Privacy Policy

Last updated: 1 April 2025

Sustaineve (“we”, “us”, or “our”) operates sustaineve.com and app.sustaineve.com. This privacy policy explains how we collect, use, disclose, and protect personal data when you use our website and platform.

1. Who we are

Sustaineve is a compliance-grade ESG platform for manufacturing companies, operated by Sustaineve Technology Private Limited. Our registered office is in India. For data protection enquiries, contact: [email protected].

2. Data we collect

We collect the following categories of personal data:

  • Contact data: Name, work email address, company name, job title — provided when you request a demo, submit a form, or contact us.
  • Usage data: Pages visited, time spent, actions taken — collected via PostHog analytics (self-hosted, EU region).
  • Device data: Browser type, operating system, IP address — collected automatically when you access our website.
  • Platform data: Emission data, facility records, and operational information — provided by platform users via app.sustaineve.com.

We do not collect sensitive personal data (health, religion, political views) from website visitors.

3. How we use your data

We use personal data to:

  • Respond to demo requests and enquiries
  • Provide and improve the Sustaineve platform
  • Send service communications (onboarding, product updates)
  • Comply with legal obligations under Indian law and applicable international regulations
  • Analyse and improve website and platform performance

We do not sell personal data to third parties. We do not use personal data for automated decision-making that produces legal or similarly significant effects.

4. Legal basis for processing

We process personal data on the following legal bases:

  • Consent: When you submit a form or request a demo, you consent to being contacted.
  • Legitimate interests: Operating and improving our platform, understanding how visitors use our website.
  • Contract: Processing necessary to fulfil a subscription or service agreement with a customer.
  • Legal obligation: Compliance with applicable laws including India’s Digital Personal Data Protection Act 2023 (DPDP Act).

5. Data retention

We retain personal data for as long as necessary for the purpose it was collected, or as required by law:

  • Lead / enquiry data: Up to 3 years from last contact, or until deletion request.
  • Platform data: Retained for the duration of the customer subscription plus 1 year, unless otherwise agreed.
  • Analytics data: Anonymised / aggregated data retained indefinitely; identifiable session data retained for 12 months.

6. Third-party processors

We use the following processors who may handle personal data on our behalf:

  • Vercel Inc. — website hosting (US, standard contractual clauses apply)
  • Cloudflare Inc. — CDN and security (global network, DPA available)
  • PostHog Inc. — product analytics (EU-hosted instance)
  • HubSpot Inc. — CRM and lead management (US, DPA available)

All processors are required to handle data in accordance with applicable data protection law.

7. Cookies

We use strictly necessary cookies for platform functionality and optional analytics cookies. You can manage cookie preferences via the cookie consent banner on this website. We do not use advertising or tracking cookies.

8. Your rights

Under the DPDP Act 2023 and, where applicable, GDPR, you have the following rights:

  • Right to access the personal data we hold about you
  • Right to correction of inaccurate data
  • Right to erasure (“right to be forgotten”)
  • Right to object to processing based on legitimate interests
  • Right to data portability (for data processed by automated means)
  • Right to withdraw consent at any time

To exercise any of these rights, contact: [email protected]. We will respond within 30 days.

9. Data transfers

Some of our third-party processors are located outside India. Where personal data is transferred internationally, we ensure appropriate safeguards are in place (standard contractual clauses, adequacy decisions, or equivalent protections) in accordance with the DPDP Act 2023 and applicable law.

10. Security

We implement technical and organisational measures to protect personal data against unauthorised access, loss, or disclosure. Our security infrastructure is described at sustaineve.com/security. No transmission over the internet is 100% secure; we cannot guarantee absolute security.

11. Children

Our platform is not directed at individuals under 18. We do not knowingly collect personal data from minors. If you believe a minor has provided personal data to us, contact us immediately at [email protected].

12. Changes to this policy

We may update this privacy policy from time to time. The “last updated” date at the top of this page will reflect any changes. Material changes will be communicated via email or platform notification to active users.

13. Contact

For any privacy-related questions or to exercise your rights:
Email: [email protected]
Website: sustaineve.com/security