Privacy Policy

Introduction

Secured Carbon ("we," "our," or "us") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our platform, or engage with our services (collectively, the "Services").

We provide AI-powered solutions at the intersection of Energy, Finance, and Artificial Intelligence, including market research, analytics tools, and platforms for renewable energy asset standardization and securitization. This Privacy Policy governs your access to and use of our Services, regardless of how you access them.

Please read this Privacy Policy carefully. By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with our policies and practices, please do not use our Services.

Information Collection

We collect several types of information from and about users of our Services, including:

Personal Information

We may collect personal information that you voluntarily provide to us when you:

• Register for an account
• Subscribe to our newsletter or publications
• Request information or services
• Participate in surveys, contests, or promotions
• Contact our customer support
• Use certain features of our platform

The personal information we collect may include:

• Name, email address, postal address, phone number
• Company name, job title, industry
• Billing and payment information
• User credentials (username, password)
• Profile information
• Communications and correspondence with us

Project and Usage Data

When you use our Services, we may collect information about your energy projects, financial models, and how you interact with our platform, including:

• Project specifications and technical details
• Financial modeling data
• System sizing calculations and parameters
• Tax credit and incentive information
• Information about your use of features and functions
• User-generated content and uploaded files

Automatically Collected Information

When you access or use our Services, we automatically collect certain information about your equipment, browsing actions, and patterns, including:

• Device information (such as your IP address, operating system, browser type)
• Usage details (such as traffic data, logs, and other communication data)
• Location information
• Information collected through cookies and other tracking technologies

Third-Party Sources

We may receive information about you from third-party sources, such as:

• Business partners
• Market research providers
• Analytics providers
• Data aggregators
• Public databases

This information may be combined with information we collect from you directly to enhance our Services and your experience.

Information Use

We use the information we collect about you or that you provide to us for the following purposes:

Service Provision and Improvement

• To provide, maintain, and improve our Services
• To process transactions and fulfill our contractual obligations
• To personalize your experience with our Services
• To develop new products, services, features, and functionality
• To perform data analysis and research to improve our Services

Communication and Support

• To communicate with you regarding your account, services, or transactions
• To respond to your inquiries, comments, or support requests
• To provide customer service and technical assistance
• To send you technical notices, updates, security alerts, and support messages

Marketing and Promotional Activities

• To send you newsletters, promotional materials, and other communications
• To inform you about new features, products, services, and events
• To conduct surveys, contests, or other promotional activities
• To measure the effectiveness of our marketing campaigns

You may opt-out of receiving marketing communications at any time by following the unsubscribe instructions included in such communications or by contacting us directly.

Security and Compliance

• To protect the security and integrity of our Services
• To detect, prevent, and address technical issues, fraud, or illegal activity
• To verify your identity and authenticate access to your account
• To comply with legal obligations and enforce our terms and policies

Aggregated and Anonymized Data

We may use aggregated and anonymized data derived from user information for any lawful purpose, including but not limited to developing market insights, improving our Services, and publishing research reports, provided that such data does not identify any individual user.

Information Sharing

We may share your information in the following circumstances:

Service Providers

We may share your information with third-party vendors, service providers, contractors, or agents who perform functions on our behalf, such as:

• Cloud hosting and data storage providers
• Payment processors and financial institutions
• Customer support and helpdesk services
• Analytics and data analysis services
• Marketing and communication platforms
• Professional services (legal, accounting, etc.)

These service providers are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it to them.

Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of company assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.

Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency). We may also disclose your information to:

• Enforce our agreements, policies, and terms of service
• Protect the security and integrity of our Services
• Protect the rights, property, or safety of our company, our users, or others
• Prevent or investigate possible wrongdoing in connection with our Services

With Your Consent

We may share your information with third parties when you have explicitly consented to such sharing.

Aggregated or De-Identified Information

We may share aggregated or de-identified information about our users for industry analysis, research, benchmarking, and similar purposes. This information cannot reasonably be used to identify you.

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our Services and to collect certain information about your browsing activities and preferences. Cookies are small data files placed on your device that help us to improve our Services and your experience, see which areas and features of our Services are popular, and count visits.

