Privacy Policy

Last updated: 4 April 2026

1. Who We Are

Pamoja dMRV is operated by Consuming Carbon Corporation, a company incorporated in the State of Delaware, United States. We provide a digital Measurement, Reporting and Verification (dMRV) platform for carbon credit projects across Africa.

Data Controller: Consuming Carbon Corporation
Registered: State of Delaware, USA
Contact: privacy@consumingcarbon.com

2. Data We Collect

We collect the following categories of personal data:

  • Account data: Name, email address, organisation, role, profile picture.
  • Authentication data: Firebase authentication tokens, session identifiers (we do not store passwords directly).
  • Usage data: Pages visited, features used, timestamps, IP address, browser type.
  • Project data: Carbon project information, measurement data, credit batch records, field visit data.
  • Location data: GPS coordinates of project sites and field measurements (not user device location).
  • Farmer/household data: Household identifiers, stove usage data, agricultural data collected during field visits.

3. How We Use Your Data

We use personal data to:

  • Provide and operate the dMRV platform.
  • Authenticate users and manage access control.
  • Process carbon credit verification and issuance.
  • Generate analytics and monitoring reports.
  • Communicate platform updates, alerts, and notifications.
  • Comply with carbon registry requirements (Verra, Gold Standard, Puro.Earth).
  • Improve platform performance and user experience.

4. Legal Basis for Processing

We process personal data under the following legal bases:

  • Contract performance: Providing the dMRV platform services you have subscribed to.
  • Legitimate interest: Platform security, fraud prevention, analytics, and service improvement.
  • Legal obligation: Carbon registry reporting requirements, tax obligations, and other regulatory duties.
  • Consent: Marketing communications and non-essential cookies or similar technologies.

5. Data Storage and Security

Your data is stored on Google Cloud Platform infrastructure. Our primary data region is europe-west1 (Belgium), with project-specific data residency available for African jurisdictions where required. All data is encrypted at rest (AES-256) and in transit (TLS 1.3). We use Google Cloud Spanner with point-in-time recovery for core databases, Firebase Auth with optional multi-factor authentication for identity, and an immutable audit log with cryptographic hash chain verification for critical events. Access to data is controlled using role-based access control (RBAC) with tenant isolation and least-privilege principles.

6. Data Sharing

We share personal and project data only in these circumstances:

  • Carbon registries: Project and credit-related data shared with Verra, Gold Standard, Puro.Earth, or other registries as required for credit issuance, monitoring, and retirement.
  • Cloud providers: Google Cloud Platform acts as a data processor under applicable data processing agreements.
  • Blockchain anchoring (Hedera): To provide independently verifiable data integrity, we anchor an immutable audit trail to the Hedera Hashgraph public ledger. No personal data or personally identifiable information (PII) is written to Hedera. Only SHA-256 hashes of internal log entry identifiers and non-identifying metadata are anchored, which cannot be reversed to reconstruct the underlying records. Because Hedera is a public, append-only distributed ledger, these anchors are permanent and cannot be altered or erased once written.
  • Legal requirements: When required by law, regulation, or valid legal process, or to establish, exercise, or defend legal claims.

We do not sell personal data to third parties.

7. Data Retention

We apply differentiated retention periods based on data type and legal or operational requirements:

  • Account data: Retained for the duration of your active account. After account deactivation, personal account data is retained for up to 90 days, after which it is either deleted or irreversibly anonymised, unless we are required to retain it for longer to comply with legal, regulatory, or accounting obligations.
  • Carbon project and carbon accounting data: Core project records, measurement data, and carbon credit accounting information are retained for the project crediting period plus at least 10 years to meet carbon registry, audit, and regulatory requirements, and to support long-term environmental claims and verification.
  • Audit logs and integrity records: Security and compliance audit logs, including internal log IDs and their associated Hedera anchors, are retained indefinitely as part of a permanent integrity record and cannot be technically erased from the Hedera public ledger once written.
  • Backups and derived data: Backup copies follow the same retention logic and are cycled out according to operational backup schedules; where data has been anonymised, only anonymised forms persist.

Where retention obligations expire and there is no longer a legal or operational need to keep personal data, we delete or anonymise it in line with our documented data retention and anonymisation procedures.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access your personal data.
  • Correct inaccurate or incomplete data.
  • Request deletion of your personal data (subject to legal and technical limitations, including mandatory retention for carbon accounting, registry, and audit purposes and the immutability of blockchain anchors).
  • Restrict or object to certain processing activities.
  • Request data portability.
  • Withdraw consent for optional processing (for example, marketing or non-essential cookies) at any time.

Because some records are required for carbon accounting, regulatory compliance, and audit integrity, and because Hedera anchors are permanent once written, we cannot delete:

  • Historical carbon accounting records that must be retained under registry rules, verification standards, or applicable law.
  • Immutable audit log entries and their corresponding Hedera anchors on the public ledger.

When you submit an erasure request, we will:

  1. Verify your identity and the scope of your request.
  2. Delete or anonymise personal data that is not subject to retention requirements.
  3. Flag retained records as restricted and ensure they are used only for the specific legal, accounting, or audit purposes that justify retention.
  4. Inform you about any data we cannot delete and the reasons for that limitation.

To exercise your rights, contact privacy@consumingcarbon.com. We will respond within 30 days, or within any shorter period required by applicable law.

9. Applicable Laws

Consuming Carbon Corporation is incorporated in the State of Delaware, USA, and operates the Pamoja dMRV platform for users primarily located in East Africa and other regions. This policy is designed to comply with:

  • U.S. Federal and Delaware State privacy laws (corporate jurisdiction).
  • Kenya Data Protection Act 2019 (primary operating jurisdiction).
  • EU General Data Protection Regulation (GDPR) (for EU-based users).
  • South Africa POPIA (for South African users and data subjects).
  • Tanzania Data Protection Act 2022.
  • Uganda Data Protection Act 2019.
  • Rwanda Law on Protection of Personal Data and Privacy 2021.

Where there is a conflict between this policy and mandatory local law, the stricter requirement will apply to the relevant processing.

10. Cookies

We use essential cookies and similar technologies for authentication and session management; these are strictly necessary to provide the service and cannot be disabled without impacting functionality. Non-essential analytics cookies are only set with your consent via the cookie banner or equivalent mechanism.

  • __session: Authentication session cookie (httpOnly, 7 days).
  • cookie_consent: Your cookie preference (stored in localStorage).

Additional details on cookies and tracking technologies may be provided in a separate Cookies Notice where required by law.

11. Changes to This Policy

We may update this policy to reflect changes in our practices, technology, or legal requirements. Material changes will be communicated via email or platform notification at least 30 days before taking effect, where required by law. Continued use of the Platform after changes take effect constitutes acceptance of the updated policy.

12. Contact

For privacy-related questions, concerns, or to exercise your data protection rights:
Email: privacy@consumingcarbon.com
Address: Consuming Carbon Corporation, 254 Chapman Road, Ste 208, Newark, DE 19702.