Carbonly.ai respects your privacy and is committed to protecting the personal information we collect and process. This Privacy Policy describes what information we collect, how we use and share it, how long we keep it, and your rights under the Australian Privacy Act 1988 (Cth).
We collect the information you give us through your account, documents you upload for carbon accounting, and standard operational telemetry (login events, audit trails, error logs). We use this information to provide the Carbonly service, generate your compliance reports, and improve our AI models. We do not sell personal information. We use AI sub-processors listed in our Data Processing Addendum for document extraction.
Our practices are governed by the 13 Australian Privacy Principles under the Privacy Act 1988 (Cth). You have the right to access and correct personal information we hold about you, lodge a complaint, and opt out of direct marketing at any time. Contact us at hello@carbonly.ai to exercise these rights.
Australian customer data is hosted on AWS Sydney (ap-southeast-2). Encryption TLS 1.3 in transit and AES-256 at rest. Multi-tenant isolation at the database level. Five-tier role-based access control on every record. SHA-256 hashed API keys with scoped permissions and IP allowlisting.
For privacy enquiries, complaints, or requests to access or correct your personal information, email hello@carbonly.ai. We acknowledge complaints within 7 days and aim to resolve them within 30 days. The full Privacy Policy appears below.