Types of Cookies We Use

Third-Party Analytics

We may use third-party analytics services, such as Google Analytics, to help us understand how users engage with our Services. These services may use cookies and similar technologies to collect information about your use of our Services and other websites. This information may be used to compile reports and to help us improve our Services.

Your Cookie Choices

Most web browsers allow you to control cookies through their settings preferences. However, if you limit the ability of websites to set cookies, you may worsen your overall user experience and some parts of our Services may not work properly.

To learn more about cookies and how to manage them, visit www.allaboutcookies.org.

Do Not Track Signals

Some browsers have incorporated "Do Not Track" (DNT) features that can send a signal to websites you visit indicating you do not wish to be tracked. Because there is not yet a common understanding of how to interpret DNT signals, our Services do not currently respond to browser DNT signals. For more information about DNT, visit All About DNT.

Data Security

We implement appropriate technical and organizational measures to protect the security of your personal information from unauthorized access, disclosure, alteration, or destruction. These measures may include, but are not limited to:

• Encryption of data in transit and at rest
• Secure user authentication protocols
• Network security monitoring and intrusion detection
• Regular security assessments and vulnerability testing
• Access controls and authorization mechanisms
• Physical security measures for our facilities
• Ongoing employee security awareness training

However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. It is your responsibility to keep your account credentials confidential and to notify us immediately of any unauthorized access to or use of your account.

Handling of Sensitive and Confidential Information

In the course of providing our Services, we may process or come into contact with various types of sensitive and confidential information. This section explains how we handle these specific categories of information.

Personally Identifiable Information (PII)

We define PII as any data that could potentially identify a specific individual, including but not limited to names, addresses, email addresses, phone numbers, social security numbers, and government-issued identification. We implement stringent safeguards for PII, including:

• Strict access controls on a need-to-know basis
• Encryption during storage and transmission
• De-identification and anonymization where appropriate
• Regular audits of PII handling procedures

We only collect PII that is necessary for the provision of our Services and maintain it only for as long as required to fulfill the purposes outlined in this Privacy Policy.

Protected Health Information (PHI)

Our standard Services are not designed to collect or process Protected Health Information (PHI) as defined under the Health Insurance Portability and Accountability Act (HIPAA). We do not operate as a Covered Entity or Business Associate under HIPAA in our standard operations.

If your use of our Services requires the processing of PHI, please contact us before uploading any such information so that we can determine whether a Business Associate Agreement is necessary and ensure appropriate compliance measures are in place.

Payment Card Industry (PCI) Data

When processing payment information, we adhere to the Payment Card Industry Data Security Standard (PCI-DSS). To protect your payment information, we:

• Do not store full credit card numbers or CVV codes on our servers
• Use trusted third-party payment processors who are PCI-DSS compliant
• Implement strong encryption for any payment details that pass through our systems
• Limit access to payment information to only those employees who require it for processing
• Regularly validate our compliance with PCI-DSS standards

Confidential Information and Trade Secrets

We recognize that our platform may contain confidential business information, trade secrets, and proprietary data related to your energy projects, financial models, and business operations. To protect this information, we:

• Implement robust confidentiality provisions in our agreements with employees, contractors, and service providers
• Apply role-based access controls to limit access to confidential information
• Maintain secure environments for data processing with logical separation between clients
• Apply data loss prevention techniques to prevent unauthorized exfiltration of confidential information
• Conduct security awareness training specifically focused on handling confidential information

We will not use your confidential information or trade secrets for any purpose other than providing our Services to you, and we will not disclose such information to third parties except as necessary to provide our Services or as required by law.

Breach Notification

In the event of a breach involving sensitive information, we will:

• Promptly investigate the nature and scope of the breach
• Take immediate steps to contain and mitigate any potential harm
• Notify affected individuals and relevant authorities in accordance with applicable laws and regulations, including state breach notification laws and GDPR where applicable
• Provide appropriate remediation services based on the nature and scope of the breach

Our incident response plan includes specific protocols for dealing with breaches involving different categories of sensitive information, with escalated responses for particularly sensitive data types.

