Our Privacy Policy

Thank you for choosing to be part of our community at Connect Earth. We are committed to protecting your personal information and your right to privacy. If you have any questions or concerns about this privacy notice or how we use personal data, please contact us at dataprotection@connect.earth.

This privacy notice applies to personal data we use for:
operating the connect.earth website delivering our products and services to our business customers sales and marketing activities


Connect Earth Limited is a private limited company registered in England and Wales.

Company number: 13444853

Registered office address: 60 Cannon Street, London, EC4N 6NP

We act as a controller of personal data. We are registered with the UK’s Information Commissioner’s Office, registration number ZB500968. 


We may have personal data about you because:

  • you visited our website
  • your organisation used one of our carbon accounting services

We use Hotjar to analyse how visitors use our website. Hotjar:

  • uses information such as your IP address, the website you arrived from, and information about your device (e.g. device type, operating system, screen resolution, language, country, and browser type) to determine which parts of our site you visit, the date and duration of each visit.
  • stores this data in a pseudonymised user profile (that is, a profile that’s unique to you but does not use your name)
    is forbidden by contract from selling any of the data collected on our behalf.

For more information about Hotjar’s use of personal data , please their privacy notice at https://www.hotjar.com/legal/policies/privacy/.

Our website also uses cookies. We list those and explain what they do in a separate Cookie Notice.

We use Cognism as a directory of business-to-business contacts. Via Cognism, we may collect personal information about you: your name, company email address, work phone number, location, employment history, skills, employer, employer location, technographic data, chronographic data, and intent data. We use this information for direct marketing. Our lawful basis for this processing is our legitimate interest to market our products and services to potential customers.

Our carbon insights and accounting services involve analysing our business customer’s bank account and payment card statements. Since we only sell to organisations, we expect most of the transaction data we receive will not contain personal data. However, we cannot guarantee this. For example:

  • if a statement is for a very small number of payment cards, the transactions could reveal information about the individual cardholders
  • depending on the bank and the vendor, some transaction descriptions could contain enough information to identify an individual purchaser or payee.


We use personal data about our website visitors (Website Data) as follows: 

  1. To send marketing and promotional messages according to your marketing preferences. 
  2. To deliver ads and website content that are personalised to your interests or location, and to measure the effectiveness of those ads or that content

We use transaction details from bank and payment card statements sent to us by our customers (Customer Data) to calculate the carbon emissions represented by those purchases (Emissions Data). We then report the Emissions Data back to that customer.


We share Website Data with our external marketing partners. Each of them uses the Website Data according to their own privacy notices and policies:


Our website and carbon insights and accounting service servers are located in the UK, EU and the USA. 

Transfers to the USA are safeguarded as follows:

  1. Where possible, we use vendors that participate in the UK-US Data Bridge programme and the EU-US Data Privacy Framework.
  2. For vendors that are not part of the Data Bridge and Data Privacy Framework programmes, we use the combination of:
    1. a contract that includes both the Standard Contractual Clauses approved by the European Commission and the appropriate addendum approved by the UK’s Information Commissioner under the Data Protection Act 2018.
    2. appropriate supplementary measures.

      We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy notice. 

Once our purposes have been met, we will either delete or anonymise the personal data. If this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.



We have implemented appropriate technical and organisational security measures designed to protect the security of any personal information we process. These measures include:

  • Use of encryption technologies to protect data both at rest and in transit
  • Full CI/CD change management process using IaaC and automated tests and security scans
  • Annual penetration testing & resolution
  • Annual security training for employees and on onboard
  • Dependency vulnerability scans and static code security analysis
  • API key rotation functionality
  • Option for MTLS Authentication
  • Option for data locality with APIs with servers based in specific countries
  • Secure password, logical access separation and change management policy in place
  • Bi-annual review of all organizational policies
  • Candidate background reference checks
  • Secure development policy and the use of data minimization through privacy by design


If you are a resident in the EEA or the UK, you have the right to access data we hold about you and to request that we delete it, or that we correct it if it’s inaccurate. 

You can find their contact details here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.

If you are a resident of Switzerland, the contact details for the data protection authorities are available here: https://www.edoeb.admin.ch/edoeb/en/home.html


Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this privacy notice.


California Civil Code Section 1798.83, also known as the “Shine The Light” law, lets California residents request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided below and include the email address associated with your account and a statement that you reside in California. We will make sure the data is not publicly displayed on the Website, but please be aware that the data may not be completely or comprehensively removed from all our systems (e.g. backups, etc.).


We may update this privacy notice from time to time. We will notify you of any changes where it is practical and proportionate to do so.


‍If you have questions or comments about this notice, or if you want to exercise any of your rights to access, or request that we correct or delete data, please contact us at dataprotection@connect.earth