Your trust is our foundation

At Sustinu, we understand you're entrusting us with business data, and we take that responsibility seriously.Our platform is purpose-built for material reporting and sustainability tracking, not financial accounting, and this principle is the foundation of our security model.Here’s our commitment to you.

GDPR & EU Compliance

We are a Danish service built for Danish businesses.Full compliance with European privacy law isn't an option, it's our default.

  • EU data residency: All of your data, from uploaded invoices to user information, is processed and stored exclusively on secure servers located within the European Union.No data ever leaves the EU.
  • You control your data: Our platform respects your data rights.Your original invoice is permanently deleted the moment it's successfully processed.For your convenience, we provide a 3-day window to retry any uploads that encounter an error before they are also automatically deleted.
  • Privacy by design: We only collect the data necessary to provide our service.Privacy isn't an afterthought; it's a core principle integrated into every feature we build.

Our Secure Processing Engine

We are a data processing tool, not a document archive.Our core principle is to only handle data essential for material reporting and sustainability tracking.Here's a clear breakdown of what that means in practice:

  • What We Keep:
    • Supplier/Customer Names, Invoice Number & Date: Essential for identifying and organizing your records.
    • Packaging Line Items: This is the core data Sustinu needs to provide its service.
  • What We Discard:
    • Addresses, VAT/CVR Numbers, and Contact Info: Irrelevant for material tracking and considered sensitive data.
    • Bank Details, Prices, Discounts & Financials: We only track material weights, not financial data. This information is completely ignored.

Website Analytics & Your Privacy

To improve our platform, we analyse website traffic.We do this in a way that fully respects your privacy.

  • No Personal Data Collected: We use Plausible Analytics, a European, open-source alternative to Google Analytics.It does not use cookies and collects no personal data.
  • Anonymous Aggregated Statistics: All site measurement is carried out anonymously.We see overall traffic trends, not individual user behaviour.
  • Full Transparency: This privacy-by-design approach allows us to improve our service without compromising your data. You can learn more about our analytics tool on the Plausible website.

Application & Data Security

We employ multiple layers of security to protect your account and your data from unauthorized access.

  • Strict Data Isolation: Our application architecture ensures that your account's data is completely segregated from all other accounts.It is architecturally impossible for another user to access your information.
  • Encryption in Transit: All communication between your web browser and the Sustinu platform is encrypted using industry-standard SSL/TLS (the padlock in your browser).
  • Secure Authentication: We enforce strong password policies and have measures in place to protect against brute-force login attempts, safeguarding your account access.
  • Ongoing Vigilance: We actively maintain our platform, applying security patches and updates to protect against emerging threats.

Secure Subscription Payments

Your financial security is paramount.We have designed our payment system to be as secure as possible.

  • No On-site Card Storage: We do not handle or store your full credit card information on our servers.
  • Certified Payment Partner: All payment processing is handled by our trusted, PCI-DSS Level 1 compliant payment partner, Mollie.They are a leading European payment provider, trusted by thousands of businesses to manage payments with the highest level of security.

Our goal is to provide a service that is not only powerful and easy to use but also one you can trust completely.If you have any specific security questions, please don't hesitate to contact us.