This Privacy Policy describes how CEARTscore LLC ("CEART," "we," "us," or "our") collects, uses, and shares information about you when you use our website, applications, and services (collectively, the "Services"). This Privacy Policy applies to information we collect when you access or use our Services or otherwise interact with us. 1. INFORMATION WE COLLECT (a) Information You Provide to Us. We collect information you provide directly to us, including: • Account Information: When you create an account, we collect your name, email address, company name, and password. • Profile Information: You may provide additional information such as job title, phone number, company details, and organizational information. • Project Data: Information you submit through the Services, including project details, sustainability metrics, ESG assessments, documents, and related data. • Communications: When you contact us for support or communicate with us through the Services, we collect the contents of your messages and any information you choose to provide. • Payment Information: If you make a payment, our third-party payment processors collect your payment card information and billing details. (b) Information We Collect Automatically. When you access or use our Services, we automatically collect certain information, including: • Usage Information: We collect information about your interactions with the Services, such as the features you use, pages viewed, time spent, and navigation paths. • Device Information: We collect information about the device you use to access the Services, including hardware model, operating system, browser type, IP address, and device identifiers. • Location Information: We may derive your approximate location from your IP address. • Cookies and Similar Technologies: We use cookies, web beacons, and similar tracking technologies to collect information about your browsing activities. You can control cookies through your browser settings. (c) Information from Third Parties. We may receive information about you from third parties, including: • Authentication Services: If you sign in through a third-party service (such as Microsoft Azure), we receive information from that service as permitted by your settings with that service. • Business Partners: We may receive information from our business partners or service providers that help us provide the Services. 2. HOW WE USE YOUR INFORMATION We use the information we collect to: • Provide, maintain, and improve the Services • Process and complete transactions, and send related information • Create and manage your account • Send technical notices, security alerts, and administrative messages • Respond to your comments, questions, and customer service requests • Communicate with you about products, services, and events offered by CEART and others • Monitor and analyze trends, usage, and activities in connection with our Services • Detect, investigate, and prevent fraudulent transactions and other illegal activities • Personalize and improve the Services and provide content or features that match user profiles or interests • Generate ESG reports, analytics, and benchmarking data • Comply with legal obligations and enforce our agreements 3. HOW WE SHARE YOUR INFORMATION We may share information about you as follows: • With Other Users: When you collaborate on projects within the Services, other authorized users within your organization or project may view your profile information and project contributions. • With Service Providers: We share information with third-party vendors, consultants, and other service providers who perform services on our behalf, such as hosting, data analysis, payment processing, customer service, and email delivery. • For Compliance and Protection: We may disclose information if we believe disclosure is in accordance with, or required by, any applicable law, regulation, or legal process; to protect the rights, property, or safety of CEART, our users, or others; or to detect, prevent, or address fraud or security issues. • Business Transfers: If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of our assets, your information may be transferred as part of that transaction. • With Your Consent: We may share information with your consent or at your direction. • Aggregated or De-identified Information: We may share aggregated or de-identified information that cannot reasonably be used to identify you. We do not sell your personal information to third parties. 4. DATA SECURITY We implement reasonable administrative, technical, and physical security measures designed to protect the information we collect and maintain. These measures include: • Encryption of data in transit using SSL/TLS protocols • Encryption of sensitive data at rest • Regular security assessments and vulnerability testing • Access controls and authentication mechanisms • Employee training on data protection and security practices • Monitoring for unauthorized access or security incidents However, no security measures are perfect, and we cannot guarantee the absolute security of your information. 5. DATA RETENTION We retain your information for as long as your account is active or as necessary to provide you the Services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, enforce our agreements, and as otherwise permitted by law. When we no longer need to retain your information, we will securely delete or anonymize it. 6. YOUR RIGHTS AND CHOICES Depending on your location, you may have certain rights regarding your information: • Access: You may request access to the personal information we hold about you. • Correction: You may request that we correct inaccurate or incomplete information. • Deletion: You may request that we delete your personal information, subject to certain legal exceptions. • Portability: You may request a copy of your personal information in a structured, commonly used, and machine-readable format. • Objection: You may object to our processing of your personal information in certain circumstances. • Restriction: You may request that we restrict the processing of your personal information. • Withdraw Consent: Where we rely on consent as the legal basis for processing, you may withdraw your consent at any time. To exercise these rights, please contact us at info@ceart.io. You may also update certain account information by logging into your account. 7. THIRD-PARTY LINKS AND SERVICES The Services may contain links to third-party websites or services that are not owned or controlled by CEART. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access through the Services. 8. CHANGES TO THIS PRIVACY POLICY We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email (sent to the email address specified in your account) or by posting a notice on our website prior to the effective date of the changes. We encourage you to review this Privacy Policy periodically for the latest information on our privacy practices.