Close

Our Data Security Policy

Your security is our priority

At Greenly, we understand the importance of protecting our customers' data. That's why we have implemented rigorous security measures to ensure the privacy and safety of your sensitive information. We adhere to the most stringent security standards to ensure that our practices meet the highest data protection requirements.

Trusted by 2000+ companies committed to fighting climate change

We believe it is our duty to keep your data secure

We apply the strictest standards in the market. Working with Greenly means working with a vetted, secure solution and partner who understands that you expect your data to be well-guarded — from double authentication to SoD, to data encryption at every step of the data process”

See the official report

Greenly is committed to keeping your data safe

SOC 2 Compliant

AICPA ensures secure, available, and confidential services with best information security practices.

Audited annually

We are audited annually by Qontrol.io to ensure the highest quality practices and ensure data safety.

Supported by Synacktiv

Annual penetration tests are performed on our platform and APIs with Synacktiv to keep our security robust.

Audited by Sensiba

We are audited by Sensiba San Filippo in order to ensure our compliance with SOC2.

We've dedicated the proper resources and infrastructure tools to ensure Greenly’s solutions run smoothly.

Load & Volume

Resources are dynamically scaled based on server load and data volume.

Malicious activity monitoring

Intrusion detection software has been implemented to monitor suspected malicious activity as well as monitor and block malicious traffic or usage patterns.

24/7 Monitoring

Continuous logging, application monitoring, and alerts.

We’re here to help

  • What actions has Greenly taken for data security? What is the Security Policy of the company?

    Personal data is processed exclusively by Offspend, hosted by Amazon Web Service within the EU. We implement technical and organizational security measures to ensure the confidentiality, integrity and availability of your personal data. In addition, we are regularly audited by security specialists.

    To improve the security of our customers' data, Greenly has established a processing register listing all of our subcontractors. You can access our security policy by clicking on this link.

    Furthermore, Greenly is in the process of obtaining both SOC2 & ISO27001 certifications. The trust of many customers such as BNP Paribas, Arkea, RCI, etc. attests to our security policy as these customers have audited our security systems. We have also been audited by the CNIL, who concluded that all our practices were compliant - something that is rarely noted. We're also happy to sign a confidentiality agreement (NDA) at your convenience

  • What data do you collect about employees?

    The main function of the SAAS is to allow the realization of the carbon footprint and the GHG report.

    This is done by conducting a questionnaire on employee habits.


    - Identification data: e-mail address, residence
    - Transportation data: transportation means the method of work related travel and distance

    To the extent such information directly or indirect allows one to identify a natural person (e.g., Customer employees):


    - Meal habits: number of vegan and meat meals per week
    - Work location habits: Remote, co-working, or working sites

  • What enterprise data do you collect?

    The main function of the SAAS is to allow the realization of the carbon footprint and the GHG report.

    This is done by carrying out various analyses.

    Data collection is made up of several main components :

    - The collection of the accounting entries file or accounting data for the extraction of expenses.
    - The collection of information via specific modules for physical analysis.
    - The collection of data from the company's employees for the calculation of commuting emissions.

    Greenly manually or automatically collects information on the client's company activity in order to produce a relevant carbon footprint measurement.


    Company data collected :


    - Expense data collected via accounting transactions
    - General company information (number of employees, revenue, region of activity, sector)
    - Data related to the company's buildings
    - Data related to the company's energy consumption
    - Data related to the consumption of equipment used indirectly by the company (data centers, networks etc.)
    - Any other data that allows us to characterize or refine the understanding of an internal process of the company (construction, manufacturing, marketing, distribution)
    - The quantity and quality of materials used in the construction of the company's products
    - The characteristics of the equipment used for the company's activity Information to characterise the company's internal logistic chains (in order to calculate the intermediate impacts)
    - Any other relevant information in pursuit of the objective of refining the accuracy of the carbon footprint calculation Action plans implemented in the company as part of the carbon footprint reduction project
    - The transportation data of the company's employees, as well as the meals habits of the employees.

  • Does Greenly have access to the data I store?

    Employees do not have access to the content of your spaces unless you give us specific permission, we are only required to access them as part of an active abuse or fraud investigation or where access is necessary to comply with a valid legal process.

  • What kind of events are logged/audited?

    - Log In / Log Off
    - Failed login attemps
    - Session Creation / Session Termination
    - Password Change
    - All Administrative actions and configuration changes performed
    - User Create / Read / Update / Delete actions, Document or Object Create / Read / Update
    - Delete actions
    - Metadata Create / Read / Update / Delete actions
    - Identifying users and the actions they performed
    - Integration logs: API call successes and failures
    - Infrastructure logs Hypervisor / OS
    - Database Log+Transaction Logs
    - Source IP address of the actor