Privacy Policy

Last updated May 19, 2026

In summary, CarbonLink:

Utilizes data storage services located within the EU/EEA region.
Retains historical data to continuously improve calculation accuracy.
Does not store personal data linked to financial information but retains basic information about users logging into the reporting interface.

Data Protection Officer

CarbonLink’s data protection and security are managed by Jussi Mononen (jussi.mononen@carbonlink.fi).

Data Retention

The CarbonLink service records the user’s name, username, email address, and company.

CarbonLink does not intentionally store any structured personal data that may be included in invoice data, such as names, addresses, or contact information. If CarbonLink receives data containing such information, it is removed. Personal data may appear in the system if, for instance, it is included in free-form descriptions within the data. These details are not necessary for the service, and all such information is deleted if identified.

Data Storage

The CarbonLink service uses cloud and data center services provided by external vendors for data processing and storage. A key criterion for selecting these vendors is that their services operate within the EU/EEA region.

Historical data is retained for later review and audit of reporting results, as well as to improve calculations when data (both customer and scientific data) is updated.

Access to the Data

Access to data management related to the CarbonLink service is restricted to personnel developing the calculations. Access requires multi-factor authentication with a mandatory physical security key token.

Customers have limited access to their own data through CarbonLink’s user management, using single-factor authentication.