Legal · Privacy

Privacy Policy

Last updated 31 May 2026 · Effective 1 June 2026

1. Who we are

ClimSen is a UK-registered limited company operating a curated voluntary carbon credit marketplace and compliance intelligence platform at climsen.com. We are the data controller for personal information we process. Registered company: [your Companies House number]. Registered address: [your registered address]. ICO registration: [your ICO number].

2. What information we collect

Identification: name, work email, phone (optional), job title, company.

Verification (KYC): for buyers settling OTC trades — legal entity name, registered address, company registration number, VAT number, UBO name and date of birth, source-of-funds declaration, and supporting documents (incorporation certificate, proof of address, photo ID).

Transaction data: project selections, quoted prices, volumes, retirement serials, and related communications.

Technical: IP address, browser type, pages viewed, referrer.

Communications: emails and messages you send us, including replies to our quote and disclosure emails.

3. How we use it

  • Provide the marketplace, quote, transaction, KYC and disclosure services.
  • Verify buyers' identity and source of funds (KYC) to meet platform integrity standards and prevent misuse.
  • Generate CSRD-ready disclosure documents for completed transactions.
  • Communicate with you about quotes, transactions, satellite verification updates, and pipeline status.
  • Comply with legal obligations (tax records, anti-money-laundering expectations, regulatory cooperation).
  • Improve the service through aggregated usage analysis (no advertising profiles, no third-party ad tracking).

4. Legal basis (UK GDPR Article 6)

  • Performance of a contract (delivering services you requested).
  • Legitimate interest (running the platform, preventing fraud, securing the service, marketing to business contacts who can opt out).
  • Compliance with legal obligations (record-keeping, KYC where applicable, responding to regulators).
  • Consent (where you submit optional information or sign up to specific communications).

5. Who we share it with (data processors)

  • Supabase Inc. — database and authenticated storage (data hosted in EU region, sub-processor of AWS).
  • Resend Inc. — transactional and quote email delivery (EU region).
  • Vercel Inc. — application hosting and CDN.
  • Plausible Insights OÜ — privacy-friendly analytics (no cookies, no personal data shared).
  • Sentinel Hub / Planet Labs — satellite imagery (no personal data shared).
  • Auditors, tax advisors, legal advisors when engaged.
  • Law enforcement and regulators where legally required.

We do not sell personal data. We do not share data with advertisers.

6. International transfers

Some processors are based outside the UK/EEA. Where this occurs, we rely on UK-approved standard contractual clauses or equivalent safeguards.

7. Retention

  • Active account data: while you have an active relationship with us.
  • Quote and transaction records: 7 years (UK tax record retention).
  • KYC documents: 5 years after end of relationship (UK Money Laundering Regulations standard).
  • Marketing communications data: until you unsubscribe (one-click unsubscribe link in every commercial email).

8. Your rights (UK GDPR)

You can:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request erasure (subject to legal retention requirements).
  • Restrict or object to processing.
  • Request data portability.
  • Withdraw consent at any time where consent is the legal basis.
  • Lodge a complaint with the Information Commissioner's Office at ico.org.uk.

To exercise any of these, email privacy@climsen.com. We respond within 30 days.

9. Cookies

We use only essential cookies for authentication and session management. No advertising cookies. No cross-site tracking. Plausible Analytics is cookie-free.

10. Security

We use HTTPS throughout, encrypted database storage, role-based access control, and minimum-necessary data collection. Security incidents affecting personal data are reported to the ICO within 72 hours where required.

11. Children

The service is not intended for individuals under 18. We do not knowingly collect data from children.

12. Changes

We update this policy when our practices change. The “last updated” date above will change. Material changes will be notified to active users by email.

13. Contact

Email: ab@climsen.com (or privacy@climsen.com for data rights requests).

Postal: [your registered address].

ICO complaint: ico.org.uk/concerns