Privacy Policy

Effective date: 23 May 2025

Keva Carbon ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal information in connection with your use of the Keva Carbon application.

1. Collection of Information

We collect personal information directly from you when you create an account and complete small business or household carbon scorecards. This may include your name, email address, scorecard data, and other relevant inputs relating to your business, household, energy usage, transport habits, lifestyle choices, and more.

2. Use of Information

Your personal, business and scorecard data is used solely to:

  • Provide, operate, and improve the Keva Carbon application;
  • Calculate your carbon footprint and provide feedback or suggestions;
  • Facilitate support and respond to user inquiries;
  • Generate aggregate statistics and trends.

3. Data Sharing and Disclosure

We do not sell, rent, or share your personal or audit data with third parties. However, we may use anonymised and aggregated data to:

  • Improve application accuracy and user experience;
  • Publish insights, trends, and articles to help raise awareness of emissions patterns;
  • Contribute to broader environmental research.

At no time will your personally identifiable information be included in these aggregated datasets.

4. User Rights

You have the right to:

  • Access your data;
  • Correct or update inaccurate information;
  • Delete your user account and all scorecard data at any time

Requests can be made via the account interface or by contacting our support team directly.

5. Data Storage and Security

All data is securely stored using Microsoft Azure services located in Australia. We implement comprehensive technical and organisational safeguards to protect your data from loss, misuse, and unauthorised access, including:

Technical Safeguards

  • Encryption in transit: All data transmitted between your device and our platform is protected using industry-standard TLS encryption
  • Encryption at rest: Any potentially sensitive personal information is encrypted using AES-256 encryption before being stored
  • Access controls: Database access is restricted and protected by multi-factor authentication and other technical controls

Organisational Safeguards

  • Data minimisation: We only collect and store the minimum personal information necessary to provide our carbon footprint calculation services
  • Regular reviews: Security practices are reviewed and updated regularly to maintain current standards

Data Location and Cross-Border Transfers

We do not routinely disclose or transfer personal information outside Australia or New Zealand. In limited cases (such as where required by law or technical necessity), if offshore access is required, we will ensure your information is protected by safeguards consistent with the Australian Privacy Principles and the New Zealand Privacy Act 2020.

Where we use third-party service providers (such as Microsoft Azure), we ensure they meet equivalent security standards and comply with Australian privacy requirements. Microsoft Azure maintains comprehensive security certifications and provides enterprise-grade protection for all hosted data.

In the event of a data breach that may result in serious harm, we will notify affected individuals and relevant authorities as required by law.

6. Communications

We may occasionally contact you via email to:

  • Remind you to complete a new scorecard;
  • Acknowledge purchases (e.g. carbon offset transactions);
  • Notify you of important updates to the Keva Carbon service or this policy.

These communications are considered necessary to deliver our service. You can opt out of non-essential communications (such as reminders and news updates) at any time by using the unsubscribe link provided in our emails.

7. Legal Basis

This policy is governed by and construed in accordance with the laws of Queensland, Australia. We comply with the Australian Privacy Principles under the Privacy Act 1988 (Cth).

For users in New Zealand, we also comply with the New Zealand Privacy Act 2020. We take reasonable steps to ensure personal information is handled in accordance with its Information Privacy Principles.

8. Policy Updates

We may update this Privacy Policy from time to time. When we do, we will revise the “Effective Date” at the top of this page. We encourage users to review this policy periodically.