EDAT (“we”, “our” or “the platform”) is an enterprise environmental data and carbon accounting platform available at edatatemplate.com. This policy explains what personal data we collect, how we use it and what rights you have. By using EDAT you agree to this policy.
Information We Collect
Account information
When you create an EDAT account we collect your name, work email address, job title and organisation name. This is required to provide you with access to the platform.
Usage data
We collect data on how you interact with EDAT — pages visited, features used, calculation runs, data uploads and session duration. This helps us improve the platform.
Environmental data you enter
EDAT stores the emission records, energy data, waste data and water data you upload or enter manually. This data belongs to your organisation and is never used for any purpose other than powering your account.
Technical data
We collect IP address, browser type, device type and operating system for security and troubleshooting purposes.
How We Use Your Information
Providing the service
To authenticate your account, run GHG calculations, generate reports and support your sustainability workflows.
Platform improvement
Aggregated, anonymised usage data helps us prioritise features and fix issues. Individual emission records are never used for this purpose.
Communications
We send product updates, security notices and support responses to your registered email. You can opt out of marketing emails at any time.
Legal compliance
Where required by law, we may process data to comply with applicable regulations including GDPR, the UK Data Protection Act 2018 and equivalent legislation.
Data Sharing and Disclosure
No sale of data
We do not sell, rent or trade your personal information or your organisation's environmental data to any third party, ever.
Service providers
We use trusted sub-processors (cloud hosting, email delivery, analytics) who are bound by data processing agreements and may only process data on our instructions.
Sub-processors include
Cloudinary (media storage), email service providers for transactional email. All are contractually required to maintain equivalent data protection standards.
Legal requirements
We may disclose information if required to do so by law or in response to valid requests from public authorities.
Data Security
Authentication
EDAT uses JWT tokens with short expiry windows, automatic rotation and blacklisting on logout. Passwords are never stored in plaintext.
Encryption
All data is encrypted in transit using TLS 1.2+ and encrypted at rest on our cloud infrastructure.
Access controls
Platform access is scoped to your organisation. Users only see data belonging to their assigned organisations and reporting years.
Incident response
In the event of a data breach, we will notify affected users within 72 hours in accordance with GDPR obligations.
Your Rights
Access
You may request a copy of all personal data we hold about you at any time.
Correction
You may request correction of inaccurate personal data. Account details can be updated directly in your profile settings.
Deletion
You may request deletion of your account and associated personal data. Organisation environmental data will also be deleted upon confirmed account closure.
Portability
You may request your environmental data in a machine-readable format (CSV/Excel).
Objection
You may object to processing for direct marketing purposes at any time by using the unsubscribe link in any marketing email or contacting us directly.
Data Retention
Active accounts
We retain your data for as long as your account is active. Environmental data is kept to support multi-year reporting comparisons.
Closed accounts
Upon account closure, personal data is deleted within 30 days. Anonymised, aggregated usage statistics may be retained indefinitely.
Legal hold
In certain cases, data may be retained longer if required by law or for legitimate business purposes such as dispute resolution.
Contact Our Data Team
For all privacy-related requests, email us at hello@edatatemplate.com. We aim to respond within 5 working days.
Main website
Further information about EDAT and how we handle data is available at edatatemplate.com.
Updates to this policy
We will notify registered users by email when material changes are made to this policy. The latest version is always available at this URL.
This policy was last updated on 19 May 2025. We will notify users by email of any material changes before they take effect. For the full EDAT platform, visit edatatemplate.com.