Privacy Policy

Sustainability Intelligence Operated by Ransome-Wallis Pty Ltd (ABN 49 630 459 068) Last updated: 30 March 2026

1. Who We Are

Sustainability Intelligence is operated by Ransome-Wallis Pty Ltd (ABN 49 630 459 068), registered in Queensland, Australia.

Registered address: 2/290 Boundary Street, Spring Hill, QLD 4000, Australia Contact: helpfulperson@sustainabilityintelligence.tools

We are the data controller for the personal data described in this policy. We comply with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). For users in the European Union and United Kingdom, we also comply with the General Data Protection Regulation (GDPR) and the UK GDPR.

2. What Data We Collect

2.1 Account Data

When you create an account, we collect:
  • Your email address (required for account creation and verification)
  • Your password (stored encrypted, we cannot read it)

    • 2.2 Anonymous Usage Data

    When you use the tool, we log the following non-personal data:
  • Industry, country, and business profile selections (not linked to your account)
  • Scenario and mode selections
  • Visitor country (derived from IP address, the IP itself is never stored)
  • Timestamp

    • This data is used to understand which industries, countries, and scenarios are most commonly analysed. It is impossible to identify an individual from this data.

    2.3 Payment Data

    Payments are processed by Paddle.com Market Limited, who acts as the Merchant of Record. We do not see, store, or process your credit card details, bank account numbers, or other financial information. Paddle's privacy policy applies to payment data: https://www.paddle.com/legal/privacy

    2.4 What We Do NOT Collect

  • We do not use tracking or marketing cookies. We only use essential session cookies/tokens required for account authentication and security
  • We do not use Google Analytics or any third-party tracking service
  • We do not store IP addresses
  • We do not track your browsing behaviour
  • We do not sell, share, or transfer any personal data to third parties for marketing purposes
  • The free-text business description you enter is sent to the AI model for analysis but is not stored by us

    • 3. How We Use Your Data

    | Data | Purpose | Legal Basis (GDPR) | APP Reference | |------|---------|-------------------|---------------| | Email address | Account creation, email verification, essential service communications (you may opt out of non-transactional emails at any time) | Contractual necessity (Art. 6(1)(b)) | APP 6, APP 7 | | Encrypted password | Account security | Contractual necessity (Art. 6(1)(b)) | APP 6 | | Anonymous usage data | Service improvement, market research | Legitimate interest (Art. 6(1)(f)) | APP 6 | | Visitor country | Understanding geographic demand | Legitimate interest (Art. 6(1)(f)) | APP 6 |

    4. Data Processors

    We use the following third-party processors:

    | Processor | Purpose | Location | Safeguards | |-----------|---------|----------|------------| | Hetzner Online GmbH | Server hosting | Germany (EU) | DPA in place, GDPR compliant, ISO 27001 certified | | DeepSeek | AI text generation | China | Prompts sent for processing only, no personal data included in prompts | | Paddle.com Market Limited | Payment processing | United Kingdom | Merchant of Record, PCI DSS compliant |

    Note on DeepSeek

    When you generate an analysis, your business profile selections (industry, country, size) and any free-text description are sent to DeepSeek's API to generate the results. No account data (email, password) is ever sent. DeepSeek's API processes the prompt and returns the result. We have no control over DeepSeek's data retention policies.

    Important: Do not enter personal names, specific contact details, or any information that could identify an individual in the free-text business description field. This field is for describing your business type and activities only. By using this field, you confirm that you have not included any personal data.

    5. Data Retention

  • Account data: Retained while your account is active. Deleted within 30 days of account deletion.
  • Anonymous usage data: Retained indefinitely as it contains no personal data.
  • Payment data: Managed by Paddle in accordance with their retention policy.

    • 6. Your Rights

    Under Australian Privacy Law

    You have the right to:
  • Access your personal information held by us
  • Request correction of inaccurate information
  • Complain about a breach of the Australian Privacy Principles

    • Under GDPR (EU/UK users)

    You also have the right to:
  • Erasure of your data ("right to be forgotten")
  • Restrict processing
  • Data portability (receive your data in a machine-readable format)
  • Object to processing based on legitimate interest
  • Withdraw consent at any time (where processing is based on consent)

    • To exercise any of these rights, contact: helpfulperson@sustainabilityintelligence.tools

    We will respond within 30 days.

    7. Data Security

  • All data is transmitted over HTTPS (TLS encryption)
  • Passwords are stored using industry-standard encryption
  • Server access is restricted by firewall, SSH key, and brute-force protection
  • The server is hosted in Germany (EU) by Hetzner Online GmbH, which holds ISO 27001 certification

    • Data Breach Response

    In the event of a data breach likely to result in serious harm (under the Australian Notifiable Data Breaches scheme) or a high risk to the rights and freedoms of individuals (under GDPR/UK GDPR), we will notify the relevant supervisory authority and affected individuals as required by law, within the applicable timeframes (72 hours under GDPR, as soon as practicable under Australian law).

    8. International Transfers

    Your data is primarily processed within the European Union (Germany). When you generate an analysis, prompt data (containing no personal information) is sent to DeepSeek's API servers, which may be located outside the EU and Australia. No personal data is included in these transfers.

    9. Children

    The Service is not intended for use by anyone under the age of 18. We do not knowingly collect data from children.

    10. Changes to This Policy

    We may update this policy from time to time. We will notify you of material changes via email. The "last updated" date at the top of this page indicates the most recent revision.

    11. Complaints

    If you believe your privacy rights have been violated, you have the right to lodge a complaint with:

  • Australia: Office of the Australian Information Commissioner (OAIC) - https://www.oaic.gov.au - Phone: 1300 363 992
  • United Kingdom: Information Commissioner's Office (ICO) - https://ico.org.uk
  • European Union: Your local data protection authority

    • 12. Contact

    For any privacy-related questions or requests: Email: helpfulperson@sustainabilityintelligence.tools Address: Ransome-Wallis Pty Ltd, 2/290 Boundary Street, Spring Hill, QLD 4000, Australia