Privacy
Policy.

When you create an ESGMaster account, we collect your name, email address, company name, industry, country and employee count. When you use the platform, we collect emissions data, compliance task data and report content that you enter. We also collect standard usage data including IP addresses, browser type, pages visited and actions taken within the platform.

We use your information to provide and improve the ESGMaster platform, to generate AI-powered compliance analysis and reports using your emissions data, to send transactional emails such as account confirmations and deadline reminders, and to analyse usage patterns to improve our product. We do not sell your personal data to third parties.

ESGMaster uses Anthropic's Claude AI to analyse your emissions data and generate compliance reports. Your data is sent to Anthropic's API for processing. Anthropic's privacy policy governs their handling of this data. We do not use your data to train AI models without your explicit consent.

Your data is stored in Supabase (PostgreSQL) with EU data residency. We implement row-level security, encrypted connections and regular security audits. Access to your organisation's data is restricted to authenticated members of your organisation only.

ESGMaster stores all customer data in European Union data centres. We comply with the General Data Protection Regulation (GDPR). You have the right to access, correct, export or delete your personal data at any time by contacting us at privacy@esgmaster.io.

We retain your data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes. Anonymised, aggregated data may be retained for product improvement purposes.

ESGMaster uses the following third-party services: Clerk (authentication), Supabase (database), Anthropic (AI processing), Vercel (hosting) and Resend (email). Each service has its own privacy policy governing their data handling practices.

We use strictly necessary cookies for authentication and session management. We do not use advertising or tracking cookies. You cannot opt out of strictly necessary cookies as they are required for the platform to function.

Under GDPR, you have the right to access your personal data, correct inaccurate data, request deletion of your data, export your data in a portable format, object to processing of your data, and lodge a complaint with your national data protection authority. To exercise these rights, contact us at privacy@esgmaster.io.

If you have questions about this privacy policy or our data practices, contact us at privacy@esgmaster.io. We will respond within 5 business days.