Privacy Notice

Effective Date: August 11, 2025

Last Updated: August 11, 2025


At StarfetchX, safeguarding your privacy is one of our highest priorities. As a provider of AI-driven carbon accounting, sustainability reporting, and green technology solutions, we recognize that our services may involve handling sensitive personal and business data. We comply with the GDPR, the UK Data Protection Act 2018, and other applicable international data protection frameworks, including the California Consumer Privacy Act (CCPA) where applicable.

This Privacy Notice outlines our practices regarding the collection, processing, storage, and disclosure of personal and business data when you access our website, mobile applications, cloud-based platforms, and any other services provided under the StarfetchX brand (collectively, the “Services”). By using our Services, you acknowledge that you have read and understood this Privacy Notice.


1. Scope and Applicability

  • All users of our Services, including clients, partners, and visitors to our digital platforms.
  • Data collected through any online or offline channels operated by StarfetchX.
  • Both personally identifiable information (PII) and business-sensitive sustainability data processed in connection with our Services.

This notice does not cover third-party services, tools, or platforms that may be linked to or integrated with our Services, as those are governed by their own privacy policies.


2. Information We Collect

2.1 Personal Identifiers

  • Full name, job title, company name, and role within the organization.
  • Contact information such as email address, phone number, and mailing address.
  • Login credentials and authentication data (encrypted).

2.2 Technical & Device Data

  • IP addresses, browser type, operating system version, and device identifiers.
  • Access times, geolocation (when permitted), and session activity logs.
  • Metadata from interactions with our platform to enhance user experience and detect anomalies.

2.3 Sustainability & Carbon Data

  • Environmental metrics provided by the client, including Scope 1, Scope 2, and Scope 3 emissions data.
  • Resource usage statistics (energy, water, waste) for sustainability reporting.
  • Supplier and partner data for emissions mapping and analysis.

2.4 Interaction Data

  • Support requests, survey responses, and correspondence with our teams.
  • User feedback, feature usage statistics, and AI system interaction records.

3. Purposes for Data Processing

  • Provision of Services – perform calculations, generate reports, and deliver requested sustainability insights.
  • Account Administration – create, manage, and maintain secure user accounts.
  • Platform Optimization – monitor system performance, diagnose issues, and improve AI algorithms.
  • Security & Fraud Prevention – prevent unauthorized access, cyberattacks, and misuse of our platform.
  • Legal & Regulatory Compliance – fulfill obligations under applicable laws.
  • Marketing & Communication – send relevant updates, service announcements, and offers (where consent is given).
  • Research & Development – improve carbon accounting accuracy and enhance AI capabilities.

4. Legal Bases for Processing

  • Consent – when you have clearly agreed to processing for specific purposes.
  • Contractual Necessity – when processing is required to fulfill a contract with you.
  • Legitimate Interests – when it supports our operations without infringing on your rights.
  • Legal Obligation – when required under applicable laws or regulations.

5. Data Sharing and International Transfers

We may share data with trusted service providers and partners under legally binding confidentiality agreements, including but not limited to cloud hosting providers (e.g., Amazon Web Services), AI technology partners (e.g., Google Gemini AI), cybersecurity providers, and professional advisors.

Where data is transferred internationally—including outside the EEA or UK—we ensure appropriate safeguards such as Standard Contractual Clauses (SCCs), Binding Corporate Rules (BCRs), adequacy decisions, or other recognized mechanisms. We do not sell, rent, or trade your personal data.


6. Data Retention Policy

  • Only as long as necessary to fulfill the purposes for which it was collected.
  • To comply with legal and regulatory obligations.
  • To resolve disputes and enforce agreements.

Upon expiration of the retention period, data will be securely deleted or irreversibly anonymized.


7. Your Rights

  • Access – obtain a copy of the personal data we hold about you.
  • Rectification – correct inaccurate or incomplete information.
  • Erasure – request deletion of your data (“Right to be Forgotten”).
  • Restriction – limit how your data is processed.
  • Data Portability – receive your data in a structured, machine-readable format.
  • Withdraw Consent – revoke previously granted permissions at any time.

You can exercise your rights by contacting our Data Protection Officer at privacy@starfetchx.com.


8. Cookies and Tracking Technologies

  • Recognize returning users and store preferences.
  • Analyze platform performance.
  • Deliver personalized content and recommendations.

You can manage your cookie preferences via our Cookie Settings panel or your browser settings.


9. Data Security Measures

  • End-to-end encryption for sensitive data in transit and at rest.
  • Role-based access controls with multi-factor authentication.
  • Regular penetration testing and vulnerability assessments.
  • Incident response procedures to manage and report data breaches in compliance with GDPR Article 33.

While no system can be 100% secure, we continuously update our defenses to meet evolving threats.


10. Updates to This Privacy Notice

We may amend this Privacy Notice to reflect changes in laws, technologies, or our service offerings. Updates will be published on our website with a revised “Last Updated” date; significant changes will be communicated directly to affected users.


11. Contact Us

Data Protection Officer of StarfetchX —support@starfetchx.com