Privacy Policy

1. Data We Collect

Identity data: name and email address during account registration.

Business profile data: business type, size, location, and operational practices you provide in the assessment.

Usage data: assessment results, sustainability scores, roadmaps, and conversation history with the AI consultant.

Technical data: device type, browser, IP address, and display preferences (language, theme).

Gamification data: industry rank, achievement badges, weekly streaks, and category scores (energy, waste, supply chain, operations, policy).

Analytics data: if you consent to analytics cookies, Google Analytics collects anonymized data about site usage patterns, including pages visited, visit duration, traffic sources, general location (country/city), and device type. This data does not directly contain personally identifiable information.

2. Purpose of Data Collection

To provide personalized sustainability assessment and consultation services.

To generate relevant sustainability scores, action roadmaps, and AI recommendations.

To improve service quality and user experience.

To comply with applicable legal and regulatory obligations.

To analyze aggregate platform usage patterns through Google Analytics (if you consent to analytics cookies) to improve features and user experience.

3. Data Storage and Security

Data is stored on Supabase servers with AES-256 encryption at rest and TLS 1.3 encryption in transit.

The database is protected with Row Level Security (RLS) ensuring each user can only access their own data.

We apply the principle of data minimization, only collecting data necessary to provide our services.

Data will be stored as long as your account is active. After account deletion, data will be removed within 30 business days.

4. Data Subject Rights

Under UU PDP No. 27/2022, you have the right to: access your personal data, correct inaccurate data, delete your personal data, restrict data processing, and data portability.

To exercise these rights, contact us at hello@subakhijau.app or through the Contact page.

We will respond to your request within 3x24 hours as required by the PDP Law.

5. Cookies and Tracking

Subak Hijau uses functional cookies to store display preferences (language and theme), as well as analytics cookies from Google Analytics to understand platform usage patterns.

You can manage cookie consent granularly through the consent banner when first visiting the site. Analytics cookies are only activated if you explicitly consent.

Full information about the cookies we use is available on the Cookie Policy page.

6. Data Sharing with Third Parties

Supabase (database and authentication): Profile data, assessments, scores, roadmaps, and conversation history are stored on Supabase servers. Supabase's privacy policy applies to this data storage.

AI providers (Anthropic/OpenAI via AI Gateway): Your assessment data and business context are sent to AI models to generate scores, roadmaps, and chat responses. Data is processed according to each provider's privacy policy.

Google Analytics: Anonymized usage data is sent to Google for platform usage analysis, only if you consent to analytics cookies. Google processes this data in accordance with Google's Privacy Policy.

Vercel (hosting): The platform is hosted on Vercel. Access logs and technical data (IP address, user agent) are processed by Vercel in accordance with its privacy policy.

We do not sell your personal data to any third party.

7. Policy Changes

We reserve the right to update this privacy policy at any time. Material changes will be communicated via email or platform notification.

Continued use of the service after changes constitutes acceptance of the updated policy.

The latest version of this policy is always available on this page.