Data Retention

We retain your personal information for as long as needed to provide you with our Services, comply with our legal obligations, resolve disputes, and enforce our agreements. The specific retention periods for different types of data may vary depending on:

• The nature of the information and the purposes for which it was collected
• Our legal and regulatory obligations
• Industry standards and best practices
• Potential risk of harm from unauthorized use or disclosure

When we no longer need to use your information for the purposes outlined in this Privacy Policy, we will either delete it from our systems or anonymize it so that it can no longer be associated with you.

Your Rights

Depending on your location, you may have certain rights regarding your personal information. These may include:

Access and Portability

You may have the right to access the personal information we hold about you and to request a copy of your information in a structured, commonly used, and machine-readable format.

Correction

You may have the right to request that we correct any inaccurate or incomplete personal information we hold about you.

Deletion

You may have the right to request the deletion of your personal information in certain circumstances, subject to legal requirements that may obligate us to retain certain information.

Restriction and Objection

You may have the right to restrict or object to our processing of your personal information in certain circumstances.

Withdrawal of Consent

Where we process your information based on your consent, you have the right to withdraw that consent at any time.

Data Protection Authority

You have the right to lodge a complaint with a data protection authority if you believe that our processing of your personal information does not comply with legal requirements.

How to Exercise Your Rights

To exercise any of these rights, please contact us using the information provided in the "Contact Us" section below. We may need to verify your identity before responding to your request. We will respond to your request within the timeframes required by applicable law.

Please note that some of these rights may be limited where we have compelling legitimate grounds or legal obligations to process your personal information.

California Privacy Rights

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with specific rights regarding your personal information. This section describes your CCPA rights and explains how to exercise those rights.

Access to Specific Information and Data Portability

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months, including:

• Categories of personal information we collected about you
• Categories of sources for the personal information
• Our business or commercial purpose for collecting that information
• Categories of third parties with whom we share that information
• The specific pieces of personal information we collected about you

Deletion Request Rights

You have the right to request that we delete your personal information, subject to certain exceptions permitted by law.

"Do Not Sell My Personal Information"

If we sell personal information, you have the right to opt-out of the sale of your personal information. We do not sell personal information of users as defined by the CCPA.

Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. We will not:

• Deny you goods or services
• Charge you different prices or rates for goods or services
• Provide you with a different level or quality of goods or services
• Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services

Exercising Your California Privacy Rights

To exercise the rights described above, please submit a verifiable consumer request to us using the contact information provided in the "Contact Us" section.

Only you, or a person registered with the California Secretary of State whom you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.

We will respond to a verifiable consumer request within 45 days of its receipt. If we require more time, we will inform you of the reason and extension period in writing.

International Data Transfers

Secured Carbon is based in the United States, and we process and store information in the United States and other countries. The data protection laws in these countries may differ from those in your country of residence.

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we ensure appropriate safeguards are in place for the transfer of your personal information to countries outside the EEA, UK, or Switzerland, including:

• Standard Contractual Clauses approved by the European Commission
• Binding Corporate Rules for transfers to our affiliates
• Derogations provided for in Article 49 of the GDPR, such as explicit consent

By using our Services, you acknowledge that your information may be transferred to our facilities and to third parties with whom we share it as described in this Privacy Policy.

Children's Privacy

Our Services are not directed to children under the age of 18, and we do not knowingly collect personal information from children under 18. If you are a parent or guardian and you believe that your child has provided us with personal information, please contact us immediately. If we become aware that we have collected personal information from a child under 18 without verification of parental consent, we will take steps to remove that information from our servers.

Changes to Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. If we make material changes to this Privacy Policy, we will notify you by:

• Posting a notice on our website
• Sending an email to the address associated with your account
• Providing notification through our Services

The date this Privacy Policy was last revised is indicated at the bottom of the page. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

Your continued use of our Services after we post any modifications to this Privacy Policy will constitute your acknowledgment of the modifications and your consent to abide by and be bound by the modified Privacy Policy.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:

Email: [email protected]
Mail: 633 Main Street, Half Moon Bay, CA 94109

We will respond to your inquiry within a reasonable timeframe.