Privacy Policy

2. Definitions

SERVICE means the Karbon Analytics websites, including https://karbonanalytics.com and https://app.karbonanalytics.com, operated by Karbon Analytics (a registered brand of Taha Okuyan).

PERSONAL DATA means data about a living individual who can be identified from those data (or from those and other information either in our possession or likely to come into our possession). This may include, but is not limited to, your name, email address, or company affiliation.

USAGE DATA is data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, device type, browser metadata, or the duration of a dashboard session).

COOKIES are small files stored on your device (computer or mobile device) that help identify repeat visitors and enhance user experience.

DATA CONTROLLER means a natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed. For the purpose of this Privacy Policy, Karbon Analytics is the Data Controller of your data.

DATA PROCESSORS (OR SERVICE PROVIDERS) means any natural or legal person who processes the data on behalf of the Data Controller. We may use the services of various Service Providers to process your data more effectively and securely.

DATA SUBJECT is any living individual who is the subject of Personal Data.

THE USER is the individual using our Service. The User corresponds to the Data Subject, who is the subject of Personal Data.

3. Information Collection and Use

We collect several types of information for various purposes to provide, improve, and maintain the Service.

This includes:

• Personal Data provided directly by you during account creation or while using the platform
• Usage Data collected automatically through analytics tools and infrastructure logs
• Integration Data collected from third-party data sources you connect (e.g., Shopify, Google Analytics)

We collect only the data necessary to operate the platform, provide support, maintain security, and deliver insights relevant to your business. We do not sell your personal data, and we do not collect sensitive categories of personal information such as government IDs, financial account numbers, or biometric data.

4. Types of Data Collected

4.1 Personal Data

We collect limited personal information when you create an account or interact with the Service. This may include your name, email address, and optionally your company name. Authentication is handled securely through AWS Cognito. We do not collect or store payment method details.

4.2 Usage Data

We automatically collect technical and behavioral data related to your use of the platform. This includes session information, browser and device metadata, and interaction patterns. This data is used strictly for analytics, product optimization, and service monitoring. It is collected through PostHog and other infrastructure tools.

4.3 Integration Data

When you connect third-party data sources (such as e-commerce, analytics, or marketing platforms), we access selected business data through authorized APIs to generate dashboards and insights.

Karbon Analytics never collects, processes, or stores personal information about your customers—such as names, email addresses, or contact details—and never will. We only work with non-identifiable data such as order metrics, product details, anonymous customer or order IDs, and city-level geographic information.

This approach applies consistently across all current and future integrations.

5. Use of Data & Legal Bases

Karbon Analytics uses the data we collect for the following purposes:

• To provide, operate, and maintain the Service you've subscribed to
• To authenticate and manage user accounts
• To respond to support requests and inquiries
• To improve platform performance, usability, and security
• To monitor usage trends and ensure service stability
• To prevent misuse and enforce our Terms of Service
• To comply with applicable legal and regulatory obligations

We do not use your personal data—or any connected business data—for advertising, profiling, or resale. Customer data is processed solely to deliver value to the account that owns it.

Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data based on the following legal grounds:

• Contract Performance: To provide the Service you've subscribed to, authenticate accounts, and respond to support requests
• Legitimate Interests: To improve platform performance, monitor usage trends, ensure security, and prevent misuse
• Legal Obligations: To comply with applicable laws and regulatory requirements
• Consent: Where explicitly obtained, such as for marketing communications (you can withdraw consent at any time)

6. How We Store and Protect Data

Your data is stored in secure cloud infrastructure located in the United States, managed by Amazon Web Services (AWS). All data is encrypted in transit and at rest, and access is restricted based on user roles and account ownership.

Karbon Analytics uses access controls, account isolation, and logging to prevent unauthorized access and ensure that data remains private to each customer.

If you are located in the European Economic Area (EEA) or other regions with data transfer regulations, you acknowledge and agree that your data may be transferred to and processed in the United States. These transfers are necessary to provide the Service and are handled in accordance with applicable data protection laws.

