Privacy policy

1. Introduction and scope

Greenr Global Pty Ltd (ABN 70 644 562 014) (“Greener,” “we,” “us,” or “our”) is dedicated to safeguarding the privacy of our customers, users, and stakeholders. We acknowledge the trust placed in us when handling ESG-related data, and we handle that responsibility with care and openness.

This Privacy Policy explains how we collect, use, store, disclose, and safeguard your personal information when you use our websites, applications, platforms, or services (collectively, the “Services”).

Greener is based in Australia and complies with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Where necessary, and where applicable, we aim to align our practices with international frameworks such as the EU General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act (CCPA/CPRA), and the EU Artificial Intelligence Act. In case of any inconsistency, Australian law will take precedence unless otherwise agreed in writing.

Our Services include Greener for Enterprise, Greener Connect, and related tools that assist organisations in meeting climate-related disclosure obligations, including Mandatory Climate Reporting (MCR) under frameworks such as the Australian Sustainability Reporting Standard (AASB S2), the Greenhouse Gas Protocol (GHG), and the Partnership for Carbon Accounting and Financials (PCAF).

This Policy applies when:

• You access or use our Services in any capacity, such as an employee, administrator, or consultant.
• Your organisation or a partner firm supplies your data to us.
• You upload content, interact with AI agents, or engage with any part of the Greener platform.

What’s Included
This Policy covers how we handle:

• Information you provide to us directly
• Information your organisation provides on your behalf
• Information generated or inferred from your use of the platform (e.g. usage logs, classification results)
• Information processed through our AI assistant and classification systems
• Interactions with our infrastructure and subprocessors

What’s Not Covered

‍This Policy does not apply to:

• Personal information relating to employment with Greener (covered under our HR privacy policy)
• Third-party platforms or services that integrate with Greener are governed by their own privacy policies. If you choose to connect Greener to these platforms, they will handle your data according to their own terms, which we do not control. We recommend reviewing their privacy policies before using such integrations.
• Aggregated or de-identified data that can no longer reasonably identify an individual.

Greener is a B corporation committed to transparency, stakeholder accountability, and responsible innovation. We see privacy as a fundamental part of ethical technology, especially when supporting climate governance, supply chain transparency, and enterprise readiness for ESG compliance.

If you have questions or need more details, please contact us using the information in Section 13.

‍

2. Types of Personal Information We Collect

The types of personal information Greener collects depend on how you interact with our Services and your role within your organisation. We collect information directly from you, from your organisation, and automatically through your use of the platform. We may also process information embedded in documents uploaded by your company, ESG advisor, or authorised users.

We collect the following categories of personal information:

• Identifiers and Contact Details: Your name, business email address, phone number, company name, job title, and unique user ID.
• Organisation and Account Information: Details about your organisation (including ABN/ACN, registered address, industry, and business contacts), workspace or account settings, assigned roles, and permissions.
• Platform Usage and Activity Data: Login times, device and browser information, IP address, access logs, user activity (e.g. uploads, edits, comments), and interactions with specific modules or features.
• Uploaded Content and Document Data: Any information contained within documents, spreadsheets, reports, or other files uploaded to the platform by you, your organisation, or authorised users (including financial, operational, or ESG-related data).
• AI-Generated and Inferred Data: Results of automated classification, recommendations, insights, summaries, or other outputs produced by Greener’s AI systems, classification workflows, or audit-trail features.
• Support and Communications: Content of any messages, requests, or support queries you submit via our platform, chat, or email, as well as records of correspondence relating to your use of our Services.

Sensitive Information:

Greener does not intentionally collect or process sensitive information as defined under the Privacy Act 1988 (Cth) or the GDPR (such as health, racial or ethnic origin, religious beliefs, or biometric data). If such information is included in uploaded documents or otherwise provided by your organisation, we will handle it in accordance with this Policy and applicable law.

The types and extent of personal information we collect may vary depending on your user role (e.g., administrator, ESG consultant, employee), the specific modules you access, and your organisation’s configuration of our platform.

