service is intended for business use and is not directed to children. We do not knowingly collect personal data from children.
12. Changes to this policy
We may update this Privacy Policy from time to time. If we make material changes, we will provide reasonable notice. The “last updated” date above reflects the latest version.
13. Contact
For privacy questions or requests, contact us at hello@tc02e.com, or by post at [insert registered address].