1ESG - Sustainable ESG

Privacy Policy

Last updated: 19 April 2026

This Privacy Policy explains how 1esg.app ("we", "us", "our") collects, uses, stores and discloses personal data when you visit our website or use our ESG reporting platform (the "Service"). We act as a data processor for ESG content you upload on behalf of your organisation, and as a data controller for account and marketing data described below.

1. Data we collect

  • Account data — name, work email, company, role, country, password hash.
  • Workspace content — ESG datapoints, supplier responses, evidence files, narratives you enter.
  • Sales & lead data — contact form submissions, demo requests, ROI calculator inputs.
  • Operational logs — IP address, user agent, request paths, error traces (retained 30 days).
  • Cookies — strictly necessary cookies for authentication; analytics cookies only when you click Accept all.

2. How we use it

  • Deliver and secure the Service (legal basis: contract, Art. 6(1)(b) GDPR).
  • Respond to sales enquiries and onboard customers (legitimate interest, Art. 6(1)(f)).
  • Improve the product through aggregated, anonymised analytics (consent, Art. 6(1)(a)).
  • Comply with tax, accounting and legal obligations (Art. 6(1)(c)).

3. Where we store data

All customer data is stored in EU-region infrastructure (Frankfurt, Germany). We do not transfer personal data outside the EEA without Standard Contractual Clauses or an adequacy decision in place.

4. Sub-processors

We rely on a small number of vetted sub-processors:

  • Supabase (database & auth, EU region).
  • Cloudflare (edge runtime & CDN).
  • Resend (transactional email).
  • Google Cloud / OpenAI (AI inference for the co-pilot — no training on your data).

The current list is available on request via privacy@techproconsult.com.

5. Retention

Workspace data is retained for as long as your account is active and for 90 days after cancellation, after which it is permanently deleted. Lead data is retained for 24 months unless you request earlier deletion.

6. Your rights (GDPR)

You have the right to access, rectify, erase, restrict or port your personal data, and to object to processing based on legitimate interest. Email privacy@techproconsult.com and we will respond within 30 days. You may also lodge a complaint with your supervisory authority.

7. Security

Row-level security isolates every workspace; passwords are hashed with bcrypt; all traffic is TLS 1.3; backups are encrypted at rest. We run periodic vulnerability scans and follow responsible-disclosure practices.

8. Cookies

We set a single strictly-necessary cookie for session management. Analytics cookies (Plausible, no personal identifiers) are only loaded after you click Accept allin the cookie banner. You can change your choice anytime by clearing site data.

9. Contact

Data Protection contact: privacy@techproconsult.com. For enterprise customers requiring a signed Data Processing Agreement, see our DPA.

10. Changes

We will post any material changes on this page and notify account holders by email at least 30 days before they take effect.