‍

3. How We Collect and Use Personal Information

We collect personal information to deliver our Services, improve platform performance, and support your organisation’s ESG and climate reporting obligations. Our collection is limited to what is necessary for these purposes and is guided by principles of necessity, transparency, and proportionality.

We collect personal information through:

• Direct interactions (e.g. account setup, support requests, file uploads)
• Organisation-level provisioning (e.g. your employer registering an account)
• Platform activity and user engagement (e.g. document classification, AI assistant use)
• System analytics and infrastructure logs (e.g. via Amplitude, Clarity, GA)
• Voluntary inputs (e.g. chat queries, surveys, onboarding checklists)

a. To Deliver the Services
We use personal information to:

• Authenticate your account and manage permissions
• Associate your activity with the correct company account
• Support document upload, classification, and ESG analysis
• Provide AI-assisted insights, contextual guidance, and completion flows
• Enable collaboration, review, and sharing within your organisation
• Maintain secure session tracking and user state across platform features

b. To Monitor and Improve Platform Performance
‍We use analytics to:

• Measure user engagement, session flows, and friction points
• Track progress through onboarding and ESG reporting workflows
• Evaluate adoption and feature usage across different user roles and company types
• Inform roadmap decisions, design experiments, and optimise usability

We use Amplitude, Google Analytics, Microsoft Clarity, and Sentry analytics to monitor usage. Activity may be associated with your user ID, email, and organisation. This data is used exclusively for internal product improvement and customer support, not for marketing or advertising.

c. To Provide Support and Resolve Issues
‍We use your information to:

• Respond to technical queries and troubleshoot errors
• Review system logs and interaction history to diagnose issues
• Follow up on unresolved support tickets
• Maintain continuity across communication channels and platform features

d. To Manage Customer and Organisational Relationships
‍We may use account-level information to:

• Assign or delegate admin permissions within your company
• Track usage trends across organisational teams or business units
• Link survey responses or product feedback to user roles and industries
• Assist ESG consulting partners or client managers in supporting your organisation

e. To Comply with Legal and Regulatory Obligations
‍We may retain and process certain personal information to:

• Comply with financial, ESG, or audit-related recordkeeping requirements
• Respond to subpoenas, investigations, or other legal obligations
• Maintain event logs and classification outputs required by ESG frameworks or regulators

f. To Maintain Platform Integrity and Security
‍We use personal information to:

• Prevent unauthorised access or policy violations
• Detect suspicious activity, misuse, or potential abuse
• Enforce our Terms of Use and Acceptable Use Policy
• Investigate flagged behaviours or error anomalies
• Safeguard sensitive information and ensure fair platform usage

g. Aggregated and De-Identified Insights
We may generate aggregated or de-identified analytics to:

• Benchmark platform adoption trends across sectors
• Monitor feature performance without referencing specific users or companies
• Improve the platform in a privacy-respecting, statistically useful way

This data is separated from user identities and used internally or in an anonymised form for reporting or research.


We continue to track identifiable analytics internally (e.g. through Amplitude) solely for platform operations and support.

What We Do Not Do
‍We do not:

• Use your personal data for advertising, remarketing, or third-party profiling
• Sell or license your personal information
• Use uploaded content to train or fine-tune AI models without your express consent

‍

4. Why and When We Use Personal Information

Greener collects and uses personal information only when necessary to deliver our Services, support ESG reporting obligations, or meet legal or contractual requirements. We impose clear restrictions on data use and ensure that processing aligns with user expectations and applicable privacy laws.

Depending on your relationship with Greener and your role within your organisation, we may act as a data controller (for example, managing account setup, analytics, and platform operations) or as a data processor (for example, handling ESG documents and general ledger files on your organisation’s behalf). When acting as a data processor, we process personal information solely according to your organisation’s instructions and in line with our contractual agreements, including any Data Processing Agreement (DPA) or similar arrangement where applicable.

a. To Deliver the Services
We use your personal information to:

• Provide access to the platform
• Authenticate users and assign appropriate access roles
• Enable document uploads and classification
• Generate emissions reports and ESG outputs
• Communicate with you about product functionality, updates, or support

These uses are necessary for us to deliver the platform as outlined in our agreement with your organisation or ESG advisor.

