Privacy Policy

We collect information you provide directly when creating an account, including your name, email address, company name, and billing details. For API users, we also collect integration metadata such as API key usage patterns and request volumes.

We automatically collect technical data including IP addresses, browser type, device information, and usage analytics. When you interact with our carbon credit marketplace, we record transaction details necessary for audit compliance and certificate issuance.

Your information is used to provide and improve our carbon credit marketplace services, process transactions, issue retirement certificates, and generate ESG compliance reports. We use aggregated analytics to optimise platform performance and develop new features.

We may use your contact information to send service updates, security notifications, and, with your consent, marketing communications about new products or features relevant to your sustainability goals.

We do not sell your personal data. We share information only with verified carbon credit registries (Verra, Gold Standard, ACR, CAR) as required for credit retirement and certificate verification. Payment processing is handled by PCI DSS-compliant providers.

We may disclose information when required by law, to enforce our terms of service, or to protect the rights and safety of our users and the public. In the event of a corporate transaction, your data may be transferred as part of that transaction.

All data in transit is encrypted using TLS 1.3. Data at rest is encrypted using AES-256. We implement row-level security policies in our databases to ensure strict tenant isolation in our multi-tenant architecture.

We conduct regular security audits, penetration testing, and vulnerability assessments. Our infrastructure is hosted in SOC 2-compliant data centres with geographic redundancy across multiple regions.

Under the General Data Protection Regulation, you have the right to access, correct, delete, or port your personal data. You may also object to or restrict certain processing activities. To exercise these rights, contact our Data Protection Officer at privacy@atmosverde.io.

We will respond to all legitimate requests within 30 days. For EU residents, our lawful bases for processing include contractual necessity, legitimate interests, and consent where applicable. You have the right to lodge a complaint with your local supervisory authority.

We use essential cookies to maintain your session and preferences. Analytics cookies help us understand how you use the platform so we can improve the experience. You can manage cookie preferences through your browser settings or our cookie consent banner.

We do not use third-party advertising trackers. Our analytics are processed in aggregate and cannot be used to identify individual users without additional information stored separately.

For questions about this privacy policy or our data practices, contact our Data Protection Officer at privacy@atmosverde.io or write to Atmosverde S.R.L., registered in Italy.