7. Data Retention

We retain different types of data for different periods, depending on how the data is used:

• Integration data (e.g. data imported from connected platforms) is stored for the duration of your subscription. If your account is canceled, this data is deleted within 30 days to support potential reactivation and ensure system integrity, unless a longer retention period is required by law.
• Platform usage data (e.g. user interactions and behavioral metrics) is retained indefinitely for product analytics and performance monitoring. This data is anonymized or pseudonymized where possible.
• Account information is retained for as long as your account is active or until you request deletion.

You may request deletion of your integration data or account at any time by contacting us (see Section 14). We reserve the right to retain certain information if required to comply with legal obligations or enforce our agreements.

8. Service Providers and Analytics Tools

We use a limited number of third-party service providers to operate and improve the platform. These services may process data on our behalf under strict confidentiality and data protection agreements.

• Amazon Web Services (AWS): Our core infrastructure and authentication provider, used for hosting, storage, and platform security.
• PostHog: Used for product analytics and behavioral insights to help us improve the user experience.
• OpenAI: Certain AI features may be powered by OpenAI. These features only process anonymized and aggregated metrics, never personally identifiable or customer-specific data.

We evaluate these providers carefully and limit their access to only the data necessary to perform their functions.

9. Google API Services Compliance

Karbon Analytics' use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

We do not use Google user data for advertising purposes, and we do not sell or share it with third parties. We do not use Google data to train generalized AI or machine learning models.

All use of Google data is limited to providing user-requested analytics features such as dashboard generation and performance reporting within the platform.

10. Your Data Protection Rights

If You Are Located in the EEA (GDPR)

If you are a resident of the European Union (EU) or European Economic Area (EEA), you have the following rights under the General Data Protection Regulation (GDPR):

• The right to access the personal data we hold about you
• The right to request rectification (correction) or deletion of your personal data
• The right to object to or restrict our processing of your data
• The right to data portability (to receive your personal data and integration data in a structured, machine-readable format)
• The right to withdraw consent at any time, where processing is based on consent

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days (or 1 month under GDPR). We may ask you to verify your identity before responding. You also have the right to lodge a complaint with your local data protection authority.

If You Are a California Resident (CCPA)

Under the California Consumer Privacy Act (CCPA), you may request:

• To know what categories of personal information we have collected about you
• To request deletion of personal information we hold about you
• To know whether we have sold or shared your personal information (we do not)
• To receive equal service and pricing, even if you exercise your privacy rights

To make a request under CCPA, contact us at [email protected]. We may only fulfill requests from California residents after verifying your identity.

Other Jurisdictions

If you are located in other jurisdictions with data protection laws, you may have similar rights. Please contact us at [email protected] to learn about your specific rights.

11. Children's Privacy

Our Services are not intended for use by children under the age of 18 ("Child" or "Children").

We do not knowingly collect personally identifiable information from Children under 18. If you become aware that a Child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from Children without verification of parental consent, we will take steps to remove that information from our systems.

12. Cookies and Similar Technologies

We use cookies and similar technologies to operate, secure, and improve our website and platform. Cookies are small files stored on your device that help us provide our services and enhance user experience.

We use:

• Essential cookies – Required for the platform to function properly and securely. These are mandatory and cannot be disabled.
• Analytics cookies – Used to understand product usage and improve performance. These are provided by tools like PostHog.

You can manage or disable non-essential cookies (such as analytics) through your browser settings. However, disabling essential cookies will prevent the Service from functioning properly.

We do not use cookies for advertising or tracking users across third-party websites.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated "Effective Date" at the top of the document.

We may also notify you by email or by placing a notice within the Service prior to changes taking effect. You are encouraged to review this Privacy Policy periodically for any updates.

Changes to this Privacy Policy are effective when posted to this page.

14. Contact Us

If you have any questions about this Privacy Policy or your data, please contact us:

Email: [email protected]

Business Address: Fenerbahçe Mah. İğrip Sk. No: 13 İç Kapı No: 1 Kadıköy/İstanbul, Turkey

You can also reach us through our contact page.