‍b. To Operate and Improve the Platform
We may process data to:

• Monitor platform usage and system performance
• Resolve bugs and friction points
• Understand adoption and feature effectiveness
• Support your organisation’s ESG consultants or administrators

These activities support the performance, integrity, and usability of the platform.

‍c. With Your Consent
In limited cases, we may ask for your consent to:

• Collect optional feedback or participate in surveys
• Join early-access or beta features
• Provide onboarding inputs or diagnostics

Consent-based uses are always voluntary, and you can withdraw your participation at any time. Core functionality doesn’t rely on consent.

d. To Comply with Legal and Regulatory Requirements
We may use and retain personal information as needed to:

• Comply with ESG, corporate, or audit reporting frameworks
• Respond to court orders, regulatory requests, or investigations
• Maintain audit trails and activity logs required under climate reporting obligations

We only keep the data necessary to meet legal requirements and remove it when it is no longer needed, subject to technical, contractual, or audit trail obligations. When data is no longer required, we securely delete or de-identify it, unless law, platform rules, or your organisation’s instructions specify otherwise.

e. When Acting on Behalf of Your Organisation
Greener often acts as a data processor on behalf of your organisation. In these cases, we:

• Process content, logs, and user actions under the direction of your company or ESG advisor
• Follow the terms of a Data Processing Agreement (DPA) or similar contractual controls, where agreed in writing
• Do not make independent decisions about your organisation’s data

If you’re uncertain whether Greener is acting independently or under instruction, contact your organisation’s account administrator or refer to Section 13.

‍

5. How We Use AI and Automated Tools

This section explains how our AI features handle personal information; for our AI governance principles, safeguards, and oversight, see the Greener Responsible AI Policy.

Greener integrates artificial intelligence (AI) to support classification, document interpretation, collaboration, and in-app guidance. These AI systems help users manage complex ESG data, generate emissions classifications, and support readiness for mandatory climate reporting.

Our AI capabilities are built on multi-agent architectures powered by large language models (LLMs), securely hosted in Microsoft Azure, Claude, and OpenAI infrastructure, and operated entirely within Greener-controlled environments. Agent orchestration and chat flows are managed using FlowiseAI, which is hosted in the US and configured to ensure secure processing.

a. What Our AI Systems Do
AI agents in the Greener platform may assist with:

• Interpreting uploaded ESG or financial documents
• Mapping activity to Scope 1, Scope 2, or Scope 3 emissions categories
• Generating classifications aligned to frameworks such as the GHG Protocol and PCAF
• Summarising documents, identifying gaps, or suggesting next steps
• Answering contextual questions or guiding users through platform workflows

These systems enhance user experience and assist with ESG governance. They do not replace professional judgment, disclosure decisions, or audit reviews.

‍b. Chat Assistant and Interaction History
Greener’s AI-powered chat assistant helps users navigate the platform, understand ESG concepts, and interact with data more effectively.

When you engage with the assistant:

• It may access documents uploaded by your organisation, classified general ledger data, company outputs, and other information relevant to your company context
• Chat messages and summaries are stored using Zep (pseudonymised and linked only to an internal user ID)
• History is retained to maintain context across sessions and improve relevance
• Your chat inputs are never used to train models or shared with external parties

Important: AI assistant responses may include omissions or errors. They are meant as guidance only and should not be relied upon solely for reports, disclosures, or compliance decisions.

‍c. Model Fine-Tuning and Data Boundaries
Greener fine-tunes specific models to improve classification accuracy in ESG and emissions contexts:

• Fine-tuning is based on non-customer-specific training sets, including labelled general ledger data, vendor descriptors (excluding individuals), and standard emissions categories
• We do not fine-tune any model using your company’s amounts, uploaded reports, or named vendors unless explicitly agreed upon
• We do not allow cross-client learning or behavioural drift in classification logic

AI outputs are designed to be consistent, explainable, and aligned with ESG frameworks; they do not continually adapt to individual users behaviour.

