Back to Home
Privacy Policy

Privacy Policy

Last updated: February 2026

1. Introduction

Supplier Data Statement ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Supplier Activity Data Statement generation service.

2. Data We Collect

We collect only the data necessary to generate your SPADS report:

  • Company and facility identification information
  • Activity data (energy usage, fuel consumption, transportation)
  • Contact information (email address)
  • Payment information (processed by Stripe; we do not store card details)

3. How We Use Your Data

Your data is used exclusively for:

  • Generating your SPADS report
  • Processing your payment
  • Sending report delivery confirmation
  • Enabling report regeneration within 13 months

We do NOT:

  • Sell your data to third parties
  • Use your data for marketing without consent
  • Use your data to train AI/ML models
  • Share your data with other customers

4. Data Security

We implement industry-standard security measures:

  • Encryption at rest: AES-256 encryption for all stored data
  • Encryption in transit: TLS 1.3 for all data transmission
  • Access controls: Role-based access with audit logging
  • Infrastructure: Hosted on SOC 2 compliant cloud infrastructure

5. Data Retention

We retain data to support audit cycles and report regeneration:

  • Active retention: 13 months from report generation
  • Automatic deletion: All data permanently deleted after 13 months
  • Manual deletion: You may request deletion at any time
  • Backups: Encrypted backups retained for 30 days, then deleted

The 13-month retention period aligns with annual audit and tax cycles, ensuring you can access your report if needed for subsequent reporting periods.

6. Third-Party Services

We use the following third-party services:

  • Stripe: Payment processing (PCI DSS compliant)
  • Climatiq: Emission factor API (no personal data shared)
  • Cloud hosting: AWS/Vercel (SOC 2 compliant)

7. Your Rights

You have the right to:

  • Access the data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Export your data in a portable format
  • Withdraw consent where processing is based on consent

To exercise these rights, contact us at privacy@supplierdatastatement.com

8. Cookies

We use only essential cookies required for the service to function. We do not use tracking cookies, analytics cookies, or advertising cookies.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date.

10. Contact Us

For questions about this Privacy Policy or our data practices, contact us at:

Email: privacy@supplierdatastatement.com