Last updated: April 2026
This Data Processing Agreement (“DPA”) forms part of the Terms of Service between Green-Trace AI Ltd (“Processor”) and the Customer (“Controller”) where Green Trace AI processes personal data on the Customer’s behalf.
The Customer is the Controller of personal data submitted to the Service. Green-Trace AI Ltd acts as Processor under UK GDPR Article 28 and the Data Protection Act 2018.
Processing is carried out for the purpose of providing carbon and sustainability compliance reporting. Processing continues for the term of the subscription and any reasonable wind-down period.
We process Customer data to extract activity data from documents (e.g. utility bills), calculate emissions, generate compliance reports, and operate the Service.
We use the following sub-processors. We will give the Customer notice of any changes and an opportunity to object.
We apply appropriate technical and organisational measures, including encryption in transit (TLS), encryption at rest, role-based access controls, and audit logging.
We host primary data within the UK / EEA where possible. Where transfers outside the UK / EEA occur (e.g. via the Anthropic API), we rely on appropriate safeguards including the UK International Data Transfer Addendum.
We will assist the Customer in responding to data subject requests under UK GDPR Articles 15–22 within reasonable timeframes.
On termination, Customer data is deleted within 30 days unless retention is required by law. Backups are purged on a rolling basis.
For DPA matters: support@greentraceai.co.uk