‍d. Evaluation and System Accuracy Monitoring
We use LLM evaluation tools hosted in Microsoft Azure, FlowiseAI, and LangSmith to assess the accuracy and consistency of AI-generated classifications and summaries to ensure performance and reliability.

• Evaluations are conducted using test inputs and pseudonymised data, not live user content
• Models are scored against structured rubrics for relevance, accuracy, and consistency
• These tools help improve reliability, but do not perform continuous learning or real-time model updates.

We do not share your data with external AI providers for evaluation or benchmarking. When Greener staff need to review AI outputs for support or troubleshooting, access is strictly limited to authorised personnel and is thoroughly audited for security.

e. Storage, Isolation, and Infrastructure Controls

• All AI prompts, responses, and evaluations are processed securely in Microsoft Azure
• Embeddings for uploaded documents (excluding general ledger files and output reports) are stored in Pinecone, hosted in Azure US
• Chat history is stored in Zep with no direct identifiers
• No personal data is used for external training, marketing, or model resale

We apply strict controls over subprocessors and restrict all AI processing to Greener-authorised contexts only. For further information on storage regions and providers, please refer to our Subprocessor and Data Hosting disclosures.

f. AI Oversight, Transparency, and Human Review
Greener’s AI use is governed by our Responsible AI Policy, which outlines:

• Human-in-the-loop design requirements
• Audit trails, override mechanisms, and administrator review
• Bias detection, fairness safeguards, and explainability expectations
• Risk classification and system documentation aligned with relevant AI frameworks

We believe AI should support, not automate, governance and reporting responsibilities.

Customers may request that their data be excluded from Greener’s internal fine-tuning of AI models. However, opt-out is not available for Greener’s core AI functionality, including classification and assistant features essential to platform operation. To request exclusion from internal fine-tuning, please contact privacy@greener.com.au. We will confirm the scope and operational impact of any opt-out.

‍

‍6. Who We Share Personal Information With

Greener shares personal information only where necessary to provide the Services, support our infrastructure, or comply with legal obligations. We do not sell, license, or share personal information for advertising or commercial resale.
We share information with:

a. Service Providers and Subprocessors
We engage third-party vendors who help us operate and maintain the platform. These providers act as data processors and may access personal information only under our instructions, subject to contractually binding data protection terms.

All subprocessors are required to sign data protection agreements and complete risk assessments before being integrated. No subprocessor is permitted to access your organisation’s content for their own use.

‍b. Organisational Administrators
If you are part of a company, consulting firm, or enterprise account, authorised administrators within your organisation may access:

• User activity logs and document uploads
• System-generated outputs (e.g. classification results)
• Chat summaries (e.g. for support or audit use)
• Account-level configuration and permissions

Greener is not responsible for how your organisation manages internal visibility or audit rights. We encourage clients to maintain internal data governance processes consistent with ESG expectations.

‍c. Legal, Regulatory, and Compliance Disclosures
We may disclose personal information if required by law, regulation, or court order. This may include:

• Responding to a subpoena, investigation, or formal regulatory request
• Cooperating with ESG reporting reviews or audit verifications
• Enforcing our Terms of Use, Acceptable Use Policy, or platform rights

Where permitted, we will notify you of any such disclosure.

‍d. Corporate Restructuring
In the event of a merger, acquisition, restructuring, or sale of assets, personal information may be transferred to the acquiring entity, subject to the safeguards outlined in this Policy.

e. Cross-Border Transfers
Some data is stored or processed in countries outside Australia, including the United States. Where we transfer data internationally, we take reasonable steps to:

• Ensure that overseas recipients are subject to privacy obligations equivalent to the Australian Privacy Principles
• Apply Standard Contractual Clauses or equivalent safeguards for European data
• Monitor vendor security certifications (e.g. SOC 2, ISO/IEC 27001)

Greener remains accountable for personal information even when it is processed offshore by trusted infrastructure providers.

f. De-Identified and Aggregated Insights
We may use and share non-identifiable analytics to:

• Benchmark platform usage
• Report on feature performance
• Support responsible product development

These insights are anonymised and do not identify any user or organisation.

