Sustifi
Sign in
← Back to Home

Privacy Policy

Last updated: January 26, 2026

1. Introduction

Sustifi ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our carbon footprint tracking service.

2. Information We Collect

We collect information that you provide directly to us, including:

  • Account information (name, email, organization)
  • Carbon footprint data (energy usage, transportation, etc.)
  • Business information for directory listings
  • Communication data when you contact us

3. How We Use Your Information

We use the information we collect to:

  • Provide and maintain our Service
  • Calculate and track your carbon footprint
  • Issue sustainability certificates
  • Improve and personalize your experience
  • Communicate with you about updates and offers

4. Data Security

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

5. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements.

6. Account Deletion & Data Retention (GDPR Article 17)

Your Right to Erasure

You can delete your account at any time from your account settings. Here's what happens:

Immediate Effect (Soft Deletion):

  • Your account is immediately deactivated
  • All your data becomes inaccessible through our platform
  • Your subscription is canceled (no further charges)
  • You receive a confirmation email with restoration instructions

30-Day Grace Period:

  • Your data is retained for 30 days in case you change your mind
  • During this period, you can restore your account using the link sent to your email
  • We'll send reminder emails 7 days and 1 day before permanent deletion

Permanent Deletion (After 30 Days):

  • All your personal data is permanently and irreversibly deleted
  • Anonymized audit logs are retained for legal compliance only
  • Certificates issued during your membership become invalid

What We Keep (Legal Requirements):

  • Transaction records: Anonymized financial records for tax/audit purposes (7 years)
  • Certificate verification: Anonymized verification history for fraud prevention
  • Security logs: Anonymized access logs for security monitoring (90 days)

Contact: For deletion questions, email privacy@susti.fi

7. Your Rights

Under GDPR and other applicable laws, you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of your data
  • Object to processing of your data
  • Data portability

8. Cookies

We use cookies and similar tracking technologies to track activity on our Service and hold certain information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent.

9. Changes to This Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

10. Contact Us

If you have any questions about this Privacy Policy, please contact us at privacy@susti.fi.