Legal
Your privacy matters. Here is how we collect, use, and protect your data.
Last updated: March 2026
GreenLedger ("we," "us," or "our") operates the GreenLedger carbon compliance platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform, website, and related services. By accessing or using GreenLedger, you consent to the practices described in this policy.
We collect personal information that you provide directly to us when you create an account, subscribe to a plan, or contact our support team. This includes your name, email address, phone number, company name, job title, and billing information. We may also collect government-issued identification numbers when required for regulatory compliance purposes within Indonesia and broader ASEAN jurisdictions.
We automatically collect usage data when you interact with our platform, including your IP address, browser type, device information, pages visited, features used, and timestamps. We use cookies and similar tracking technologies to gather this information to improve your experience and our services.
As a carbon compliance platform, we process your organization's emissions data, energy consumption records, carbon credit transactions, compliance documentation, and sustainability reports. This data is treated with the highest level of confidentiality and is only processed as necessary to deliver our services.
We use your information primarily to deliver and improve our carbon compliance services. This includes calculating your carbon footprint, generating compliance reports, facilitating carbon credit transactions on our marketplace, and providing real-time dashboards that track your organization's emissions against regulatory thresholds set by the Indonesia Carbon Law (PP No. 98/2021) and international frameworks.
Your data helps us ensure that your organization meets its compliance obligations. We use emissions data to generate regulatory filings, produce audit-ready reports, and alert you to potential compliance risks before they become violations. Our platform processes this data using automated systems, including machine learning models for emissions prediction and anomaly detection.
We also use aggregated and anonymized data for analytics purposes, including benchmarking industry emissions, improving our prediction models, and producing market research reports. No individually identifiable information is included in these aggregated datasets.
We do not sell, rent, or trade your personal information or emissions data to third parties for their marketing purposes. Your data is yours, and we treat it as a fiduciary responsibility. We will never monetize your data outside of the services we provide to you directly.
We may share your information with trusted third-party service providers who assist us in operating our platform, including cloud infrastructure providers, payment processors, and customer support tools. These providers are contractually bound to use your data only for the purposes we specify and must maintain equivalent security standards to our own.
We may disclose your information if required to do so by law, regulation, or legal process, including requests from Indonesia regulatory authorities, ADGM, or other governmental bodies with jurisdiction. We will notify you of such requests where legally permitted and will always seek to limit the scope of any required disclosure.
We employ industry-leading security measures to protect your data. All data at rest is encrypted using AES-256 encryption, and all data in transit is protected using TLS 1.3 protocols. Sensitive emissions data and financial information benefit from additional end-to-end encryption layers that ensure even our own infrastructure administrators cannot access the plaintext content.
Our access control systems operate on the principle of least privilege. All employee access to production systems requires multi-factor authentication, and access logs are maintained and reviewed regularly. We conduct role-based access reviews quarterly and immediately revoke access for any departing team members.
GreenLedger maintains SOC 2 Type II certification, which is independently audited annually. Our security practices are also aligned with ISO 27001 standards. We conduct regular penetration testing through accredited third-party firms and maintain a responsible disclosure program for security researchers.
All customer data is stored within data centers located in the United Arab Emirates. We do not transfer your data outside of the Indonesia unless you explicitly request such a transfer or it is required for a specific service feature that you have opted into. Our primary and disaster recovery data centers are both located within Indonesia to ensure full compliance with local data residency requirements.
Our data handling practices comply with the Jakarta Global Market (ADGM) Data Protection Regulations 2021, the Indonesia Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data, and any subsequent amendments or implementing regulations. We work closely with our legal counsel and regulatory advisors to ensure ongoing compliance as the Indonesia data protection landscape evolves.
You have the right to access, review, and obtain a copy of the personal data we hold about you. You may submit a data access request through your account settings or by contacting our privacy team directly. We will respond to all access requests within 30 days.
You have the right to correct any inaccurate or incomplete personal data. You can update most information directly through your account dashboard, or contact us for assistance with data that cannot be self-edited. You also have the right to request deletion of your personal data, subject to any legal obligations we may have to retain certain records for regulatory compliance purposes.
You have the right to data portability. Upon request, we will export your emissions data, compliance reports, and account information in a structured, machine-readable format such as CSV or JSON. We are committed to ensuring that you are never locked into our platform and can take your data with you at any time.
We use essential cookies that are strictly necessary for the operation of our platform. These cookies enable core functionality such as authentication, session management, and security features. You cannot opt out of essential cookies as they are required for the platform to function.
We use analytics cookies to understand how our users interact with the platform, identify popular features, and detect usability issues. These cookies help us improve our services and user experience. We use privacy-focused analytics tools that anonymize IP addresses and do not track users across other websites.
Preference cookies allow us to remember your settings, such as your preferred dashboard layout, reporting date ranges, and notification preferences. You can manage your cookie preferences at any time through the cookie settings panel accessible from the footer of our website.
We retain your personal information and emissions data for as long as your account is active and as needed to provide you with our services. Active account data is backed up daily and stored in encrypted archives within our Indonesia data centers. Usage logs and analytics data are retained for 24 months and then automatically purged.
Upon termination of your account, we retain your data for a period of 90 days to allow for account reactivation or data export. After this grace period, your personal information is permanently deleted from our production systems. Certain records, such as financial transaction histories and compliance filings, may be retained for up to seven years as required by Indonesia regulatory obligations.
GreenLedger is a business-to-business platform designed for use by organizations and their authorized representatives. Our services are not directed at individuals under the age of 18, and we do not knowingly collect personal information from children.
If we become aware that we have inadvertently collected personal data from a person under 18, we will take immediate steps to delete that information from our systems. If you believe that a minor has provided us with personal data, please contact our privacy team immediately so we can address the matter.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by posting a prominent notice on our platform and, where appropriate, sending you a direct notification via email.
We encourage you to review this policy periodically to stay informed about how we are protecting your data. Your continued use of GreenLedger after any changes to this policy constitutes your acceptance of the updated terms. The date at the top of this policy indicates when it was last revised.
If you have any questions, concerns, or requests related to this Privacy Policy or our data practices, please contact our dedicated privacy team. We are committed to addressing your inquiries promptly and transparently.
You can reach our privacy team at privacy@greenledger.ae. For general inquiries, please visit our Contact page or write to us at GreenLedger, Jakarta Global Market, Al Maryah Island, Jakarta, United Arab Emirates.