Privacy Policy

Last updated: April 2026

Data Controller

METIS SAS, 120 Chemin de Ceinture, 13400 Aubagne, France. Contact: privacy [at] carbon-badge.com

Data We Collect

Without an account

• Scanned URLs and their CO₂ results (stored anonymously)
• IP address (for rate limiting, hashed after 24h)
• Anonymous usage analytics (GA4 with IP anonymisation — only after consent)

With an account

• Email address and name (required for account)
• Password (hashed with bcrypt, never stored in plaintext)
• Stripe Customer ID (for subscription management)
• Scan history associated with your account

Legal Basis (GDPR)

• Contract performance — processing needed to deliver the service
• Legitimate interest — rate limiting, fraud prevention
• Consent — analytics cookies (GA4)

Data Sharing

• Stripe — payment processing (USA, Privacy Shield / SCCs)
• Google Analytics — only after explicit consent, IP anonymised
• Green Web Foundation — hostname sent to check green hosting status (public API)

We never sell your data.

Data Retention

• Account data: until account deletion + 30 days
• Scan results: 90 days (anonymous); indefinite (with account)
• IP logs: 24 hours then hashed
• Payment data: 5 years (legal obligation)

Your Rights (GDPR)

You have the right to access, rectify, erase, port, and restrict processing of your data. Contact privacy [at] carbon-badge.com. You may also lodge a complaint with the CNIL (cnil.fr).

Cookies

We use one strictly necessary session cookie and, with your consent, Google Analytics 4 cookies for usage statistics. You can withdraw consent at any time via the cookie banner.