CarbonNeetiBlog
Marketplace is liveExplore
CarbonNeeti

Privacy Policy

Last updated: March 2026

Information We Collect

CarbonNeeti collects information that you provide directly when creating an account, registering facilities, or submitting emissions data through our platform. This includes your name, email address, organization details, facility information, and carbon emissions data.

We also collect usage data automatically, including IP addresses, browser type, pages visited, and interaction patterns to improve our services and ensure platform security.

How We Use Information

Your information is used to provide, maintain, and improve the CarbonNeeti platform. Specifically, we use your data to:

  • Calculate and track greenhouse gas emissions for your facilities
  • Generate compliance reports including BRSR disclosures
  • Manage carbon credit positions and obligations under the CCTS framework
  • Send transactional notifications related to your account and compliance deadlines
  • Provide customer support and respond to your inquiries
  • Analyze platform usage to improve features and performance

Data Security

We implement industry-standard security measures to protect your data, including encryption in transit (TLS 1.2+) and at rest, role-based access controls, and regular security audits. Emissions data and facility information are stored on secure servers with restricted access.

While we strive to protect your data, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security but are committed to notifying affected users promptly in the event of a data breach.

Third-Party Services

CarbonNeeti may use third-party services for AI-powered document extraction, analytics, email delivery, and cloud infrastructure. These service providers are contractually bound to process your data only as instructed by us and to maintain appropriate security measures. We do not sell, rent, or trade your personal information or emissions data to any third party.

Your Rights

You have the right to access, correct, or delete your personal data at any time. You may also request a copy of the emissions data associated with your account in a portable format. To exercise any of these rights, contact us at the email address below.

If you are located in a jurisdiction with specific data protection laws (such as the Digital Personal Data Protection Act, 2023), you may have additional rights. We are committed to complying with all applicable data protection regulations.

Cookie Policy

CarbonNeeti uses cookies and similar technologies to operate the platform, maintain your session, and improve user experience. The cookies we use fall into the following categories:

  • Strictly Necessary Cookies: Required for authentication, session management, and security (e.g., JWT tokens stored in local storage, CSRF protection). These cannot be disabled.
  • Functional Cookies: Remember your preferences such as selected facility, dashboard layout, and language settings.
  • Analytics Cookies: Help us understand how users interact with the platform so we can improve features and performance. These are anonymized and do not track you across other websites.

You can manage cookie preferences through your browser settings. Disabling strictly necessary cookies may prevent you from using core platform features. We do not use cookies for advertising or cross-site tracking.

Data Retention

We retain your data for the following periods:

  • Account Data: Retained for the duration of your active subscription and for 90 days after account deletion to allow recovery.
  • Emissions and Compliance Data: Retained for a minimum of 8 years from the end of the relevant compliance period, in line with BEE/CCTS record-keeping requirements.
  • Uploaded Documents: Retained for 5 years after upload or until you request deletion, whichever is longer, subject to regulatory retention obligations.
  • Audit Logs: Retained for 5 years to support regulatory audits and dispute resolution.
  • Server and Access Logs: Retained for 12 months for security monitoring and incident investigation.

After the applicable retention period, data is securely deleted or anonymized. You may request early deletion of your personal data (subject to regulatory retention obligations) by contacting us.

Digital Personal Data Protection Act, 2023 (DPDP Act)

CarbonNeeti is committed to compliance with the Digital Personal Data Protection Act, 2023 and the rules framed thereunder. As a Data Fiduciary, we process your personal data only for lawful purposes with your consent or as permitted by law.

Your Rights as a Data Principal

  • Right to Access: You may request a summary of the personal data we process and the processing activities undertaken.
  • Right to Correction and Erasure: You may request correction of inaccurate data or erasure of data that is no longer necessary for the purpose for which it was collected.
  • Right to Grievance Redressal: You may raise grievances regarding our data processing practices with our Grievance Officer (details below).
  • Right to Nominate: You may nominate another person to exercise your rights in the event of your death or incapacity.

Data Fiduciary Obligations

We process personal data only for the specific purposes communicated to you at the time of collection. We implement reasonable security safeguards to protect personal data and promptly notify the Data Protection Board of India and affected Data Principals in the event of a personal data breach. We do not process personal data of children without verifiable parental consent.

Grievance Officer

For any grievances or queries related to the processing of your personal data under the DPDP Act, 2023, please contact our Grievance Officer at grievance@carbonneeti.com. We will acknowledge your grievance within 48 hours and endeavour to resolve it within 30 days.

Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011

To the extent applicable, CarbonNeeti complies with the SPDI Rules, 2011 under the Information Technology Act, 2000. Sensitive personal data or information (such as passwords and financial information) is collected, stored, and transferred in accordance with these rules.

We maintain a comprehensive information security policy and implement security practices and standards that are commensurate with the information being protected, including ISO/IEC 27001 aligned controls. Any transfer of SPDI to third parties is done only where the receiving party maintains the same level of data protection, and with your consent where required.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at hello@carbonneeti.com.