Sustainify AI

Privacy Policy

Version 3.5.2Effective 11 January 2026

Owned and operated by Codedevza AI Ltd
Version: 3.5.2
Effective Date: 11 January 2026

Codedevza AI Ltd is committed to handling personal information responsibly and in full accordance with the UK GDPR and the Data Protection Act 2018. This Privacy Policy explains how personal data is collected, used, stored and protected in connection with Sustainify AI and all associated services.

1. Scope of This Policy

This policy applies to:

  • The Sustainify AI platform at sustainifyai.co.uk
  • All user accounts, roles and platform interactions
  • Contact forms, demo requests and support communications
  • Data submitted by organisations, building managers, data entry users, tenants, suppliers and auditors through the platform
  • All onboarding, configuration and ongoing subscription activity

This policy does not apply where Codedevza AI Ltd acts solely as a data processor under a separate Data Processing Agreement.

2. Information We Collect

2.1 Information you provide

  • Full name
  • Work email address
  • Job title and organisation name
  • Phone number
  • Portfolio and building information
  • Messages and form submissions

2.2 Information collected automatically

  • IP address
  • Browser and device information
  • Usage logs and session data
  • Cookie and analytics data
  • Security and access events
  • Audit trail entries

2.3 Information collected through platform use

When providing access to the Sustainify AI platform, we may process:

  • User account profiles across all roles
  • Emissions, energy, waste and sustainability data submitted by users
  • Building and portfolio configuration data
  • Financial analysis inputs and outputs
  • Tenant and supplier submission data
  • Compliance and certification data
  • Social value and TOMs data
  • Audit logs and system access records
  • Report exports and generated documents

2.4 Information from third parties

We may receive data from:

  • Tenant and supplier data submissions via the platform
  • Integration sources where the client has configured third-party connections

All processing is subject to client contracts and applicable data agreements.

3. How We Use Personal Data

Personal data is used to:

  • Provide, maintain and improve access to the Sustainify AI platform
  • Respond to enquiries, demo requests and support communications
  • Manage user accounts, roles and permissions
  • Monitor platform security and performance
  • Fulfil contractual, regulatory and compliance obligations
  • Communicate platform updates, changes and renewal information
  • Conduct internal analytics to improve platform functionality

We process only the minimum data required for these purposes.

4. Legal Basis for Processing

Personal data is processed under the following UK GDPR bases:

  • Contractual necessity
  • Legitimate interests
  • Legal obligation
  • Consent where explicitly required

5. How We Share Data

We may share personal data with:

  • Cloud hosting and infrastructure providers
  • Technology partners involved in platform delivery and maintenance
  • Professional advisers including legal, financial and compliance
  • Regulatory authorities where required by law

We do not sell personal data.
We do not share personal data for marketing purposes without explicit consent.

6. International Data Transfers

Where personal data is transferred outside the UK, transfers are made in full accordance with UK GDPR requirements using adequacy decisions or appropriate protective safeguards. Only trusted providers with appropriate contractual protections are used.

7. Data Retention

Personal data is retained only for as long as necessary to meet:

  • Platform service delivery requirements
  • Contractual and legal obligations
  • Audit and regulatory needs
  • Security and governance requirements

Data is securely deleted or anonymised when no longer required.

8. Your Rights

Under UK GDPR you have the right to:

  • Access your personal data
  • Rectify inaccurate or incomplete data
  • Request erasure of your data
  • Restrict or object to processing
  • Data portability
  • Withdraw consent at any time
  • Lodge a complaint with the ICO at https://ico.org.uk

To exercise any of these rights, contact us at hello@sustainifyai.co.uk.

9. Data Security

We apply the following security measures:

  • Encryption in transit and at rest
  • Role-based access controls
  • Continuous platform monitoring
  • Secure cloud storage environments
  • Incident detection and response processes
  • User authentication controls

No system is entirely risk free. Codedevza AI Ltd is not liable for security incidents caused by factors outside our reasonable control, including client-side vulnerabilities, compromised user credentials, user negligence or third-party system failures.

10. Accuracy of Submitted Data

Codedevza AI Ltd does not verify, validate or take responsibility for the accuracy, completeness or fitness for purpose of any data submitted to the platform by users, tenants, suppliers or any third party. Responsibility for the accuracy of all submitted data rests entirely and solely with the submitting party. Codedevza AI Ltd accepts no liability for any compliance failure, penalty or loss arising from inaccurate or incomplete data submitted through the platform.

11. Platform Outputs

Sustainify AI generates emissions calculations, ESG reports, compliance outputs and financial analyses based on data submitted by users. Codedevza AI Ltd does not warrant the accuracy, completeness or regulatory acceptance of any platform output. Users are solely responsible for verifying all outputs before relying on them for compliance, reporting, investment or regulatory purposes. Codedevza AI Ltd accepts no liability for any loss, penalty or damage arising from reliance on platform outputs.

12. Limitation of Liability

To the fullest extent permitted by law, Codedevza AI Ltd excludes all liability for:

  • Loss or misuse of data submitted by users or third parties
  • Inaccurate sustainability, emissions or compliance data
  • Compliance outcomes or regulatory penalties based on platform outputs
  • Indirect, consequential, reputational or financial loss of any kind
  • Data incidents caused by client-side vulnerabilities or user actions

Total liability of Codedevza AI Ltd under this policy is limited to the subscription fees paid in the preceding six months or £1,000 GBP, whichever is lower.

13. Cookies

We use essential, functional, analytics and security cookies to maintain platform performance, security and user experience. See our full Cookie Policy for details.

14. Third-Party Links and Integrations

Sustainify AI may connect to or reference third-party services and websites. Codedevza AI Ltd is not responsible for the privacy practices, security, content or availability of any third-party service.

15. Children

We do not knowingly collect or process personal data from individuals under the age of 16.

16. Data Breach Procedure

In the event of a confirmed personal data breach:

  • We will investigate promptly and assess the impact
  • We will notify affected clients where required
  • We will notify the ICO where legally required

Clients acting as Data Controllers are solely responsible for assessing breach impact, notifying their own users or staff and fulfilling their own ICO reporting obligations.

17. Changes to This Policy

Codedevza AI Ltd may update this Privacy Policy at any time. Continued use of the platform constitutes acceptance of any updates. Material changes will be communicated to active subscribers.

18. Governing Law

This Privacy Policy is governed by the laws of England and Wales. Any disputes fall under the exclusive jurisdiction of the courts of England and Wales.

19. Contact

For privacy or data protection queries:

Codedevza AI Ltd
Covent Garden, London, United Kingdom
Company Number: 16485057
ICO Registration: ZB905842
Email: hello@sustainifyai.co.uk
Website: https://sustainifyai.co.uk