You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: privacy_policy_en.md
+61-22Lines changed: 61 additions & 22 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -39,9 +39,10 @@ For the purposes of this Privacy Policy:
39
39
40
40
41
41
-__Service__ refers to the Website.
42
+
-__Service__ refers to the Website, the public and private Application Programming Interfaces ("API"), and the CodeCarbon software development kits and client libraries (collectively, "SDK").
42
43
43
44
-__Service Provider__ means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analyzing how the Service is used.
44
-
45
+
45
46
46
47
-__Usage Data__ refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
47
48
@@ -52,6 +53,20 @@ For the purposes of this Privacy Policy:
52
53
53
54
54
55
56
+
## Scope
57
+
58
+
This Privacy Policy applies to two distinct scopes of the Service:
59
+
60
+
-__Website:__ Our public website and web dashboard (including pages at `dashboard.codecarbon.io`). Cookie and web-tracking provisions apply to this scope only.
61
+
-__API/SDK:__ The CodeCarbon API endpoints and the CodeCarbon SDKs/clients used from your code, scripts, or tools. Cookies are not used in this scope; authentication relies on headers/tokens.
62
+
63
+
Additionally, CodeCarbon can be used in two modes:
64
+
65
+
-__No-API Mode:__ You may use CodeCarbon locally without sending data to our API, this is the default. In this case, data remains on your machine (for example, in local files such as `emissions.csv`) and is not transmitted to us.
66
+
67
+
-__API-Connected Mode:__ If configured to connect to our API (for example, by setting an API URL and credentials), certain data described below is transmitted to and processed by us.
68
+
69
+
55
70
## Collecting and Using Your Personal Data
56
71
57
72
### Types of Data Collected
@@ -69,6 +84,24 @@ While using Our Service, We may ask You to provide Us with certain personally id
69
84
- Usage Data
70
85
71
86
87
+
#### API/SDK Data Categories (API-Connected Mode)
88
+
89
+
When you use the API or SDK in an API-connected configuration, we may receive and process the following categories of data, as provided by you or as required to compute emissions and operate the Service:
90
+
91
+
-__Account and identifiers:__ account ID, organization, project/workspace identifiers, user ID or email (when authentication flows provide it), and API key or token identifiers.
92
+
-__Run and job metadata:__ run IDs, names/labels, tags, code version/revision, timestamps, durations, and any metadata you attach (e.g., experiment name, dataset name, framework).
93
+
-__System and environment information:__ operating system details, CPU/GPU model names, number of cores, memory size, and similar attributes needed to estimate or report emissions.
94
+
-__Energy and performance measurements:__ power draw estimates or readings (e.g., CPU/GPU power), energy consumption, utilization and timing metrics necessary to calculate emissions.
95
+
-__Location and grid intensity context:__ an approximate geographical context or grid region used to determine carbon intensity. This may be derived from configuration you provide (e.g., a region) or network information such as an IP address.
96
+
-__Logs and diagnostics (optional):__ client or server logs and error reports that help support and improve the Service. These may contain timestamps, request identifiers, and limited contextual information.
97
+
98
+
Some fields are optional or configurable. You can choose not to send certain metadata from the SDK where supported by configuration.
99
+
100
+
#### Authentication and Credentials (API/SDK)
101
+
102
+
For API/SDK access, we process credentials such as API keys, OAuth/JWT tokens, or similar headers. We use these solely to authenticate and authorize requests. You can rotate or revoke credentials using available mechanisms (for example, via the dashboard or by generating new keys). We do not use cookies for API/SDK authentication.
103
+
104
+
72
105
73
106
#### Usage Data
74
107
@@ -87,7 +120,7 @@ We may also collect information that Your browser sends whenever You visit Our S
87
120
88
121
#### Tracking Technologies and Cookies
89
122
90
-
We use Cookies and similar tracking technologies to track the activity on Our Service and store certain information. Tracking technologies We use include beacons, tags, and scripts to collect and track information and to improve and analyze Our Service. The technologies We use may include:
123
+
This section applies to the __Website__ scope. We use Cookies and similar tracking technologies to track activity on the Website and store certain information. Tracking technologies we use include beacons, tags, and scripts to collect and track information and to improve and analyze our Website. The technologies we use may include:
91
124
92
125
-__Cookies or Browser Cookies.__ A cookie is a small file placed on Your Device. You can instruct Your browser to refuse all Cookies or to indicate when a Cookie is being sent. However, if You do not accept Cookies, You may not be able to use some parts of our Service. Unless you have adjusted Your browser setting so that it will refuse Cookies, our Service may use Cookies.
93
126
-__Web Beacons.__ Certain sections of our Service and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of a certain section and verifying system and server integrity).
@@ -120,7 +153,7 @@ We use both Session and Persistent Cookies for the purposes set out below:
120
153
121
154
122
155
123
-
For more information about the cookies we use and your choices regarding cookies, please visit our Cookies Policy or the Cookies section of our Privacy Policy.
156
+
For more information about the cookies we use and your choices regarding cookies, please visit our Cookies Policy or the Cookies section of our Privacy Policy. Cookies are not used for API/SDK authentication.
124
157
125
158
126
159
### Use of Your Personal Data
@@ -135,23 +168,40 @@ The Company may use Personal Data for the following purposes:
135
168
-__To manage Your requests:__ To attend and manage Your requests to Us.
136
169
137
170
-__For business transfers:__ We may use Your information to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by Us about our Service users is among the assets transferred.
138
-
-__For other purposes__: We may use Your information for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our Service, products, services, marketing and your experience.
171
+
172
+
-__For other purposes__: We may use Your information for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our Service, products, services, marketing and your experience.