‍

7. Subprocessor Transparency & Hosting Infrastructure

Greener is dedicated to transparency about where data is stored and who can access it. We use a layered cloud system that balances performance, privacy, and compliance, with a strong preference for Australian data residency wherever possible.

All subprocessors operate under written agreements that require:

• Processing only on Greener’s instructions
• Application of appropriate security and privacy controls
• Incident notification and audit cooperation
• Compliance with Australian and international privacy laws

a. Subprocessor Overview
The table below summarises where Greener stores and processes personal and ESG data:

Greener assesses each of these vendors based on data handling, cross-border compliance, and service-specific risk. Where applicable, data is encrypted during transit and when stored, and hosted in physically secure environments managed by our cloud providers.

b. Hosting and Storage Location Summary

We do not store personal data in locations that have not been reviewed for compliance with Greener’s security and privacy framework.

c. Dynamic Subprocessor Register
We maintain a current list of all subprocessors used by Greener, including hosting geography and purpose of use. 

We maintain a current list of subprocessors. Until our trust page is live, request a copy at privacy@greener.com.au.

We will notify affected clients of material changes to our subprocessor register where contractually required.

d. Questions or DPA Access
If you would like to review our Data Processing Agreement (DPA), subprocessor annex, or architecture documentation for security review purposes, please contact:
privacy@greener.com.au

We’re happy to provide further information in the context of vendor risk assessments, ESG assurance, or third-party audits.

‍

8. Data Security Measures

Greener applies a layered approach to information security, combining technical controls, organisational safeguards, and vendor oversight to protect the personal information and ESG-related data entrusted to us.

We recognise the sensitivity of the data we process, particularly around emissions classifications, financial records, and sustainability documentation and prioritise confidentiality, integrity, and availability in all system operations.

a. Platform and Infrastructure Security

• Platform engine: Greener’s SaaS platform is built and hosted in Microsoft Azure (Australia and US). This includes the core application interface and the primary structured database.
• Workflow processing: All AI classification, document analysis, and emissions calculations are performed in Microsoft Azure, hosted in Australia and the United States.
• File storage: Uploaded documents are stored in Azure Blob Storage (AU & US), depending on the workflow.
• General ledger files and output reports are stored securely in Azure and are excluded from Pinecone vector storage.
• DNS and CDN: We currently use AWS for domain resolution and content delivery.
• Private networking: Our Azure environments operate within a private virtual network, segmented from public traffic.

b. Access Controls and Organisational Safeguards

• Authentication: Users access the platform via password-based or Single Sign-On (SSO) login. Session activity is tracked and time-bound.
• Role-based access: Platform permissions are role-specific and scoped to each company account. Code-level rules prevent cross-organisation data exposure.
• Internal access control: Access to production systems is limited to trained Greener engineers under least-privilege principles. Access is logged and reviewed.
• Staff training: All personnel undergo annual privacy and security training and are contractually bound to confidentiality.
  

c. Encryption and Data Transmission

• All data in transit is encrypted using TLS 1.3.
• All data at rest, including files, database records, vector embeddings, and logs, is encrypted using AES-256.
• API communications with subprocessors (e.g. OpenAI, Pinecone, Zep, Postmark) are encrypted and access-controlled.
  

d. Monitoring, Logging, and Incident Response

• Platform activity and infrastructure logs are monitored using tools provided by Microsoft Azure and our security monitoring stack.
• Anomalous activity, unexpected usage, or policy violations are flagged for investigation.
• We maintain an internal security incident response plan, and all incidents are tracked in Greener’s engineering systems.
• In the event of a notifiable data breach, we will promptly notify affected customers in accordance with applicable privacy law.

e. Vendor Certifications and Security Alignment
While Greener is not certified under ISO 27001 or SOC 2, our infrastructure vendors maintain these certifications, including Microsoft Azure, Postmark, Pinecone, Zep, and other subprocessors.

