Privacy Policy

Bsustain is a sustainability reporting platform operated by Bsustain, Lda., a company registered in Portugal. We provide tools to help small and medium-sized enterprises prepare and generate VSME sustainability reports.

For questions regarding this Privacy Policy, contact us at: info@bsustain.eu

We collect the following categories of personal data:

• Account data: name, email address, company name, upon registration.
• Company data: organisational and operational information you enter into the platform to generate sustainability reports (e.g. workforce figures, environmental data, financial indicators).
• Usage data: log data, IP address, browser type, pages visited, and timestamps — collected automatically when you use the platform.

We use the data we collect to:

• Provide, operate, and maintain the platform.
• Generate sustainability reports on your behalf using the information you provide.
• Improve the platform and develop new features.
• Communicate with you regarding your account or our services.
• Comply with legal obligations.

We process your personal data on the following legal bases under the GDPR:

• Contract performance: processing necessary to provide the services you have signed up for.
• Legitimate interests: to improve and secure our platform.
• Legal obligation: where required by applicable law.

We share certain data with trusted third-party service providers who help us operate the platform:

• OpenAI (OpenAI, L.L.C.): We use OpenAI's API to generate and enrich text content in sustainability reports. Company data you enter may be sent to OpenAI for this purpose. OpenAI does not use data submitted via the API to train its models, in accordance with their Data Processing Addendum available at openai.com/policies/data-processing-addendum.
• Cloud hosting provider: All data is hosted within the European Union, using infrastructure located in Germany (Frankfurt), France (Paris) and Sweden (Stockholm).

We do not sell your personal data to third parties.

We retain your personal data for as long as your account is active or as needed to provide you with our services. If you close your account, we will delete or anonymise your data within 90 days, unless we are required to retain it by law.

Under the GDPR, you have the following rights regarding your personal data:

• Right of access to your data.
• Right to rectification of inaccurate data.
• Right to erasure ("right to be forgotten").
• Right to restriction of processing.
• Right to data portability.
• Right to object to processing.

To exercise any of these rights, contact us at info@bsustain.eu. You also have the right to lodge a complaint with the Portuguese data protection authority (CNPD) at www.cnpd.pt.

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. All data is transmitted over encrypted connections (HTTPS).

The platform uses only strictly necessary cookies (e.g. session authentication). We do not use analytics, advertising, or tracking cookies.

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by displaying a notice on the platform. The date at the top of this page indicates when it was last revised.