Based in India? Visit DharmaCompliance — our India platform →
SolvingESG is currently under construction.
SolvingESG

Privacy Policy

Last updated: March 2026

Viewing for:
This policy applies to users of SolvingESG (solvingesg.co.uk) and is governed by the UK General Data Protection Regulation (UK GDPR) and the Privacy and Electronic Communications Regulations 2003 (PECR).

1. Who We Are

SolvingESG is a trading name operated by SolvingCompliance Ltd, a company registered in England and Wales. We provide ESG compliance tools and supply chain management software to UK small and medium businesses.

For the purposes of UK GDPR, SolvingCompliance Ltd is the data controller for personal data processed through the SolvingESG platform.

Contact: [email protected]

2. What Personal Data We Collect

We collect and process the following categories of personal data:

  • Account data: name, email address, job title, company name
  • Authentication data: OAuth tokens (via Manus OAuth), session identifiers
  • Usage data: pages visited, features used, assessment responses, document uploads
  • Payment data: billing name, address, and payment method details (processed by Stripe; we do not store card numbers)
  • Supplier data: contact names, email addresses, and company information for suppliers you invite to the platform
  • Communications: emails you send or receive through the platform

3. Legal Basis for Processing

We process your personal data on the following legal bases under UK GDPR Article 6:

  • Contract performance (Art. 6(1)(b)): to provide the SolvingESG service you have subscribed to
  • Legitimate interests (Art. 6(1)(f)): to improve our platform, prevent fraud, and send service-related communications
  • Legal obligation (Art. 6(1)(c)): to comply with UK law including tax and anti-money laundering requirements
  • Consent (Art. 6(1)(a)): for marketing emails and non-essential cookies (you may withdraw consent at any time)

4. How We Use Your Data

  • Providing and improving the SolvingESG platform
  • Processing payments and managing subscriptions
  • Sending transactional emails (account confirmations, assessment invitations, compliance alerts)
  • Sending marketing communications where you have consented
  • Complying with legal and regulatory obligations
  • Detecting and preventing fraud and abuse

5. Data Sharing

We share personal data with the following third parties:

  • Stripe Inc: payment processing (UK/EU data centre)
  • Resend Inc: transactional email delivery
  • Manus AI: platform hosting and OAuth authentication
  • TiDB Cloud: database hosting (EU region)

We do not sell personal data to third parties. We do not share data with advertisers.

6. International Transfers

Some of our third-party processors are based outside the UK. Where we transfer data internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office (ICO).

7. Data Retention

  • Account data: retained for the duration of your subscription plus 6 years (UK tax law)
  • Assessment data: retained for 7 years to support audit trails
  • Payment records: retained for 6 years (UK tax law)
  • Marketing consent records: retained until withdrawn

8. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

  • Right of access: request a copy of your personal data
  • Right to rectification: correct inaccurate data
  • Right to erasure: request deletion of your data (subject to legal retention obligations)
  • Right to restrict processing: limit how we use your data
  • Right to data portability: receive your data in a machine-readable format
  • Right to object: object to processing based on legitimate interests
  • Rights related to automated decision-making: we do not make solely automated decisions with legal or significant effects

To exercise any of these rights, email [email protected]. We will respond within 30 days.

9. Cookies

We use cookies and similar technologies. See our Cookie Policy for full details. You can manage cookie preferences at any time.

10. Security

We implement appropriate technical and organisational measures to protect personal data, including TLS encryption in transit, encrypted database storage, and access controls. We conduct regular security reviews.

11. Changes to This Policy

We will notify you of material changes to this policy by email and by updating the "Last updated" date above. Continued use of the platform after notification constitutes acceptance.

12. Complaints

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.