Carbon GPT

Privacy Policy

Last updated: December 4, 2025

This policy outlines three things:

  • the data we gather and why we need it
  • how we handle that data
  • the rights you have regarding your information. We never sell your data.

This policy covers the suite of products and services offered by Carbon GPT, including our carbon accounting platform, AI development and consultancy services.

When we say “you,” we are referring to website visitors, potential clients, and the authorized users of our platform.

Note: This policy covers how we handle your account data. However, when you use our tools to process raw environmental data for your own stakeholders (like your employees' commute info or supply chain utility bills), Carbon GPT acts as a “data processor.” We handle that data strictly according to your instructions as the “data controller,” based on our Service Agreement and Data Processing Addendum (DPA).

What we collect and why

We stick to a simple rule: we only gather data that serves a specific purpose. Here is how that looks in practice:

Identity and account access

When you register for Carbon GPT, we request basic details like your name, email address, and organization name. We need this to set up your account, personalize your experience, and send you important updates. Occasionally, we might send optional surveys to learn how we can improve our services.

Selling your personal info is off the table. We won’t sell your data to third parties, and we won’t use your company name in our marketing materials unless you give us the green light.

Billing details

If you subscribe to a paid plan, you’ll need to provide payment details and a billing address. We don't store your credit card details on our servers. They are sent securely and directly to our payment processor. We retain a record of the transaction (like the last 4 digits of the card) for invoicing, tax calculations, and audit history.

Product data and AI inputs

We store the information you upload or input into Carbon GPT. This includes utility records, emission factors, and spreadsheets. We hold this data so the product works as promised.

We treat your proprietary data (like private financial records or strategy documents) as confidential. We do not use your private data to train our public-facing AI models without your explicit consent.

Technical data and Geolocation

We also log the IP addresses associated with account access to maintain security and detect potential fraud. We keep this log history for as long as your account remains active.

We also use cookies (small text files stored on your device) to recognize you when you sign in, remember your preferences, and assist with our security measures. You can control cookies through your browser settings, though disabling them may break some features of the platform.

Website analytics

We track general browsing activity to understand how people use our site. This includes data like your browser type, operating system, and which pages you visited. This helps us optimize our design and conversion rates. If you are logged in, this activity is linked to your account to help us understand user journeys.

Correspondence

If you email us for support or consulting advice, we keep a record of that conversation. This allows us to look back at past context if you need help again in the future.

Our Legal Basis for processing (GDPR)

If you are an individual in the European Economic Area (EEA) or UK, we collect and process information about you only where we have a legal basis for doing so under applicable EU laws. The legal basis depends on the Services you use and how you use them. This means we collect and use your information only where:

  • We need it to provide you the Services, including to operate the Services, provide customer support and personalized features and to protect the safety and security of the Services;
  • It satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote the Services and to protect our legal rights and interests;

You give us consent to do so for a specific purpose; or

We need to process your data to comply with a legal obligation.

When we access or share your information

To power our services, we rely on select third-party providers, e.g. cloud hosting providers, AI computation engines. We vet these partners to ensure their privacy standards align with ours.

Limited human access.

Our team does not browse your private emissions data. We only access your content for specific reasons and usually with your permission, such as fixing a software bug or if you've hired us for a manual consulting review.

Aggregated insights.

We may aggregate and anonymize data (e.g., "Average electricity usage in the Malaysian manufacturing sector"). We use this de-identified data to refine our benchmarking algorithms. This data is stripped of all personal identifiers.

Legal requirements.

Carbon GPT is a company incorporated in Malaysia.

  • Government Requests: We do not disclose user data to government agencies unless compelled by a legal process, such as a court order or warrant issued by a Malaysian court.
  • International Requests: We only respond to foreign legal requests if they are validated through proper international legal channels recognized by Malaysian law.
  • Notification: Unless legally prohibited, we aim to notify you if your data is requested so you can seek legal remedies.

Your rights regarding your data

Regardless of where you are located, we strive to offer the same high standard of data rights to all Carbon GPT users.

  • Right to Know: You can ask what personal data we collect, use, or share.
  • Right to Access: You have the right to request a copy of the personal information we hold about you.
  • Right to Correction: You can update or correct inaccurate personal data.
  • Right to Erasure: You can ask us to delete your personal data. Please note, for carbon auditing purposes, some data may need to be retained for a specific period to ensure compliance with audit trails before full deletion.
  • Right to Portability: You can take your data with you. We provide export features for your emissions ledgers and reports (e.g., CSV, PDF).

To exercise any of these rights, please email us at info@carbongpt.ai.

Security measures

We treat environmental and financial data with the highest level of care.

All data is encrypted via SSL/TLS when it moves between our servers and your browser. Your data is also encrypted "at rest" (when it is stored in our database).

We utilize enterprise-grade cloud infrastructure with strict access controls.

Deleting your data

If you delete specific records, like an activity, they may sit in a soft-delete state until you request their permanent deletion.

If you cancel your account entirely, your data becomes inaccessible immediately. We will purge it from our active databases within 60 days. Encrypted backups may retain copies for up to another 30 days, which is a standard safeguard in database management.

Data retention

We hold on to your information only for as long as it is needed to provide our services. In the world of carbon accounting, year-over-year historical data is often vital. As such, we generally retain your emissions data for the lifespan of your active account, unless you explicitly delete it.

Location of site and operations

Carbon GPT is based in Malaysia. Our data infrastructure is hosted in secure cloud facilities (typically utilizing major hubs in Malaysia or Singapore). By using our services, you acknowledge that your information will be transferred to, processed, and stored in these locations.

Please be aware that if you are visiting or using our Services from the European Union (EU), United Kingdom (UK), or other regions with laws governing data collection, you are agreeing to the transfer of your personal information to Malaysia and Singapore.

By providing your information to the Services, you consent to any transfer and processing in accordance with this Policy. We transfer your data on the legal basis that it is necessary for the performance of our contract with you (i.e., we cannot provide the software to you without moving the data to our servers).

Updates and contact info

We may update this policy as privacy laws change or our AI capabilities expand. If we make significant material changes, we will notify you via the email on your account or through an in-app alert.

Do you have questions about this policy or how we handle carbon data? Please reach out to us at info@carbongpt.ai.

Carbongpt Logo

Carbon GPT is an AI-powered carbon accounting platform that helps organizations track, report, and reduce their environmental impact.

Product

Carbon GPT AI-SR Services Pricing Request a demo

Company

About Us

Follow

LinkedIn Instagram Facebook

Legal

Privacy Terms

Resources

Documentation Blog AI-SR Gap Analysis
© 2025 CGPT Consulting Sdn Bhd. All rights reserved.