Greener aligns its internal controls with ISO/SOC 2 standards for:

• Infrastructure access governance
• Secure software development practices
• Data retention and audit log management
• Subprocessor due diligence and lifecycle management

‍

9. Data Retention and Disposal

Greener retains personal information and ESG-related records only for as long as necessary to support our Services, fulfil contractual obligations, comply with applicable laws, and maintain platform auditability.

Our retention periods vary depending on the type of information, the context in which it was collected, and the regulatory or contractual requirements relevant to your organisation.

a. While Your Organisation Has an Active Account
We retain:

• Uploaded ESG documents and supporting materials
• General ledger files, emissions records, and output reports
• AI-generated classifications and platform-generated summaries
• User feedback, comments, onboarding activity, and chat interactions (via Zep)
• Session logs, file status history, and audit trails linked to your company account

This information is retained to support collaboration, ESG reporting workflows, readiness verification, and platform continuity.

b. After Termination of Services
When your organisation’s account is deactivated or your contract ends:

• All retained data is flagged for deletion 30 days after the termination date, unless otherwise specified by law or agreement.
• During this 30-day window, administrators may request an export of data or transition assistance.
• After the window expires, all retained content, including structured data, files, chat history, and document outputs, is securely and permanently deleted from our systems.
• Deletion is conducted using secure deletion protocols in line with Microsoft Azure and Zep standards.

Greener can provide a written attestation of deletion upon request.

c. Retention Exceptions
Some data may be retained longer if:

• Required by law (e.g. ESG disclosure, audit documentation, corporate recordkeeping)
• Retention is reasonably necessary to resolve disputes, enforce our agreements, or investigate a breach
• You have requested extended retention (e.g. for onboarding or integration continuity)

Unless there is a legal or operational reason, we will not keep general ledger files, emissions outputs, or chat history beyond the usual retention period unless justified by legal or operational needs.

10. Your Rights and Choices
Depending on your role and location, you may have various rights regarding your personal information. Greener promotes transparency, access, and control for all users, whether you interact with our platform directly or through your organisation.

If you are part of an enterprise or consulting firm account, your rights may be exercised in coordination with your organisation’s administrator or privacy officer.

a. Access and Correction
You may request:

• Access to the personal information we hold about you (e.g. name, email, role, activity logs)
• Correction of inaccurate or incomplete information
• Clarification about how your data is being used

We will verify your identity before responding to access or correction requests and may refer your request to your organisation if we act as a processor.

b. Deletion and Portability
You may request deletion of your personal information, subject to:

• Legal, regulatory, or ESG reporting retention requirements
• Active contractual relationships between Greener and your organisation
• Verification of your identity and authority to act on behalf of the data subject

Where technically feasible and not prevented by law or contract, we will provide a structured export of your data upon request.

c. Use of AI and Opt-Out Limitations
Greener’s AI tools, including classification agents and the in-platform chat assistant, are core services components and cannot be disabled or opted out. These tools support document processing, emissions categorisation, insights, and governance workflows.

Customers may request that their organisation’s data not be included in internal fine-tuning or model evaluation pipelines. This opt-out does not affect the use of AI tools during normal platform operations.

You cannot request deletion of AI outputs, interaction history, insights, or system-generated summaries, as these are retained as part of Greener’s infrastructure and audit trail requirements, except as required by law. If you believe you are entitled to deletion under applicable privacy law, please contact us to discuss your request.

For more details, see Section 5.

d. Email Communication Preferences
Greener may occasionally send you product updates, beta invites, or user surveys. These communications are optional and limited to users of our Services.

