Climate Data Inc., doing business as Terralyn ("Terralyn," "we," "us," or "our"), provides an AI-powered sustainability analyst platform. This Privacy Policy explains what personal information we collect, how we use and share it, and the rights you have.
This policy applies to terralyn.ai and the Terralyn application. It does not apply to third-party services linked from or integrated with the Service; those services are governed by their own privacy practices.
We do not ask for, and you should not upload, government-issued identifiers, precise geolocation, biometric data, health information, financial account credentials, union membership, religion, sexual orientation, or other sensitive categories, unless expressly required by a documented sustainability workflow. If you upload such data, we will treat it under the safeguards in Section 7.
For users in the EU, EEA, UK, and Switzerland we process personal data under:
You can withdraw consent at any time. Withdrawing consent does not affect processing performed before withdrawal.
We do not sell or "share" (as defined under California law) personal information for cross-context behavioral advertising.
We share data with vendors who operate the Service on our behalf under data processing agreements that restrict use to providing services to us.
An up-to-date subprocessor list is available on request.
If you connect Google Workspace, Slack, or other integrations, data flows as you authorize those integrations.
We may disclose data when required by law, to protect rights and safety, to enforce our Terms, or to cooperate with lawful requests from authorities.
In a merger, acquisition, financing, or sale of assets, data may be transferred. We will provide notice and, where required, an opportunity to object.
AI system notice. The Service is an AI system under the EU AI Act, Colorado AI Act, Texas Responsible AI Governance Act, and equivalent laws. When you interact with Terralyn, you are interacting with AI.
How AI is used. Your prompts, files, and selected context are sent to AI model providers to generate Outputs. Processing occurs in the United States on encrypted infrastructure.
No training on your data. Terralyn does not train AI models on Customer Data. Our contracts with AI providers prohibit them from using Customer Data for model training. We use zero-retention or equivalent enterprise API configurations where available.
Memory. Memory stores preferences and prior context to personalize responses for your account. You can view, export, and delete Memory in account settings.
Human oversight. Outputs are draft and decision-support. You control how and whether to rely on them.
Automated decision-making. We do not use Customer Data to make automated decisions about you that produce legal or similarly significant effects. The Service is not designed or authorized to be used as the sole basis for consequential decisions about natural persons (for example, in employment, housing, credit, insurance, education, or government benefits). Use of the Service for such purposes is prohibited under our Terms.
Labeling. Where required by law (including EU AI Act Article 50), Outputs are identifiable as AI-generated. You are responsible for downstream disclosure obligations if you distribute Outputs further.
We use administrative, technical, and organizational controls including:
No system is fully secure. We will notify affected users and regulators of a security incident as required by applicable law.
Backup copies follow our standard rotation, generally not exceeding 180 days after primary deletion.
We use:
Manage preferences through the cookie banner on first visit or the Cookie Settings link in the footer. See our Cookie Policy for specifics, including cookie names, providers, and durations.
Global Privacy Control (GPC). We treat a Global Privacy Control browser signal as a valid request to opt out of the "sale" and "sharing" of personal information and of processing for cross-context behavioral advertising or targeted advertising, to the extent required under California, Colorado, Connecticut, Texas, and other US state privacy laws. The opt-out applies to the browser and device from which the signal is received; signed-in users may also set account-level preferences via privacy@terralyn.ai.
CCPA categories of personal information collected in the preceding 12 months:
Residents of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Delaware, New Hampshire, New Jersey, Minnesota, Maryland, Indiana, Iowa, Tennessee, Montana, Rhode Island, and other states with comprehensive privacy laws have rights to access, correct, delete, port, opt out of targeted advertising and sale, and appeal denied requests. Exercise rights via privacy@terralyn.ai.
Email privacy@terralyn.ai or use in-product controls where available. We verify requests to protect your data. We respond within 30 days (most US states) or 3 months (GDPR, extendable to 6 months for complex requests). Authorized agents may submit on your behalf with verifiable authorization.
Canadian residents have rights of access, correction, and withdrawal of consent under PIPEDA. Quebec residents additionally have rights of data portability, the right to be informed of and object to automated decision-making, and the right to request de-indexation where applicable, under the Act respecting the protection of personal information in the private sector ("Law 25"). Exercise rights via privacy@terralyn.ai. You may also complain to the Office of the Privacy Commissioner of Canada or, for Quebec residents, the Commission d'accès à l'information du Québec.
For transfers from the EU, EEA, UK, and Switzerland, we rely on the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, the Swiss Federal Data Protection and Information Commissioner's SCC recognition, and any other lawful transfer mechanism available to us from time to time. We apply supplementary technical and organizational measures, including encryption in transit and at rest, access controls, and contractual restrictions on subprocessor access, as appropriate to the transfer.
The Service is for business use by individuals 18 and older. We do not knowingly collect personal data from children under 16 (EU) or 13 (US). If you believe a child has provided data, contact privacy@terralyn.ai and we will delete it.
The Service may contain links to third-party sites. Their privacy practices are their own.
Email. We send marketing emails with consent or to existing business contacts under CAN-SPAM and equivalent law. Every marketing email includes an unsubscribe link. Unsubscribe requests are honored within 5 business days.
Canada (CASL). Commercial electronic messages to Canadian recipients are sent only with express or implied consent under Canada's Anti-Spam Legislation. Each message identifies Terralyn, discloses a valid postal address, and provides a working unsubscribe mechanism that we honor within 10 business days.
LinkedIn direct messages. For prospects who have engaged with our content (for example, by commenting on a LinkedIn post or visiting our site), we may send direct messages on LinkedIn related to Terralyn offerings. Each message identifies Terralyn, states its commercial purpose, and provides an opt-out ("reply stop," or email privacy@terralyn.ai). For recipients in the EU, EEA, or UK, we rely on legitimate interest with a documented LIA, limit frequency, and cease contact immediately on objection.
Transactional communications. Account, security, and billing messages are not opt-outable while your account is active.
Do-not-contact list. On request we will add you to a suppression list that prevents future outreach even if your data is re-acquired from a public source.
California residents may request information about disclosure of personal information to third parties for those third parties' direct marketing purposes. We do not disclose personal information to third parties for their direct marketing.
We will post updates with a new "Last Updated" date. Material changes will be notified by email and in-product banner at least 30 days before they take effect, except where a shorter notice is required by law. We will not apply changes retroactively to data collected under a prior policy in a way that is materially different from the policy in effect at collection, without your consent.
EU, EEA, UK, and Swiss users may contact their local data protection authority. US state residents may contact their state attorney general. California residents may contact the California Privacy Protection Agency.
Climate Data Inc. (DBA Terralyn)
Privacy and Data Protection: privacy@terralyn.ai
Legal: legal@terralyn.ai
Website: https://terralyn.ai/privacy-policy