Privacy Policy – CarbonDebit.org

Effective Date: June 25, 2025

1. Who We Are

CarbonDebit.org is a platform that helps individuals and businesses offset their carbon emissions through the purchase of verified micro-offsets ("Carbon Debits").

We are committed to protecting your privacy and being transparent about how we collect, use, and store your information.

2. What Information We Collect

Information You Provide:

• Name
• Email address
• Payment details (processed securely via Stripe)
• Business/company information (if applicable)
• Messages or feedback submitted via contact forms

Automatically Collected:

• IP address
• Device type and browser
• Site usage behavior (via analytics tools)
• Referral sources

3. How We Use Your Information

• Process payments and issue receipts
• Create and maintain your user dashboard
• Generate and deliver offset certificates and reports
• Respond to inquiries or support requests
• Send you service-related updates or optional newsletters
• Improve our platform and services (via usage analytics)

4. Legal Basis for Processing

We process your data under one or more of the following legal bases:

• Consent (e.g., newsletter opt-in)
• Contractual necessity (e.g., subscription management)
• Legitimate interest (e.g., improving services)
• Legal obligations (e.g., financial reporting)

5. Data Sharing

We never sell your data.

We may share limited data with trusted third parties only as needed:

• Payment processing (Stripe)
• Email communication (e.g., MailerLite, Brevo)
• Analytics providers (e.g., Plausible or Google Analytics)
• Offset verification partners (for reporting purposes)

All providers are GDPR-compliant or follow equivalent data protection standards.

6. Cookies & Tracking

We use cookies for:

• Session tracking
• Site performance analytics
• Marketing attribution (optional)

You can manage your cookie preferences in your browser settings. A cookie consent banner is displayed when you first visit the site.

7. Data Retention

We retain your data only as long as necessary to:

• Provide services
• Comply with legal/accounting requirements
• Maintain your user dashboard and history

You may request deletion of your data at any time (see Section 9).

8. Security

We implement reasonable security practices to protect your data:

• HTTPS encryption
• Secure payment handling via Stripe
• Access controls for admin-level data
• Limited internal data access

9. Your Rights

You have the right to:

• Access your personal data
• Correct inaccurate information
• Request deletion of your data
• Withdraw consent for marketing at any time
• Lodge a complaint with a data protection authority

Contact us at privacy@carbondebit.org for all data rights requests.

10. International Users

If you’re accessing CarbonDebit.org from outside the UK, your data may be transferred and stored in jurisdictions that may not offer the same level of data protection. We take steps to ensure appropriate safeguards are in place.

11. Updates to This Policy

We may update this Privacy Policy to reflect changes in legal requirements or our practices.

All updates will be posted here with a revised “Effective Date.”

12. Contact

For any questions about this policy or your data:

privacy@carbondebit.org