Access Platform ↗ Careers at Climate Decode
Privacy & Data Protection

Privacy Policy

How we collect, use, and protect your personal information

Last Updated: January 2026

1. Introduction

This Privacy Notice ("Notice") describes how Climate Decode ("we", "us", or "our") collects, uses, stores, secures, and governs personal information in connection with:

  • Our websites, including www.climate-decode.com and related subdomains
  • Our software platforms and applications, including TerraNova and Canopy
  • Our advisory services, research, events, and other public or commercial interactions

Climate Decode is an enterprise climate technology platform serving corporate, institutional, and public-sector users globally. We are committed to processing personal information lawfully, fairly, and transparently, in accordance with applicable data protection laws in the European Union, United Kingdom, United States, Canada, and India, and in alignment with the AICPA SOC 2 Trust Services Criteria (Security, Availability, Confidentiality, and Privacy).

2. Jurisdictional Scope

This Notice applies to individuals located in:

  • European Union & United Kingdom (GDPR / UK GDPR)
  • Canada (PIPEDA and provincial privacy laws)
  • United States (including California Consumer Privacy Act / CPRA, where applicable)
  • India (Digital Personal Data Protection Act, 2023)

3. Data Controller / Responsible Entity

For the purposes of applicable data protection laws, Climate Decode acts as:

  • Data Controller for personal information collected through its websites, marketing activities, events, and direct business relationships
  • Data Processor / Service Provider for customer data processed within the TerraNova and Canopy platforms on behalf of enterprise clients, as governed by contract

4. Categories of Personal Information Collected

4.1 Identity & Professional Information

Name, job title, employer, business email address, business telephone number

4.2 Account & Authentication Data

User IDs, access roles, login timestamps, authentication metadata

4.3 Transactional & Billing Information

Subscription details, invoicing data, payment references

4.4 Technical & Usage Data

IP address, browser type, device identifiers, operating system, session logs, feature usage

4.5 Communications Data

Emails, support tickets, meeting notes, marketing preferences

4.6 Client-Controlled Data

Data uploaded or generated by enterprise users within the platform

5. How Personal Information Is Collected

  • Direct interactions (website forms, demos, contracts, platform use)
  • Automated technologies (cookies, logs, monitoring tools)
  • Third-party service providers (cloud hosting, analytics, billing, security)
  • Professional or public sources (limited business contact data)

6. Purposes of Processing

  • Service delivery and platform operation
  • User authentication and access control
  • Contract management and billing
  • Security monitoring, logging, and incident prevention
  • Customer support and communications
  • Legal, regulatory, and audit compliance

Climate Decode does not sell personal information, use it for advertising profiling, or apply automated decision-making producing legal effects.

7. Legal Basis for Processing (EU / UK)

Under GDPR and UK GDPR, processing is based on:

  • Contractual necessity – to provide services
  • Legitimate interests – to operate, secure, and improve our services
  • Consent – for optional communications
  • Legal obligation – regulatory and compliance requirements

8. United States Privacy Rights

Where applicable under US state laws (including California CPRA):

  • We do not sell or share personal information for cross-context behavioural advertising
  • Individuals may request access, correction, or deletion of personal information
  • Requests may be submitted via the contact details below

Climate Decode processes business-to-business data and does not engage in consumer profiling or targeted advertising.

9. Canada (PIPEDA)

For Canadian residents:

  • Personal information is collected for identified purposes and with appropriate consent
  • Information is limited to what is necessary for business purposes
  • Individuals may request access to, or correction of, their personal information

10. India (Digital Personal Data Protection Act, 2023)

For individuals located in India:

  • Climate Decode processes personal data only for lawful purposes with consent or other permitted grounds
  • Reasonable security safeguards are implemented to prevent data breaches
  • Individuals may request access, correction, or erasure of personal data

11. Access Controls & Security (SOC 2 – Security)

Climate Decode implements security measures including:

  • Role-based access controls and least-privilege principles
  • Authentication and credential management
  • Encryption of data in transit and at rest
  • Centralised logging and monitoring
  • Restricted administrative access to production systems

12. Availability & Business Continuity (SOC 2 – Availability)

We maintain:

  • Cloud-based infrastructure with redundancy
  • Backup and recovery procedures
  • Monitoring of system availability
  • Incident response and service restoration processes

13. Confidentiality & Client Data Protection (SOC 2 – Confidentiality)

Client and confidential data are protected through:

  • Contractual confidentiality obligations
  • Logical separation of customer environments where applicable
  • Restrictions on internal data use
  • Controlled data exports and access logging

14. Third-Party Processors & Cross-Border Transfers

We engage third-party service providers under contractual safeguards. Personal information may be transferred internationally, including to the EU, UK, US, Canada, or India. Where required, appropriate safeguards are applied, including:

  • Adequacy decisions
  • Standard contractual clauses
  • Contractual security and confidentiality obligations

15. Data Retention & Deletion

Personal information is retained only as long as necessary for business, contractual, or legal purposes. When no longer required, data is securely deleted or anonymised.

16. Your Rights

Depending on jurisdiction, you may have the right to:

  • Access personal information
  • Correct inaccurate data
  • Request deletion or erasure
  • Restrict or object to processing
  • Withdraw consent
  • Lodge a complaint with a supervisory authority

17. Children

Climate Decode services are intended for business users. We do not knowingly collect personal information from children under the age of 13.

18. Changes to This Notice

This Privacy Notice may be updated periodically. Updates will be published on our websites.

19. Contact Information

Privacy & Data Protection Contact

Climate Decode
Email: privacy@climate-decode.com
General enquiries: contact@climate-decode.com

Questions About Our Data Practices?

We take data privacy seriously. If you have questions about how we handle your information, or want to learn more about our platform, we’re here to help.

Get in Touch → Explore the Platform