Compliance Kart Pvt. Ltd. operates a B2B voluntary marketplace, Envr, for trading carbon credits and I-RECs between businesses.
Please read this Privacy Policy carefully and in conjunction with the Terms of Use. If you do not understand this policy, or do not accept any part of it, then you should not use the Platform. Your use and/or continued use of the Platform amounts to express consent to the terms of this Privacy Policy as well as the Terms of Use.
By consenting to this Policy and accepting the Terms of Use, You agree to the collection, use, and transfer of Your personal information as outlined in this Policy. If You do not agree, please do not use the Website. We review this Policy periodically to ensure it is up-to-date. It was last updated March 2026. Visitors should note that this Policy may change at any time without notice. Registered users will be notified of changes and given the opportunity to review the revised Policy before continuing to use our services.
We do not collect any Special Categories of Personal Data. Further, if you are a Customer/User, you hereby agree and acknowledge that you shall not, under any circumstances, whether directly or indirectly, use our Services to collect or process Special Categories of Personal Data or transfer to us any such data.
The term "Special Categories of Personal Data" shall have the meaning ascribed to it under the GDPR and shall include, without limitation, data pertaining to a data subject's race, ethnic origin, genetics, political affiliations, biometrics, health or sexual orientation.
| Type of User | Visitor | User |
|---|---|---|
| What data we may collect |
1. Cookies and Web Beacon data; 2. Name; and e-mail. |
1. IP address 2. KYC : Company Name Official Email Contact Number Address Company PAN CIN (Corporate Identification Number) Company Registration Number GST/VAT Details IP Address Bank Details 3. Project Developer:name email id ,phone number |
| How and why we use it |
This data is used to: Analyze visitor behavior and website performance. Support lead generation activities and Respond to queries and provide relevant information. |
To enhance security and prevent unauthorized access
KYC Data Collection for Onboarding Users Project Developer Data Collection (For Onboarding Projects) |
Subject to the GDPR and applicable law's limitations, the rights afforded to you as a data subject are:
If you believe we have used your personal data in violation of the rights above or have not responded to your objections, you may lodge a complaint with your local supervisory authority.
Additionally, please note:
If you wish to exercise your privacy rights, including accessing, correcting, deleting, or opting out of the processing of your personal data, you can contact us directly by emailing our Data Protection Officer at dpo@compliancekart.io. We will respond to your request in accordance with applicable data protection laws.
We do not sell your information.
We implement industry-standard technical and organizational measures by using a variety of security technologies and procedures to help protect your data from unauthorized access, use, loss, destruction or disclosure. When we collect particularly sensitive data it is encrypted using industry-standard cryptographic techniques including but not limited to SSL, TLS, RSA, and AES.
We adhere to the SOC standard, an internationally recognized framework for Information Security Management Systems (ISMS). Our commitment to SOC ensures that we follow rigorous security practices and maintain high standards for information security.
In compliance with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, we adhere to the following reasonable security practices and procedures to protect your personal data:
| Measure | Description |
|---|---|
| Access Control | We ensure that access to personal data is granted only to authorized personnel on a need-to-know basis and that such access is logged and monitored. |
| Data Encryption | Sensitive personal data is encrypted both in transit and at rest using strong encryption methods such as AES-256. |
| Network Security | We employ secure network architecture, including firewalls and intrusion detection systems, to prevent unauthorized access. |
| Regular Audits | We conduct regular security audits and assessments to identify potential vulnerabilities and ensure compliance with our security policies. |
| Incident Management | We have established protocols for managing and responding to security incidents, including data breaches, to mitigate any potential impact on your personal data. |
| Employee Training | We conduct regular training programs for our employees to ensure they are aware of and comply with our security policies and procedures. |
| Third-Party Compliance | We ensure that any third-party service providers who handle personal data on our behalf adhere to equivalent security standards and practices. |
| Physical and Environmental Security | We have implemented robust physical security controls to protect our data centers and other facilities from unauthorized access, damage, and interference. |
| Business Continuity Management | We have developed and tested business continuity plans to ensure the availability of critical information and systems in the event of a disruption. |
| Risk Assessment and Treatment | We conduct regular risk assessments to identify potential security threats and vulnerabilities, and implement appropriate risk treatment plans to mitigate identified risks. |
| Audit and Compliance | We conduct regular internal and external audits to ensure compliance with SOC2 standards and continuously improve our ISMS. |
We will store any personal data we collect from you as long as it is necessary in order to facilitate your use of the Services and for ancillary legitimate and essential business purposes — these include, without limitation, for improving our Services, attending to technical issues, and dealing with disputes.
We may need to retain your personal data even if you seek deletion thereof, if it is needed to comply with our legal obligations, resolve disputes and enforce our agreements.
If you are a customer, please be advised that: (i) you will need to inform your Leads about how you store and deal with any data you collect from them using one of our Services, in compliance with applicable laws including the GDPR; and (ii) after you terminate your usage of a Service, we may, unless legally prohibited, delete all data provided or collected by you from our servers.
You may have rights to:
Contact us at support@envr.earth to exercise these rights.
We use essential, analytics, and marketing cookies to improve the Platform. Manage preferences via browser settings or our consent tool.
Your data may be processed globally. We use safeguards (e.g., Standard Contractual Clauses) for international transfers.
We may update this policy and will notify you of material changes. Updates take effect upon posting.
The name and contact details of our Grievance Officer, who you may contact if you have any concerns, complaints or feedback pertaining to this Policy, are as follows:
Address: Compliance Kart Pvt Ltd, Colmantstraße 15, 53115 Bonn, Germany