Our Data Security Policy
At Greenly, we understand the importance of protecting our customers' data. That's why we have implemented rigorous security measures to ensure the privacy and safety of your sensitive information. We adhere to the most stringent security standards to ensure that our practices meet the highest data protection requirements.
We apply the strictest standards in the market. Working with Greenly means working with a vetted, secure solution and partner who understands that you expect your data to be well-guarded — from double authentication to SoD, to data encryption at every step of the data process”
See the official reportAICPA ensures secure, available, and confidential services with best information security practices.
We are audited annually by Qontrol.io to ensure the highest quality practices and ensure data safety.
Annual penetration tests are performed on our platform and APIs with Synacktiv to keep our security robust.
We are audited by Sensiba San Filippo in order to ensure our compliance with SOC2.
Resources are dynamically scaled based on server load and data volume.
Intrusion detection software has been implemented to monitor suspected malicious activity as well as monitor and block malicious traffic or usage patterns.
Continuous logging, application monitoring, and alerts.
Personal data is processed exclusively by Offspend, hosted by Amazon Web Service within the EU. We implement technical and organisational security measures to ensure the confidentiality, integrity and availability of your personal data. In addition, we are regularly audited by security specialists.
To improve the security of our customers' data, Greenly has established a processing register listing all of our subcontractors. You can access our security policy by clicking on this link.
Furthermore, Greenly is in the process of obtaining both SOC2 & ISO27001 certifications. The trust of many customers such as BNP Paribas, Arkea, RCI, etc. attests to our security policy as these customers have audited our security systems. We have also been audited by the CNIL, who concluded that all our practices were compliant - something that is rarely noted. We're also happy to sign a confidentiality agreement (NDA) at your convenience
The main function of the SAAS is to allow the realisation of the carbon footprint and the GHG report.
This is done by conducting a questionnaire on employee habits.
- Identification data: e-mail address, residence
- Transportation data: transportation means the method of work related travel and distance
To the extent such information directly or indirect allows one to identify a natural person (e.g., Customer employees):
- Meal habits: number of vegan and meat meals per week
- Work location habits: Remote, co-working, or working sites
The main function of the SAAS is to allow the realisation of the carbon footprint and the GHG report.
This is done by carrying out various analyses.
Data collection is made up of several main components :
- The collection of the accounting entries file or accounting data for the extraction of expenses.
- The collection of information via specific modules for physical analysis.
- The collection of data from the company's employees for the calculation of commuting emissions.
Greenly manually or automatically collects information on the client's company activity in order to produce a relevant carbon footprint measurement.
Company data collected :
- Expense data collected via accounting transactions
- General company information (number of employees, revenue, region of activity, sector)
- Data related to the company's buildings
- Data related to the company's energy consumption
- Data related to the consumption of equipment used indirectly by the company (data centers, networks etc.)
- Any other data that allows us to characterise or refine the understanding of an internal process of the company (construction, manufacturing, marketing, distribution)
- The quantity and quality of materials used in the construction of the company's products
- The characteristics of the equipment used for the company's activity Information to characterise the company's internal logistic chains (in order to calculate the intermediate impacts)
- Any other relevant information in pursuit of the objective of refining the accuracy of the carbon footprint calculation Action plans implemented in the company as part of the carbon footprint reduction project
- The transportation data of the company's employees, as well as the meals habits of the employees.
Employees do not have access to the content of your spaces unless you give us specific permission, we are only required to access them as part of an active abuse or fraud investigation or where access is necessary to comply with a valid legal process.
- Log In / Log Off
- Failed login attemps
- Session Creation / Session Termination
- Password Change
- All Administrative actions and configuration changes performed
- User Create / Read / Update / Delete actions, Document or Object Create / Read / Update
- Delete actions
- Metadata Create / Read / Update / Delete actions
- Identifying users and the actions they performed
- Integration logs: API call successes and failures
- Infrastructure logs Hypervisor / OS
- Database Log+Transaction Logs
- Source IP address of the actor