Privacy Policy

Last updated: 2026-03-02

GreenChainz is committed to protecting your privacy and ensuring transparency in how we collect, use, and protect your data.

1. Introduction

GreenChainz ("we," "our," or "us") operates the GreenChainz B2B marketplace platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services.

By using GreenChainz, you agree to the collection and use of information in accordance with this policy. If you do not agree, please discontinue use of our services.

2. Information We Collect

2.1 Account Information

When you create an account, we may collect:

  • Personal Details: Name, email address, company name, job title/role
  • Account Type: Whether you register as an Architect (buyer) or Supplier
  • Company Information: Business address, phone number, website URL
  • SSO Profile Data: Profile information provided by SSO providers (Microsoft Entra ID, Google, LinkedIn)

2.2 OAuth / SSO Data

When you authenticate via a third-party SSO (LinkedIn, Microsoft Entra ID, Google), we collect only the profile data you consent to share:

  • Name and email address
  • Company name and job title (used for buyer verification)
  • Profile URL (to verify professional credentials)

Note: We only access data you explicitly authorize via the provider's consent screen. We do not access private messages or connections.

2.3 Usage Data

We automatically collect information about how you interact with our platform:

  • RFQ Activity: Requests for Quotes you create or respond to
  • Search Queries: Materials, suppliers, and certifications you search for
  • Product Views: Materials and supplier profiles you view
  • Platform Analytics: Pages visited, time spent, click patterns (via Azure Application Insights and optionally Google Analytics)
  • Device Information: IP address, browser type, operating system, device identifiers

2.4 Payment Information

Payment processing for RFQ deposits and other transactions is handled securely by our payment processors. We do not store credit card numbers, CVV codes, or other sensitive payment details on our servers.

2.5 Uploaded Documents

We collect files you upload, including:

  • Certifications: EPDs, FSC certificates, LEED documents
  • Product Documents: Technical data sheets, product images
  • RFQ Attachments: Project specifications, drawings, material requirements

3. Cloud & Third-Party Services

GreenChainz uses a combination of Microsoft Azure services and other third-party tools. All such services operate under their respective Data Processing Agreements and privacy policies.

  • Azure PostgreSQL (Database): Stores account information, RFQs, supplier data
  • Azure Redis Cache: Session data (ephemeral - deleted after logout or 24 hours)
  • Azure Blob Storage: Uploaded documents, product images, certifications
  • Azure Document Intelligence: Processes PDFs to extract certification data
  • Azure OpenAI / AI Foundry: AI agent interactions for RFQ matching and recommendations (subject to Microsoft's OpenAI data privacy terms)
  • Azure Application Insights: Anonymous usage analytics and error monitoring
  • Microsoft Communication Services: Optional chat/support messaging (data hosted in Azure)
  • Google Analytics (optional): Anonymous site analytics (pages visited, time on site). We do not use it to collect personal data unless you have authorized it.

Data residency: By default, data is stored in Azure's US East region (Virginia) for compliance with US data protection laws unless otherwise stated.

4. Third-Party Integrations

  • Microsoft Entra ID: SSO provider (data governed by Microsoft's DPA).
  • Google: SSO provider & Analytics (data governed by Google's Privacy Policy).
  • LinkedIn OAuth: Authenticates architect accounts for RFQ creation. LinkedIn Privacy Policy
  • Azure OpenAI: Processes AI agent queries. Azure OpenAI Data Privacy Policy
  • Payment Processors: Third-party payment processors handle card data under their own security controls.

5. Cookies and Tracking Technologies

We use strictly necessary cookies to provide authentication and security. We may also use analytics cookies to collect anonymous usage data. You can opt out of analytics tracking where applicable.

Cookies We Use

CookiePurpose
next-auth.session-token / __Secure-authjs.session-tokenMaintains your login session (first-party, necessary for service).
next-auth.csrf-tokenPrevents cross-site request forgery (CSRF) attacks.
next-auth.stateValidates OAuth authentication flow (SSO login).
next-auth.callback-urlStores the URL to redirect after authentication.
_gaGoogle Analytics: anonymous usage statistics (if enabled).

No tracking or advertising cookies by default: We do not use cookies for profiling or advertising unless you explicitly opt in. All authentication cookies are cleared on logout or per their expiration.

6. Your Privacy Rights

Under GDPR (Europe) and CCPA (California), you have the following rights:

Right to Access

Request a copy of all personal data we hold about you. We'll provide this in a structured, machine-readable format (JSON or CSV).

Right to Deletion ("Right to Be Forgotten")

Request permanent deletion of your account and all associated data. See Section 7 for our deletion timelines.

Right to Data Portability

Export your data to use with another service. Available formats: JSON, CSV.

Right to Opt-Out of Analytics

You may opt out of analytics tracking where provided, or contact us to request disabling analytics for your account.

Right to Correction

Update incorrect or incomplete personal information via your account settings or by contacting us.

To exercise any of these rights, email: privacy@greenchainz.com

We will respond within 30 days (GDPR) or 45 days (CCPA).

7. Data Retention

  • Active Accounts: Data is retained while your account is active.
  • Deleted Accounts: 90-day grace period for account recovery, then permanent deletion from primary systems; anonymized transaction records may persist as described below.
  • Transaction Records: Retained for 7 years for legal/financial compliance (anonymized where required).
  • Analytics Data: Aggregated, anonymized usage data retained for 24 months.
  • Security Logs: IP addresses and access logs retained for 90 days for fraud prevention and security audits.

Note: Transaction records required for compliance (e.g., invoices) are retained even after account deletion, but we anonymize personal identifiers where permitted.

8. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption in Transit: TLS 1.3 for all data transmitted over the internet
  • Encryption at Rest: Azure-managed encryption keys (AES-256) for database and storage
  • Authentication: OAuth 2.0 (SSO providers) and JWT tokens for secure API access
  • Access Controls: Role-based access control (RBAC) and least-privilege principle
  • Security Audits: Quarterly penetration testing and vulnerability scans
  • Compliance: SOC 2 Type II certification (in progress - expected Q2 2026)

Despite our best efforts, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

9. How We Share Your Information

We do not sell your personal data. We share data only in the following circumstances:

  • With Other Users: Your name, company, and contact information are visible to users you engage with (RFQ responses, messages).
  • Service Providers: Microsoft Azure, SSO providers, payment processors, analytics providers — all under data processing agreements.
  • Legal Compliance: If required by law, court order, or government request.
  • Business Transfers: In the event of a merger, acquisition, or asset sale, user data may be transferred; you will be notified where required.

10. Children's Privacy

GreenChainz is a B2B platform for professionals. We do not knowingly collect data from individuals under 18 years of age. If we discover we have collected data from a minor, we will delete it promptly and notify the appropriate parties as required by law.

11. International Data Transfers

GreenChainz operates primarily in the United States. If you access our platform from outside the US, your data may be transferred to and processed in the US.

For EU users: Microsoft Azure supports the EU-US Data Privacy Framework and provides Standard Contractual Clauses (SCCs) for data transfers where applicable.

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via email or a prominent notice on our platform.

Continued use of GreenChainz after changes are posted constitutes acceptance of the updated policy.

13. Contact Us

For questions about this Privacy Policy or to exercise your privacy rights, contact:

GreenChainz Privacy Team

Email: privacy@greenchainz.com

General inquiries: founder@greenchainz.com