You may opt out at any time by:

• Clicking the “unsubscribe” link in the message, or
• Contacting privacy@greener.com.au

Essential operational communications (e.g. system alerts, access notifications) cannot be unsubscribed from.

e. Rights Under International Law
If you reside in a jurisdiction with specific data rights—including the European Union, United Kingdom, or California- you may also have the right to:

• Object to or restrict certain types of processing
• Receive a copy of your data in a portable format
• Lodge a complaint with your data protection authority (see Section 11)
• Exercise your rights without discrimination (CPRA)

Greener will honour these rights in accordance with applicable law and our contractual role with your organisation.

‍

11. Complaints and Escalation

Greener is dedicated to addressing privacy concerns quickly, openly, and in line with all relevant privacy laws. We invite you to contact us if you have a complaint about how your personal information has been managed or if you believe your privacy rights have been overlooked.

We treat all complaints seriously and aim to resolve them constructively.

‍a. Contacting Greener
To make a privacy enquiry or complaint, contact our Privacy Officer at:
privacy@greener.com.au

We will:

• Acknowledge your request within five business days
• Investigate the issue thoroughly and confidentially
• Provide a response or proposed resolution within 30 days (or sooner, where possible)

If your request involves data we handle on behalf of your organisation (for example, your employer or ESG consulting firm), we may refer the matter to your organisation’s privacy contact for direct resolution.

‍b. Escalating to a Regulator (Australia)
If you are not satisfied with our response, or believe your privacy has been breached under Australian law, you may complain to:

Office of the Australian Information Commissioner (OAIC)
www.oaic.gov.au
Phone: 1300 363 992
Email: enquiries@oaic.gov.au

c. Other Jurisdictions
If you're in a jurisdiction with specific data protection laws (like the GDPR, UK GDPR, or CPRA), you may also have the right to file a complaint with your local data protection authority. 

European Data Protection Authorities:

List of EEA/EU Supervisory Authorities (EDPB):

• UK Information Commissioner’s Office: https://ico.org.uk/
• California Privacy Protection Agency (CPPA): https://cppa.ca.gov/

Greener will cooperate fully with any lawful investigation, audit, or complaint process initiated by a relevant regulator.

If you are unsure where to direct a complaint, please contact privacy@greener.com.au , and we will send you to the appropriate authority.

‍

12. Changes to This Policy

Greener reviews this Privacy Policy periodically and updates it when our Services, use of AI, subprocessors, or relevant laws change. This ensures our practices stay current and continue to meet the expectations of our customers, partners, and regulators.

We may update this Privacy Policy from time to time to reflect:

• Changes in our Services or infrastructure
• Evolving legal, regulatory, or ESG obligations
• Subprocessor changes, AI system updates, or platform architecture enhancements
• Internal governance improvements or operational refinements

a. How We Notify You

• The “Last updated” date at the top of this document reflects the most recent revision.
• We will notify users of material changes through platform notices, emails, or account administrator communications.
• For enterprise clients, we will provide advance notice of any significant subprocessor changes or legally relevant updates, in accordance with our contractual obligations.

b. Acceptance of Updates
By continuing to use our Services after the revised Privacy Policy is published or communicated, you accept and agree to the updated terms. If you do not agree with the changes, you may contact us to discuss your options or cease using the Services.

c. Archived Versions
We keep a complete revision history of our Privacy Policy for legal, compliance, and audit reasons. You can request an earlier version at any time by contacting privacy@greener.com.au.

‍

13. Contact Details

If you have questions, requests, or concerns about this Privacy Policy or how Greener handles personal information, you can contact us using the details below:

Privacy Officer
Greenr Global Pty Ltd (ABN 70 644 562 014)

Greenhouse
Level 3, 180 George Street
Sydney NSW 2000
Australia‍

privacy@greener.com.au

You may contact us for:

• Access, correction, or deletion requests
• Data Processing Agreement (DPA) enquiries
• Opting out of AI features or chat history retention (where available)
• Questions about subprocessors or hosting locations
• Complaints, feedback, or security disclosures

We aim to respond to all enquiries promptly, professionally, and in accordance with applicable laws.