Privacy Policy
At Circonomy, protecting your personal data matters to us. This Privacy Policy explains what personal data we collect, the purposes for which we use it, with whom we share it, and the rights you possess. This Policy applies to our website, our dMRV platform, our marketplace, and to any individuals whose personal data we handle, including project developers, agricultural participants (such as farmers), and the platform Users.
We process personal data in strict accordance with the Singapore Personal Data Protection Act (PDPA)and India's Digital Personal Data Protection Act 2023 (DPDP Act).
- 1. Who we are
- Circonomy Pte. Ltd. (UEN: 202246128N), located at 21 Jalan Jelita, 278345 Singapore, acts as the primary Data Controller. We own the platform infrastructure in Singapore; however, our software development, hosting and technical user support are carried out in India. Consequently, your data is processed across both Singapore and India.
- 2. The personal data we collect
- To facilitate robust monitoring, reporting, and verification workflows, we collect the following categories of data:
- Identity and Contact Data: Name, age, gender, email, phone number, physical address, geographical location and profile photographs.
- Account and Project Data: Details pertaining to operations (e.g. farm details, crops grown), verified ID proofs, and bank account details. This also includes platform-specific organisational data such as Operator numbers, registered entities, data mapped to network and users.
- Device and Telemetry Data: Device ID, hardware model number, mobile phone brand, battery status, mobile network, Total RAM, application RAM usage, total/available storage, Operating System (OS), OS version, application version.
Obligations of Project Developers: If a project developer provisions the platform with personal data belonging to other individuals (e.g., employees, farmers, or third party contractors), the Project Developer assumes full responsibility for ensuring they possess the lawful basis and necessary consent to share that data with Circonomy. - 3. Why we use your data, our legal basis and how long we keep it
- We do not sell your personal data under any circumstances. Furthermore, we do not use identifiable personal data to train Artificial Intelligence or Machine Learning models without your explicit consent, though we may utilize fully anonymized datasets for platform enhancement.
Purpose Legal basis Retention Provide and administer your account , the platform and marketplace Contract / consent Duration of your account, plus a 30-day grace period following account closure to facilitate data export. Process projects, transactions, orders, invoices and payments Contract; legitimate interests 7 to 10 years after the business relationship ends, strictly to comply with statutory tax and accounting audit requirements. Certify projects and issue/transfer/retire carbon credits, including sharing data with registries and Verification & Validation Bodies (VVBs) Contract; legitimate interests; standard/registry requirements Life of the carbon project plus an additional 7 years (or as expressly mandated by the applicable carbon standard/registry policies). KYC, Anti-Money Laundering (AML), and fraud prevention Legal obligation At least 5 to 7 years after the termination of the business relationship, in accordance with financial-crime regulations. Respond to enquiries and provide technical support Consent / legitimate interests Until the technical or support request is fully resolved, plus 12 months for quality assurance tracking. Marketing about our services (where permitted) Consent / legitimate interests Retained only until you withdraw consent (opt out). Security, analytics and improving the platform Consent (analytics); legitimate interests Application logs for 12 months; forensic security and audit logs for up to 24 months to ensure platform integrity. - 4. Who we share your data with
- We operate on a principle of least privilege and share personal data only as strictly necessary. Data may be shared with:
- Our Indian operations and dedicated support staff
- Authorised service providers acting strictly on our instructions (including hosting, IT infrastructure, payment gateways, communications, identity verification partners)
- Project and Commercial partners
- Carbon registries, standards bodies and independent Verification and Validation Bodies (VVBs)
( Note: Some of these entities are located in the EU, and act as independent data controllers under their own regulatory terms.) - Professional advisers and public authorities only where explicitly required by law
- 5. International transfers
- Your data routes between Singapore and India and may be subsequently transferred to carbon registries and verification bodies in the EU or other global jurisdiction for the purpose of certifying and issuing credits. We execute all international transfers in strict compliance with the PDPA and the DPDP Act, ensuring appropriate contractual safeguards are in place with the recipients.
- 6. Your Data Rights
- Subject to applicable law, you reserve the right to:
- Access your personal data.
- Request corrections or the complete erasure of your data. (Note: The right to erasure may be superseded by our legal obligations to retain data related to carbon registries and financial data).
- Withdraw previously granted consent.
- Raise a formal grievance or nominate a representative to act on your behalf.
To exercise any of these rights, please contact us using the details provided below. We reserve the right to verify your identity prior to fulfilling any requests. You also retain the right to lodge a formal complaint with the Personal Data Protection Commission (Singapore) or the Data Protection Board of India. - 7. Security
- We implement rigorous technical and organisational measures to safeguard your data. This includes strict Role-Based Access Controls (RBAC), TLS 1.3 encryption for data in transit, and AES-256 encryption for data at rest. In the event of a notifiable data breach, we will inform the relevant regulatory authorities and all affected individuals within the legally mandated timeframes.
- 8. Cookies
- We utilize strictly necessary cookies to ensure the core functionality of our site. With your explicit consent, we may also deploy analytics cookies. You retain full control to manage or disable cookies via your browser settings.
- 9. Contact and changes
- We may update this Privacy Policy periodically to reflect technological advancements or regulatory changes; the effective date at the top of this document denotes the latest version.
Contact email: support@circonomy.co
Contact address: Circonomy Pte. Ltd., 21 Jalan Jelita, 278345 Singapore