139
173
140
174
We may share Your personal information in the following situations:
141
175
142
176
-__With Service Providers:__ We may share Your personal information with Service Providers to monitor and analyze the use of our Service, to contact You.
143
177
-__For business transfers:__ We may share or transfer Your personal information in connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of Our business to another company.
144
178
-__With Affiliates:__ We may share Your information with Our affiliates, in which case we will require those affiliates to honor this Privacy Policy. Affiliates include Our parent company and any other subsidiaries, joint venture partners or other companies that We control or that are under common control with Us.
145
179
-__With business partners:__ We may share Your information with Our business partners to offer You certain products, services or promotions.
146
-
-__With other users:__ when You share personal information or otherwise interact in the public areas with other users, such information may be viewed by all users and may be publicly distributed outside.
180
+
-__With other users:__ when You share personal information or otherwise interact in the public areas with other users, such information may be viewed by all users and may be publicly distributed outside.
147
181
-__With Your consent__: We may disclose Your personal information for any other purpose with Your consent.
148
182
183
+
#### Legal Bases for Processing (where applicable)
184
+
185
+
Where data protection laws (such as the GDPR) require a legal basis, we rely on one or more of the following:
186
+
187
+
-__Contract__: to provide and maintain the Service you requested (e.g., processing run data to compute emissions and display results).
188
+
-__Legitimate interests__: to secure, operate, and improve the Service (e.g., preventing abuse, troubleshooting, usage analytics consistent with your settings).
189
+
-__Consent__: for optional activities such as certain marketing communications or Website analytics where consent is required.
190
+
-__Legal obligation__: to comply with laws, regulations, court orders, or enforceable governmental requests.
191
+
192
+
#### Website vs API/SDK Purposes
193
+
194
+
-__Website__: operate the site and dashboard, personalize your experience, authenticate sessions, and measure Website performance (as described in the Cookies section).
195
+
-__API/SDK__: authenticate and authorize API calls; compute and store emissions-related results and metadata; provide project/run dashboards; ensure security, integrity, and reliability of the platform.
196
+
149
197
### Retention of Your Personal Data
150
198
151
199
The Company will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use Your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.
152
200
153
201
The Company will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer periods.
154
202
203
+
__Scope-specific notes:__ In __No-API Mode__, data produced by CodeCarbon remains on your machine (for example, local CSV files) and is not retained by us. In __API-Connected Mode__, run and project data are retained for as long as needed to provide the Service to you, subject to your organization’s settings and applicable law. You may request deletion of API/SDK data as described below. Backup copies may persist for a limited period consistent with our backup and disaster recovery practices.
204
+
155
205
### Transfer of Your Personal Data
156
206
157
207
Your information, including Personal Data, is processed at the Company's operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers located outside of Your state, province, country or other governmental jurisdiction where the data protection laws may differ from those from Your jurisdiction.
@@ -160,6 +210,8 @@ Your consent to this Privacy Policy followed by Your submission of such informat
160
210
161
211
The Company will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Privacy Policy and no transfer of Your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of Your data and other personal information.
162
212
213
+
__Subprocessors__: We may use third-party providers (for example, cloud hosting, logging/monitoring, email delivery) to support the Service. Where required, we enter into appropriate data protection agreements with such providers. A current list of material subprocessors may be made available upon request or in our documentation.
214
+
163
215
### Delete Your Personal Data
164
216
165
217
You have the right to delete or request that We assist in deleting the Personal Data that We have collected about You.
@@ -168,6 +220,8 @@ Our Service may give You the ability to delete certain information about You fro
168
220
169
221
You may update, amend, or delete Your information at any time by signing in to Your Account, if you have one, and visiting the account settings section that allows you to manage Your personal information. You may also contact Us to request access to, correct, or delete any personal information that You have provided to Us.
170
222
223
+
For __API/SDK__ data specifically, you may request deletion of run/project data associated with your account, subject to any organizational policies or legal obligations. You can also revoke API credentials (e.g., API keys or tokens); revocation will prevent further authenticated calls but does not by itself delete historical data. Data generated in __No-API Mode__ resides on your systems; we do not have access to it and cannot delete it on your behalf.
224
+
171
225
Please note, however, that We may need to retain certain information when we have a legal obligation or lawful basis to do so.
172
226
173
227
### Disclosure of Your Personal Data
@@ -192,22 +246,7 @@ The Company may disclose Your Personal Data in the good faith belief that such a
192
246
193
247
### Security of Your Personal Data
194
248
195
-
The security of Your Personal Data is important to Us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While We strive to use commercially reasonable means to protect Your Personal Data, We cannot guarantee its absolute security.
196
-
197
-
198
-
199
-
200
-
201
-
202
-
203
-
204
-
205
-
206
-
207
-
208
-
209
-
210
-
249
+
The security of Your Personal Data is important to Us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While We strive to use commercially reasonable means to protect Your Personal Data, We cannot guarantee its absolute security. Measures we implement include encryption in transit (e.g., TLS), access controls based on least privilege, and monitoring designed to detect abuse or misuse of the platform.
211
250
212
251
213
252
@@ -238,4 +277,4 @@ If you have any questions about this Privacy Policy, You can contact us:
238
277
239
278
240
279
241
-
- By visiting this page on our website: [https://github.com/mlco2/codecarbon/blob/master/README.md#contact-](https://github.com/mlco2/codecarbon/blob/master/README.md#contact-)
280
+
- By visiting this page on our website: [https://github.com/mlco2/codecarbon/blob/master/README.md#contact-](https://github.com/mlco2/codecarbon/blob/master/README.md#contact-)
0 commit comments