Privacy Policy

Last updated: February 14, 2026

This privacy policy describes our practices to the best of our knowledge. We recommend consulting with a qualified legal professional for advice specific to your situation. This document is not a substitute for professional legal counsel.

1. Introduction

GreenMetric AI (“we,” “us,” or “our”) operates the GreenMetric AI platform, a SaaS API service that provides environmental product scoring, CO2 estimates, and lifecycle assessment data. We are based in the United States.

This Privacy Policy explains how we collect, use, share, and protect your information when you use our website, API, dashboard, and related services (collectively, the “Service”). By using the Service, you acknowledge that you have read and understood this policy.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Your name and email address
  • Password (stored using bcrypt hashing — we never store your password in plain text)
  • Organization name

2.2 Payment Information

Payment processing is handled entirely by Stripe. We do not store, process, or have access to your full credit card numbers, debit card numbers, or bank account details. Stripe may share with us limited information such as the last four digits of your card, card type, expiration date, and billing address so that we can display payment information in your dashboard and for record-keeping purposes. For details on how Stripe handles your payment data, please review Stripe's Privacy Policy.

2.3 Usage Data

We collect information about how you interact with our Service, including:

  • API call logs and analysis requests
  • Timestamps of requests
  • IP addresses
  • API endpoints accessed and response codes
  • Usage volume relative to your plan (Free, Starter, Pro, or Enterprise)

2.4 Product Data You Submit

When you use our analysis API, you may submit:

  • Product URLs — we scrape publicly available product pages (e.g., Amazon, retailer websites) to extract product information for environmental analysis
  • Text descriptions of products

Submitted text descriptions are stored in our database. Product URLs are used to retrieve publicly available information and are logged as part of the analysis request.

2.5 Analysis Results

Environmental scores, CO2 estimates, and lifecycle assessment data generated from your requests are stored and associated with your organization's account.

2.6 Automatically Collected Information

When you visit our website or use the dashboard, we may automatically collect:

  • Browser type and version
  • Operating system
  • Referring URL
  • Pages visited and time spent
  • IP address

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Process your API requests and return environmental analysis results
  • Manage your account, authentication, and organization membership
  • Process payments and manage your subscription plan
  • Send transactional emails, including email verification, password resets, and team invitations
  • Monitor API usage and enforce plan limits
  • Detect, prevent, and address abuse, fraud, or technical issues
  • Improve and optimize the Service
  • Respond to your support requests and communications
  • Comply with legal obligations

4. How We Share Your Information

We do not sell your personal data to anyone. We also do not share the product URLs or descriptions you submit for analysis with any third party.

We share information only with the following categories of service providers, solely to operate the Service:

  • Stripe — for payment processing. Stripe receives the payment information you provide at checkout.
  • Resend — for transactional email delivery (verification emails, password reset emails, and team invitation emails). Resend receives the recipient email address and the email content.
  • Infrastructure and hosting providers — our database (MongoDB) and cache (Redis) are hosted by third-party cloud providers. These providers store data on our behalf but do not access or use it for their own purposes.

We may also disclose information if required by law, legal process, or government request, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.

5. Data Retention

We retain your account information for as long as your account remains active. If you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal or compliance reasons.

Usage logs (API call records, timestamps, IP addresses) are retained for up to 12 months for analytics and abuse-prevention purposes.

Analysis results (environmental scores, CO2 estimates) associated with your organization are retained for the lifetime of your account and deleted upon account closure.

6. Your Rights

Depending on your location, you may have certain rights regarding your personal data.

For EU/EEA Users (GDPR)

If you are located in the European Union or European Economic Area, you have the right to:

  • Access the personal data we hold about you
  • Rectify inaccurate personal data
  • Request erasure of your personal data
  • Restrict or object to the processing of your personal data
  • Data portability — receive your data in a structured, machine-readable format
  • Withdraw consent at any time, where processing is based on consent
  • Lodge a complaint with your local data protection authority

For California Residents (CCPA)

If you are a California resident, you have the right to:

  • Know what personal information we collect, use, and disclose
  • Request deletion of your personal information
  • Opt out of the sale of personal information — though we do not sell personal data
  • Non-discrimination for exercising your privacy rights

For All Users

Regardless of your location, you can:

  • Update or correct your account information through your dashboard
  • Request a copy of the data we hold about you
  • Request deletion of your account and associated data
  • Opt out of non-essential communications

To exercise any of these rights, please contact us through our contact page. We will respond to your request within 30 days.

7. Security Measures

We take reasonable measures to protect your information, including:

  • Passwords are hashed using bcrypt before storage
  • All data transmitted between your browser and our servers is encrypted via TLS/HTTPS
  • API keys are generated with sufficient entropy and can be revoked at any time
  • Access to production databases is restricted and monitored
  • Payment data is handled entirely by Stripe, a PCI DSS Level 1 certified provider

While we strive to protect your personal information, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security of your data.

8. Cookies

We use cookies strictly for essential functionality:

  • Session and authentication cookies — these keep you logged in and maintain your session state. They are necessary for the Service to function.

We do not use third-party tracking cookies, advertising cookies, or analytics cookies from third-party providers. We do not participate in cross-site tracking.

9. International Data Transfers

GreenMetric AI is based in the United States. If you access the Service from outside the United States, your information may be transferred to and processed in the United States or other countries where our service providers operate.

If you are located in the EU/EEA, we rely on appropriate legal mechanisms for international data transfers, such as Standard Contractual Clauses (SCCs) where applicable. If you have questions about international transfers, please contact us.

10. Children's Privacy

The Service is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will take steps to delete that information as quickly as possible. If you believe a child under 13 has provided us with personal information, please contact us through our contact page.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date at the top of this page and, where appropriate, notify you via email or through the Service.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Contact us through our website or find us on LinkedIn.

We aim to respond to all privacy-related inquiries within 30 days.