Legal

Privacy Policy

Last updated: February 27, 2026

1. Introduction

GreenLedger Technologies Ltd. (“GreenLedger,” “we,” “us,” or “our”), a company registered in the United Arab Emirates with offices at Level 14, Emirates Towers, Sheikh Zayed Road, Dubai, UAE, is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, disclose, and safeguard your information when you access or use our platform, website, mobile applications, APIs, and related services (collectively, the “Services”).

This policy is drafted in accordance with UAE Federal Decree-Law No. 45/2021 on the Protection of Personal Data (“UAE Data Protection Law”), the General Data Protection Regulation (EU) 2016/679 (“GDPR”) where applicable, and other relevant data protection legislation in the GCC region.

2. Data Controller

GreenLedger Technologies Ltd. acts as the Data Controller for personal data processed through the Services. For enterprise clients, GreenLedger may also act as a Data Processor with respect to emissions data and employee information processed on behalf of the client organization, as defined in the applicable Data Processing Agreement (“DPA”).

3. Information We Collect

3.1 Information You Provide Directly:

  • Account registration data: full name, corporate email address, job title, company name, company registration number, phone number
  • Billing information: company address, VAT/tax registration number, payment method details (processed via PCI DSS-compliant payment processors)
  • Emissions data: energy consumption records, fuel usage, travel data, procurement records, waste management data, and other environmental metrics
  • Employee data (where Employee Engagement module is activated): names, email addresses, department, office location, individual carbon footprint activities
  • Communications: support tickets, demo requests, feedback, and correspondence

3.2 Information Collected Automatically:

  • Device and browser information: IP address, browser type, operating system, device identifiers
  • Usage data: pages visited, features used, session duration, click patterns, search queries within the platform
  • Log data: access timestamps, error logs, API call records
  • Cookies and similar technologies: as described in our Cookie Policy

3.3 Information from Third Parties:

  • ERP and IoT integrations: emissions-related data from connected enterprise systems (SAP, Oracle, Microsoft Dynamics, IoT sensors)
  • Supplier data: information provided by supply chain partners through supplier assessment portals
  • Carbon credit registries: transaction and retirement data from Gold Standard, Verra VCS, and regional registries

4. Legal Basis for Processing

We process personal data on the following legal bases:

  • Contractual necessity: Processing required to perform our obligations under the Service Agreement
  • Legal obligation: Processing required to comply with UAE Federal Climate Law (Decree-Law No. 11/2024), tax regulations, and other applicable laws
  • Legitimate interests: Platform improvement, fraud prevention, security monitoring, and analytics
  • Consent: Marketing communications, optional analytics, and employee engagement features

5. How We Use Your Information

  • Providing, maintaining, and improving the Services
  • Calculating and reporting greenhouse gas emissions in accordance with GHG Protocol standards
  • Generating regulatory compliance reports (UAE Climate Law, ISSB, CBAM, GRI, CDP, TCFD)
  • Facilitating carbon credit transactions on the marketplace
  • Processing payments and managing subscriptions
  • Providing customer support and responding to inquiries
  • Sending service notifications, security alerts, and administrative messages
  • Generating anonymized, aggregated industry benchmarks (no individual company data is identifiable)
  • Detecting, preventing, and addressing fraud, security incidents, and technical issues

6. Data Sharing and Disclosure

We do not sell your personal data. We may share information with:

  • Service providers: Cloud hosting (UAE-based data centers), payment processors, email delivery services, analytics providers — all bound by DPAs
  • Carbon credit registries: Transaction data necessary to execute and verify credit purchases and retirements
  • Regulatory authorities: When required by law, court order, or regulatory mandate under UAE or GCC jurisdiction
  • Auditors: Independent auditors engaged by the client or by GreenLedger for SOC 2 compliance purposes
  • Corporate transactions: In connection with a merger, acquisition, or sale of assets, subject to confidentiality obligations

7. International Data Transfers

Your data is primarily stored and processed in UAE-based data centers. Where data transfers outside the UAE are necessary (e.g., for certain sub-processor services), we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs), adequacy decisions, or binding corporate rules, in compliance with the UAE Data Protection Law and GDPR where applicable.

8. Data Retention

We retain personal data for as long as necessary to fulfill the purposes outlined in this policy:

  • Active account data: retained for the duration of the Service Agreement plus 12 months
  • Emissions and compliance data: retained for 7 years post-reporting period (aligned with UAE regulatory requirements)
  • Carbon credit transaction records: retained for 10 years (aligned with financial record-keeping requirements)
  • Marketing data: until consent is withdrawn
  • Log and analytics data: 24 months

9. Your Rights

Subject to applicable law, you have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Request correction of inaccurate or incomplete data
  • Erasure: Request deletion of your data, subject to legal retention obligations
  • Restriction: Request limitation of processing in certain circumstances
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Withdraw consent: Where processing is based on consent, withdraw at any time

To exercise your rights, contact our Data Protection Officer at dpo@greenledger.ae. We will respond within 30 days.

10. Children's Privacy

The Services are designed for business use and are not directed at individuals under the age of 18. We do not knowingly collect personal data from minors.

11. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email to account administrators and through an in-platform notification at least 30 days before taking effect. Continued use of the Services after the effective date constitutes acceptance of the updated policy.

12. Contact Us

GreenLedger Technologies Ltd.
Data Protection Officer
Level 14, Emirates Towers, Sheikh Zayed Road, Dubai, UAE
Email: dpo@greenledger.ae
Phone: +971 4 XXX XXXX