Green Claims Audit UK CMA Code · DMCCA 2024
Privacy Policy

Privacy Policy

Effective date: 9 July 2026

Green Claims Audit (a screening of your marketing claims against the CMA Green Claims Code and the DMCCA 2024) is operated at greenclaimsaudit.co.uk. This policy explains what personal information we collect, how we use it, and the choices you have under the UK GDPR and the Data Protection Act 2018. We keep the data footprint of this product deliberately small.

What we collect

We collect only what we need to deliver the report you pay for:

  • The claims text and details you type (the marketing and packaging copy you paste, plus context such as certifications you hold and whether the claims run in ads). We use these solely to generate your report.
  • Your email address, so we can deliver the finished report and send your receipt.
  • Payment details are processed by Stripe. We never see or store your full card number, CVC, or expiry. Stripe is a PCI-DSS Level 1 certified payment processor; your card data goes directly to Stripe. We receive only a confirmation that payment succeeded and a limited record (such as the last four digits and a transaction ID) for our records and refunds.

Lawful basis

Under the UK GDPR, we process your email and the claims text you submit to perform the contract for the report you buy. We rely on our legitimate interests for basic, non-identifying records needed for accounting and fraud prevention, and on legal obligation for records we must keep (for example, for tax).

Your claims text is used only to generate the report

The marketing and packaging copy you paste is used for one purpose: to produce your screening report. We do not sell it, publish it, share it with third parties, or use it to train models. It is not disclosed to anyone outside the delivery of your report.

Analytics: cookieless, no personal data

We measure aggregate traffic with Fathom Analytics, a privacy-first, cookieless analytics service. Fathom sets no cookies, collects no personal data, does no cross-site or cross-device tracking, and does not build advertising profiles. Because it collects no personal data and sets no cookies, it is compliant with the UK GDPR and the Privacy and Electronic Communications Regulations (PECR) without requiring a cookie-consent banner. We cannot use Fathom data to identify you.

We do not sell or share your personal information

We do not sell your personal information, and we do not share it for targeted advertising. We do not have, and will not create, any such data-sale program.

How we use your information

  • To generate and deliver the report you ordered.
  • To email you the report, a receipt, and any delivery follow-up.
  • To process refunds and respond to support requests.
  • To keep basic, non-identifying records required for accounting and fraud prevention.

We do not use your email for marketing newsletters unless you explicitly opt in.

Data retention

We keep your report inputs and email only as long as needed to deliver the report and provide support, and to meet legal, tax, and accounting obligations (typically up to the period required by applicable UK tax law). Payment records held by Stripe are retained under Stripe's own policies. You may ask us to delete your data at any time (see below), subject to records we are legally required to keep.

Your rights under the UK GDPR

You have the right to access, rectify, erase, restrict, or port your personal information, and to object to processing. To exercise any of these rights, email hello@greenclaimsaudit.co.uk and we will respond within the timeframe required by the UK GDPR (usually one month). You also have the right to complain to the UK's supervisory authority, the Information Commissioner's Office (ICO), at ico.org.uk. We will not discriminate against you for exercising your privacy rights.

Children's privacy

This service is intended for adults and business users and is not directed to children. We do not knowingly collect personal information from children. If you believe a child has provided us personal information, email hello@greenclaimsaudit.co.uk and we will delete it.

Data security

Data is transmitted over encrypted HTTPS connections. Payment card data is handled entirely by Stripe. No method of transmission or storage is perfectly secure, but we limit the personal data we hold precisely to reduce risk.

International transfers

Some of our processors (such as Stripe and Fathom) may process data outside the UK. Where personal data is transferred outside the UK, it is protected by appropriate safeguards recognised under the UK GDPR (such as the UK International Data Transfer Agreement or adequacy regulations).

Changes to this policy

We may update this policy from time to time. When we do, we will revise the effective date above. Material changes will be reflected on this page.

Contact

Questions about this policy or your data? Email hello@greenclaimsaudit.co.uk.

Terms of Service · Accessibility Statement