Privacy Policy

Personal Information: When you use our ESG assessment service, we may collect your name, email address, company information, industry details, and business location.

Usage Data: We automatically collect information about how you interact with our service, including conversation logs, assessment responses, and system usage patterns.

Technical Data: We collect IP addresses, browser information, device identifiers, and other technical data for security and service improvement purposes.

Cookies and Tracking: Our website uses essential cookies for functionality and analytics cookies to understand user behavior and improve our service.

Service Delivery: To provide ESG compliance assessments, generate personalized reports, and deliver analysis results.

AI Processing: Your business information is processed by our AI systems to identify applicable ESG regulations and compliance requirements.

Communication: To send you assessment results, follow-up information, and service-related communications.

Improvement: To analyze usage patterns, improve our AI models, and enhance the accuracy of our ESG assessments.

Legal Compliance: To comply with applicable laws, regulations, and legal processes.

Third-Party Services: We use trusted service providers including OpenAI for AI processing, AWS for hosting, and email service providers for communications.

Legal Requirements: We may disclose information when required by law, court order, or to protect our rights and safety.

Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

Consent: We will only share your information with third parties when you have provided explicit consent.

No Sale of Data: We do not sell, rent, or trade your personal information to third parties for marketing purposes.

Encryption: All data transmission is encrypted using industry-standard SSL/TLS protocols.

Access Controls: We implement strict access controls and authentication mechanisms to protect your data.

Data Centers: Our infrastructure is hosted in secure, certified data centers with comprehensive physical and digital security measures.

Regular Audits: We conduct regular security assessments and vulnerability testing to maintain data protection standards.

Incident Response: We have established procedures for detecting, responding to, and reporting security incidents.

Assessment Data: Conversation logs and assessment responses are retained for 90 days to improve service quality.

Account Information: Personal information is retained for as long as your account is active or as needed to provide services.

Legal Requirements: Some data may be retained longer to comply with legal obligations or resolve disputes.

Deletion Requests: You may request deletion of your personal information, subject to legal and operational requirements.

Access: You have the right to access the personal information we hold about you.

Correction: You may request correction of inaccurate or incomplete personal information.

Deletion: You may request deletion of your personal information, subject to certain exceptions.

Portability: You may request a copy of your data in a commonly used format.

Opt-Out: You may opt out of non-essential communications and certain data processing activities.

Complaints: You have the right to file a complaint with relevant data protection authorities.

Global Operations: Our services may involve data processing in multiple countries, including the United States and European Union.

Adequate Protection: We ensure appropriate safeguards are in place for international data transfers.

Standard Contractual Clauses: We use standard contractual clauses and other approved mechanisms for cross-border data transfers.

Data Localization: Where required by law, we comply with data localization requirements.

Essential Cookies: Required for basic website functionality and security features.

Analytics Cookies: Used to understand user behavior and improve our service quality.

Preference Cookies: Store your settings and preferences for a better user experience.

Cookie Control: You can manage cookie preferences through your browser settings.

Third-Party Cookies: Some cookies are set by third-party services we use for analytics and functionality.

Questions: If you have questions about this privacy policy or our data practices, please contact us.

Email: privacy@whatsmyesg.com

Response Time: We will respond to privacy inquiries within 30 days.

Data Protection Officer: For EU residents, you may contact our Data Protection Officer at dpo@whatsmyesg.com.