ESGSutra

Privacy Policy

Last updated: 24 March 2026

ESGSutra (“we”, “us”, “our”) operates the website esgsutra.com and the tools accessible through it. This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information.

1. Information We Collect

Information you provide

  • Contact details: email address, name, company name, designation, phone number — provided when you use any of our free tools.
  • Company information: industry sector, SEBI listing category, revenue, employee count — provided as part of tool inputs.
  • Tool inputs: BRSR assessment responses, emission data, regulation text — provided to generate tool results.

Information collected automatically

  • Usage data: pages visited, tool runs, timestamps — via Google Analytics 4 and Microsoft Clarity.
  • Device data: browser type, operating system, IP address, screen resolution.
  • UTM parameters: campaign source, medium, and name from URLs you use to reach our site.

2. How We Use Your Information

  • To provide tool results: your inputs are processed to generate BRSR gap analysis, carbon footprint calculations, or regulation summaries.
  • To send you results: we email your results to the email address you provide.
  • To contact you about our services: we may follow up with information about ESGSutra’s consulting and advisory services.
  • To improve our tools: aggregated, anonymised usage data helps us improve tool quality and user experience.
  • To monitor errors: we use Sentry for error tracking. No personally identifiable information (PII) is sent to Sentry.

3. AI Processing

Two of our tools (BRSR Gap Analyser and Regulation Summariser) use Anthropic’s Claude AI to generate analysis. When AI is used:

  • Your company name is pseudonymised before being sent to the AI (replaced with a placeholder like “CompanyABC”).
  • Your email, name, phone number, and other personal details are never sent to the AI.
  • Regulation text is public information and is sent as-is.
  • AI-generated content is clearly marked as such in tool results.

4. Data Storage and Security

  • Location: all data is stored on AWS infrastructure in Mumbai, India (ap-south-1 region).
  • Database: PostgreSQL on AWS RDS with encryption at rest.
  • Transit: all data in transit is encrypted via TLS/SSL (Cloudflare Full Strict).
  • Access: database access is restricted to our application servers. No public access.
  • Backups: automated daily backups retained for 7 days.

5. Data Sharing

We do not sell your data. We share data only with:

  • Anthropic (Claude AI): pseudonymised tool inputs only, as described in Section 3.
  • Resend: email addresses for sending result emails.
  • Google Analytics / Microsoft Clarity: anonymised usage analytics.
  • Sentry: error logs without PII.
  • Cloudflare: traffic routing and security (CDN, WAF).

6. Your Rights

You have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Delete your data — email us and we will remove your records within 30 days.
  • Withdraw consent for marketing communications at any time.

7. Cookies

We use cookies set by Google Analytics and Microsoft Clarity for usage analytics. These are third-party analytics cookies. We do not use cookies for advertising. You can disable cookies in your browser settings.

8. Data Retention

  • Lead data: retained for 2 years from last activity, then deleted.
  • Tool run data: retained for 2 years, then deleted.
  • Analytics data: governed by Google Analytics and Microsoft Clarity retention policies.

9. Children’s Privacy

Our services are designed for business professionals. We do not knowingly collect data from anyone under 18 years of age.

10. Changes to This Policy

We may update this policy from time to time. Changes will be posted on this page with an updated “Last updated” date. Continued use of our services after changes constitutes acceptance of the updated policy.

11. Contact Us

For privacy-related questions or to exercise your rights, contact us at: [email protected]