Greenio← Back to home

Privacy Policy

Effective date: 1 April 2025  |  Last updated: 22 March 2026

1. Who we are

Greenio ("Greenio", "we", "our", or "us") operates the carbon accounting platform available at greenio.co. We help businesses track, report, and reduce their greenhouse gas emissions in accordance with applicable frameworks including GHG Protocol, BRSR, and India's Carbon Credit Trading Scheme (CCTS).

For the purposes of India's Digital Personal Data Protection Act, 2023 (DPDPA) and applicable data protection laws, Greenio is the Data Fiduciary in respect of personal data processed through this platform.

2. Data we collect

CategoryExamplesPurpose
Account dataName, work email, organisation name, countryAuthentication and account management
Emissions dataElectricity consumption, fuel usage, refrigerant quantities, Scope 3 activitiesCore service: carbon accounting and reporting
Organisation profileIndustry sector, employee count, reporting period, currency preferenceBenchmarking and regulatory report generation (BRSR, CCTS)
Usage dataPages visited, features used, timestampsProduct improvement and support
Technical dataIP address, browser type, device typeSecurity and fraud prevention

We do not collect payment card details directly. Payments are processed by our payment provider and we receive only transaction references.

3. How we use your data

  • Providing, maintaining, and improving the Greenio platform
  • Generating carbon accounting reports, PDFs, and BRSR/CCTS verification packages on your behalf
  • Sending service-related communications (account alerts, billing receipts, data export notifications)
  • Benchmarking your emissions against anonymised industry peers (no individual data is shared)
  • Complying with applicable legal obligations, including tax and accounting regulations
  • Preventing fraud and ensuring platform security

We do not sell your personal data to third parties. We do not use your emissions data for advertising.

4. Legal basis for processing

We process your personal data on the following grounds:

  • Contract performance: processing necessary to deliver the service you subscribed to
  • Consent: for optional communications such as product updates and newsletters; you may withdraw consent at any time
  • Legitimate interests: platform security, fraud prevention, and anonymised analytics
  • Legal obligation: where required by applicable law

5. Data storage and security

Your data is stored on servers hosted by Supabase (PostgreSQL) in data centres located in India or the European Union. We use industry-standard encryption (TLS in transit, AES-256 at rest), row-level security policies to ensure strict data isolation between accounts, and role-based access controls for our team.

We conduct regular security reviews. In the event of a data breach that is likely to result in risk to your rights, we will notify you and the relevant authority within the timeframes required by applicable law.

6. Data sharing

We share data only with:

  • Supabase: database and authentication infrastructure
  • Vercel: application hosting and edge delivery
  • Payment processors: for billing purposes only; no emission data is shared
  • Professional advisors: lawyers and accountants bound by confidentiality obligations
  • Regulatory authorities: where required by law (e.g., BEE, MoEFCC, SEBI)

All sub-processors are bound by data processing agreements and are prohibited from using your data for their own purposes.

7. Data retention

We retain your account and emissions data for as long as your account is active, plus 7 years after account closure (to comply with statutory record-keeping requirements relevant to carbon reporting and financial accounts). You may request earlier deletion subject to legal obligations; see Section 8.

8. Your rights

Under applicable law (including DPDPA 2023), you have the right to:

  • Access: request a copy of the personal data we hold about you
  • Correction: request correction of inaccurate or incomplete data
  • Erasure: request deletion of your data, subject to legal retention requirements
  • Data portability: receive your emissions data in a machine-readable format (CSV/JSON export is available directly in the platform)
  • Withdraw consent: where processing is based on consent, withdraw it at any time
  • Lodge a complaint: with the Data Protection Board of India or other competent supervisory authority

To exercise any of these rights, email us at hello@greenio.co. We will respond within 30 days.

9. Cookies

We use essential session cookies required for authentication. We do not use advertising cookies or cross-site tracking cookies. You can disable cookies in your browser settings, but this will prevent you from logging in to the platform.

10. Changes to this policy

We may update this policy from time to time. Where changes are material, we will notify you by email or in-platform notice at least 14 days before the change takes effect. Continued use of the platform after that date constitutes acceptance of the updated policy.

11. Contact us

For privacy-related queries or to exercise your rights:

Greenio

Email: hello@greenio.co

Website: greenio.co