Privacy Policy

Last updated: November 2025

This Privacy Policy explains how CarbonCert (“we”, “us”, “our”) collects and uses personal data. CarbonCert is operated by Brighter Planet Ltd, a company registered in England and Wales (Company No. 13209938).

Website: https://www.carboncert.com
Data Controller: Brighter Planet Ltd
Address: 272 Kensington High Street, London, W8 6ND
Email: [email protected]

1. Data We Collect

1.1 Information you provide

  • Account details (name, email, password).
  • Business details (company name, address, sector).
  • Subscription selections and service settings.
  • Support enquiries or messages.

1.2 Payment information

We use Stripe to process payments. We do not store or have access to full card details. Stripe processes payment data in accordance with their own privacy policy.

1.3 Automatically collected data

  • IP address and device information.
  • Log data (pages visited, access times, browser type).
  • Authentication and session events used to secure accounts.

2. How We Use Your Data

  • To create and manage user accounts.
  • To deliver CarbonCert services, reporting and subscriptions.
  • To process payments via Stripe.
  • To send service emails (account notices, billing, operational updates).
  • To maintain security, prevent fraud and ensure system integrity.
  • To comply with legal obligations.

3. Legal Basis for Processing

We process personal data under the following UK GDPR bases:

  • Contract: providing our services and maintaining accounts.
  • Legitimate interests: cybersecurity, fraud prevention, service improvement.
  • Legal obligation: financial record-keeping and compliance.
  • Consent: where explicitly required (e.g., marketing emails).

4. Sharing Your Data

We share personal data only when necessary:

  • Stripe: payment processing.
  • Service providers: hosting, analytics, email delivery.
  • Legal/regulatory bodies: where required by law.

We do not sell personal data.

5. International Transfers

Service providers may store data outside the UK. Where this occurs, we ensure appropriate safeguards are in place, such as UK GDPR-approved transfer mechanisms.

6. Data Retention

We keep data only as long as required for:

  • operating accounts and subscriptions;
  • legal, tax and accounting obligations;
  • security and fraud prevention.

You may request deletion at any time (subject to legal retention requirements).

7. Account Security

We use encryption, access controls and monitoring to protect personal data. Users are responsible for maintaining the confidentiality of their login credentials.

8. Your Rights

Under UK GDPR you may request:

  • access to your data;
  • correction of inaccuracies;
  • deletion of your data;
  • restriction of processing;
  • data portability;
  • to withdraw consent (where applicable).

Requests can be sent to the contact email provided above.

9. Marketing

We only send marketing emails when you have opted in. You can opt out at any time via the link in the email or by contacting us.

10. Children

Our services are not intended for individuals under 18. We do not knowingly collect data from minors.

11. Third-Party Links

Our website may link to third-party websites. We are not responsible for their privacy practices.

12. Changes to This Policy

We may update this policy when necessary. Updated versions will appear on this page with a revised date.

Back to Homepage