Privacy Policy

Last updated: 31 March 2026  ·  Effective: 31 March 2026  |  Jiskta

1. Who We Are

Jiskta ("Jiskta", "we", "us") operates the Jiskta ESG site assessment platform at esg.jiskta.com. We are the data controller for the personal data processed through this service. Contact: info@jiskta.com.

2. Data We Collect

We collect only what is necessary to deliver the service:

  • Account data: Email address and password hash (stored by Supabase Auth, EU-hosted).
  • Site addresses: Facility addresses and/or GPS coordinates you submit for assessment. These are processed transiently to generate your report and are not stored server-side. Report data is held in your browser session only and is cleared when you close the tab.
  • Payment data: Processed entirely by Paddle (our Merchant of Record). We receive only a transaction ID and credit amount — no card numbers or billing addresses are stored by Jiskta.
  • Usage data: Report generation timestamps and credit balance. No behavioural tracking, no cookies beyond those required for authentication.

3. How We Use Your Data

  • To generate site assessment reports (processed transiently; not stored on our servers).
  • To manage your account, authenticate you, and process your credit balance.
  • To send transactional emails (confirmation, password reset) via our email provider.
  • We do not use your data for marketing, profiling, or machine-learning model training.
  • We do not sell your data to any third party.

4. Legal Basis (GDPR)

We process your personal data under the following legal bases:

  • Contract performance (Art. 6(1)(b)): Account data and site addresses are necessary to provide the service you contracted.
  • Legitimate interests (Art. 6(1)(f)): Usage logs for service reliability and fraud prevention.

5. Data Retention

  • Account data: Retained for the duration of your account and deleted within 30 days of account deletion.
  • Report data: Not retained — reports exist only in your browser session and are never transmitted to or stored by our servers.
  • Payment records: Retained for 7 years as required by EU accounting law (VAT records).

6. Sub-processors & Data Transfers

We rely on the following sub-processors, all operating under GDPR-compliant data processing agreements:

Processor Purpose Location
Supabase Authentication, database (account + billing log) EU (Frankfurt)
Paddle Payment processing (Merchant of Record) UK/EU
Cloudflare CDN, static hosting, DDoS protection EU PoPs
Scaleway / dedicated server (Jiskta API) Climate data query processing EU (Paris)

No personal data is transferred to countries outside the EU/EEA or UK without adequate safeguards.

7. Cookies

We use only technically necessary cookies and browser localStorage for authentication (Supabase session token). We do not use analytics cookies, advertising cookies, or third-party trackers. No cookie consent banner is required as no non-essential cookies are set.

8. Your Rights (GDPR)

You have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate data.
  • Erase your data ("right to be forgotten") — submit a request to privacy@jiskta.com; we will action within 30 days.
  • Portability — download your report as a PDF directly from the report page (no server-side export needed — all data is in your browser session).
  • Object to processing based on legitimate interests.
  • Lodge a complaint with your national Data Protection Authority. In Belgium this is the Gegevensbeschermingsautoriteit (GBA).

9. Security

All data is transmitted over TLS 1.3. Passwords are hashed by Supabase Auth (bcrypt). The API server only accepts authenticated requests. We conduct periodic security reviews and apply security patches within 48 hours of disclosure for critical vulnerabilities.

10. Changes to This Policy

We will notify registered users by email at least 14 days before any material change to this policy. The current version is always available at esg.jiskta.com/privacy.

11. Contact

For any privacy-related questions or to exercise your rights:
info@jiskta.com
Jiskta