Privacy & Data Security Statement
Effective Date: 23-May-2025
Last Updated: 23-May-2025
At SustainIQ360, we are committed to protecting your data privacy and maintaining robust data security standards. This statement outlines how we collect, process, store, and protect your data when you use our services, including the handling of files submitted for compliance checking and analysis.
πWhat Data We Collect
- Files uploaded by users for standard and report validation
- Associated metadata (e.g., filename, MIME type)
- Technical usage logs (e.g., timestamps, request IDs)
We do not access or store any personal or sensitive information beyond what is submitted explicitly via file uploads or user inputs. We recommend not loading any personal information into the app as it is not required to produce report results.
πHow We Protect Your Data
- Server-side encryption (SSE-S3): All files uploaded to Amazon S3 are encrypted at rest using AES-256 bit encryption.
- Secure uploads via HTTPS: File uploads occur through pre-signed S3 URLs, ensuring encrypted transmission over TLS.
- Controlled access: Files are stored in isolated, job-specific paths. Access is strictly limited to internal processing functions.
- Post-analysis retention: Data is retained up to 7 days post-analysis unless explicitly agreed to by the user or required for compliance obligations.
π€Third-Party AI Processing (Gemini API & OpenAI API)
For checking and validating files against compliance standards, we transmit uploaded content to paid versions of Googleβs Gemini API and OpenAI API. According to their policy:
- Google/OpenAI does not use your prompts, files, or responses to improve their products.
- Google/OpenAI processes your data under their Data Processing Addendum.
- Prompts and responses may be transiently logged and retained for a limited time to:
- Detect policy violations
- Meet legal/regulatory obligations
We do not use βWeb Search,β and no additional web enrichment is performed unless explicitly stated.
πData Location
Data may be temporarily processed or cached in regions where Google, OpenAI and AWS operate, subject to their data protection standards.
πYour Rights and Choices
You may request:
- Deletion of your uploaded content
- Clarification about data processing
Please contact chris.thompson@fcthree.com.au for any privacy-related concerns or to exercise your rights.