SustainBuddy

SustainBuddy Privacy Policy

Last Updated: 4 July 2025

1. Who We Are

SustainBuddy (“we,” “us,” “our”) is the trading name of Mantram Group Pty Ltd (ABN 12 670 169 552), a SaaS provider of emissions-intelligence and sustainability-planning tools for the aviation and maritime sectors.

2. Scope of This Policy

This document outlines how we collect, use, share, and protect your information when you:

  • Visit sustainbuddy.com or any of its subdomains
  • Access the SustainBuddy web application, APIs, or mobile components (collectively, the “Services”)
  • Interact with us via email, phone, social media, events, or support channels

This policy applies to both our Aviation and Maritime product modules.

3. Information We Collect

3.1 Account & Identity Data

Includes name, job title, company name, business email, phone number, password hash, and MFA tokens. Provided by you or your employer.

3.2 Operational & Fleet Data

Aviation: ADS-B flight legs, tail numbers, aircraft types, fuel uplifts, load factors, and other operational parameters.
Maritime: IMO numbers, vessel specifications (GT, DWT, engine type, bunker capacities), voyage logs, fuel consumption, and CII scores. Sourced from you, public registries, and our data partner Sustainable Ships.

3.3 Platform & Usage Metrics

Includes IP addresses, browser types, clickstream events, page load times, error logs, and device identifiers—collected via cookies and related technologies.

3.4 Commercial & Billing Data

Covers subscription tier, POs, invoices, transaction IDs, and payment status. Obtained from you and our payment processors.

3.5 Market & Pricing Feeds

Real-time data on SAF, biofuel, carbon credit, and allowance prices from partners such as ClimateBalanced, General Index, Vertis, and CarbonInsets. These feeds do not contain personal data.

3.6 Regulatory Content

Includes curated public updates and notices from EU ETS, CORSIA, FuelEU Maritime, IMO DCS, CII, and related frameworks.

We do not knowingly collect special-category data (e.g., biometric or health data) or data from children under 16.

4. How We Use Your Information

We process your data for the following purposes and under the corresponding legal bases (under EU GDPR and applicable equivalents):

PurposeLegal Basis
User authentication, service delivery, platform securityContractual necessity
Emissions estimates and benchmarkingLegitimate interests
Regulatory and industry updatesLegitimate interests or consent (depending on jurisdiction)
Billing, invoicing, legal record-keepingContractual necessity and legal obligation
Feature improvement and bug resolutionLegitimate interests
Marketing communications (e.g., newsletters)Consent or legitimate interests
Legal compliance and dispute resolutionLegal obligation

5. When We Share Information

We share data only when necessary and under appropriate safeguards:

  • Service Providers: AWS (Australia, Germany), Mailchimp (email), Auth0 (identity), Stripe/Braintree (payments), third-party penetration testing providers, analytics vendors
  • Data Partners: Sustainable Ships, ClimateBalanced, General Index, Vertis, CarbonInsets, AvBench (read-only access to non-personal analytics)
  • Customer-Designated Integrators: Including SFTP connections, data lakes, and third-party APIs
  • Legal Authorities: Courts, regulators, or enforcement bodies when required by law
  • Corporate Transactions: In the event of a merger, acquisition, or asset sale (with notice, where legally required)

We do not sell personal data under any circumstances.

6. International Data Transfers

Our primary data centers are located in:

  • Sydney, Australia (ap-southeast-2)
  • Frankfurt, Germany (eu-central-1)

Where data is transferred outside your jurisdiction (e.g., to the United States), we rely on Standard Contractual Clauses, the UK International Data Transfer Addendum, or other legally recognized adequacy mechanisms.

7. Data Retention

  • Account & Operational Data: Retained for the duration of your contract, plus up to 3 years (unless early deletion is requested or extended retention is legally required)
  • Usage & Analytics Data: Retained for up to 12 months, then anonymised or aggregated
  • Financial Records: Retained for 7 years to comply with tax and accounting obligations in Australia, the EU, and other relevant jurisdictions

8. Security Measures

  • End-to-end encryption using TLS 1.2+ in transit and AES-256 at rest
  • Alignment with ISO 27001 and annual third-party penetration testing
  • Role-based access control and least-privilege permissions
  • Enforced MFA for all personnel
  • Daily encrypted backups with a Recovery Point Objective (RPO) of 1 hour and a Recovery Time Objective (RTO) of 4 hours

9. Your Privacy Rights

Depending on your location, you may have the right to:

  • Access your personal data
  • Correct incomplete or inaccurate data
  • Request deletion (“right to be forgotten”)
  • Restrict or object to processing
  • Port data to another provider
  • Opt out of marketing at any time

Requests can be submitted via:

We respond within 30 days (or 45 days for CCPA/CPRA requests).

10. Cookies & Tracking Technologies

We use the following types of cookies:

  1. Essential Cookies: Required for authentication, session integrity, and fraud prevention
  2. Analytics Cookies: Self-hosted Matomo (IPs truncated; no external sharing)
  3. Preference Cookies: Store language and UI preferences

Cookie preferences can be managed via your browser or our cookie banner. Blocking essential cookies may impact service functionality.

11. Children

SustainBuddy is designed for professional use only. We do not knowingly collect data from individuals under the age of 16. If you believe we have inadvertently done so, please contact us immediately for deletion.

12. Third-Party Links

Our platform may link to third-party sites—such as regulator portals or data dashboards—which operate under their own privacy policies. We do not assume responsibility for their data practices.

13. Changes to This Policy

We may update this Privacy Policy periodically. Where changes are material, we will provide advance notice (minimum 14 days) via email or in-app banner.

Continued use of the Services after the effective date constitutes acceptance.

14. Contact Us

For any queries, complaints, or data rights requests:

  • Email: privacy@sustainbuddy.com
  • Postal:
    Privacy Officer
    Mantram Group Pty Ltd
    Level 2/696 Bourke Street
    Melbourne, VIC 3000
    Australia

If you remain unsatisfied, you may lodge a complaint with:

  • The Office of the Australian Information Commissioner (OAIC)
  • Or your local supervisory authority in the UK or EU

© 2025 Mantram Group Pty Ltd. All rights reserved.

SustainBuddy is a sustainability strategy tool designed to uncover overlooked emissions blind spots. It enables aviation and maritime stakeholders to build regulatory-aligned, data-informed action plans.

Solutions for

Airlines & Aviation Professionals

Shipping & Maritime Professionals

Sustainability Professionals

Company

Product of VURDHAAN

API

Schedule Demo

Privacy Policy

Terms of Service

© SustainBuddy 2025