Privacy Policy

Last Updated: March 2026

SmarterTariff (“the Platform”), operated by Renew EcoMe LLC, is committed to transparent and ethical data practices. Our data governance aligns with UN Sustainable Development Goal 16 (Peace, Justice & Strong Institutions) through responsible stewardship of your information.

1. Information We Collect

We collect information you provide directly to us, such as when you create an account, subscribe to a paid plan, or contact customer support. This may include your name, email address, and billing information (processed securely by our payment providers). We also collect the URLs you submit for auditing.

URLs submitted for audit are used solely to perform the requested accessibility analysis. We scan only publicly accessible pages and never store credentials or personally identifiable information (PII) discovered during scans.

2. How We Use Your Information

We use the information we collect to operate, maintain, and provide the features and functionality of the Service, as well as to process your transactions and send you related information, including confirmations and receipts.

3. AI-Powered Analysis

3a. Accessibility Analysis (Anthropic Claude)

We use Anthropic’s Claude AI to analyze website screenshots and page structures for WCAG 2.2 compliance violations. When you run a checkout audit:

• Screenshots are sent to the Anthropic API for visual analysis
• Anthropic processes these images in real-time and does not retain them for training
• No personal data from your account is included in the AI analysis request
• AI-generated assessments are stored in your audit history for your reference

3b. Supply Chain & Disaster Risk Analysis (Google Gemini)

We use Google Gemini AI to analyze supply chain transparency and assess disaster and climate risk exposure. When you run a supply chain or disaster risk scan:

• Publicly available web content from the URL you submit is sent to Google Gemini for analysis
• Google Search grounding is used to retrieve real-time information about natural disasters, geopolitical events, tariff changes, and climate conditions relevant to the supply chain nodes identified in your scan
• Geographic locations (city/country names) of supply chain nodes are processed to estimate coordinates for map visualization — no personal location data is used
• Google Maps grounding is used for the Nearby Logistics Finder feature, which discovers ports, warehouses, and freight corridors near supply chain nodes. No personal location data is shared with Google for this feature
• Google processes this data in real-time via their API and does not retain it for model training

3c. In-App Chatbot (Google Gemini)

Our in-app chatbot assistant is powered by Google Gemini. Conversations are processed in real-time; no personal data from your account is included in chatbot requests.

Our SDG impact scores are calculated using a deterministic mapping methodology on your device and do not involve any external API calls.

4. Third-Party Services & Sub-Processors

We use the following third-party services to operate the Platform:

• Supabase — Authentication, database, and file storage. Data is hosted in the United States.
• Vercel — Application hosting and edge delivery.
• Stripe — Subscription billing and payment processing for credit/debit card payments. Stripe handles all card data directly and is PCI DSS Level 1 compliant.
• Anthropic (Claude AI) — Accessibility analysis engine. Website screenshots are processed via API and not stored by Anthropic.
• Heap Analytics — Anonymized usage analytics (page views, feature interactions). Loaded only after you accept our cookie consent banner. User IDs are hashed before transmission.
• Google Ads (Google Tag) — Conversion tracking to measure the effectiveness of our advertising. Loaded only after cookie consent acceptance. No personal data is shared with Google for ad personalization.
• Google Gemini (via Google AI) — Powers supply chain compliance analysis, disaster and climate risk assessment, and the in-app chatbot assistant. Uses Google Search grounding for real-time disaster, geopolitical, and regulatory data retrieval. Uses Google Maps grounding for nearby logistics discovery. No personal data from your account is included in AI requests.
• Mapbox — Interactive map rendering for supply chain node visualization and disaster risk geographic display. No personal data is shared with Mapbox.
• Google Cloud Platform — Backend compute (Cloud Run) for audit processing. Data is processed in the United States.

International Data Transfers: For users in the EU/EEA, personal data transferred to the United States is protected by Standard Contractual Clauses (SCCs) as approved by the European Commission, or other legally recognized transfer mechanisms. Our sub-processors maintain their own SCCs and data protection agreements. If you require a copy of the applicable SCCs, please contact us.

5. Data Sharing and Disclosure

We do not sell your personal data. We share your information with the third-party service providers listed above solely for the purpose of providing the Service. These providers are bound by their respective data processing agreements and privacy policies.

6. Data Security

We implement reasonable security measures to protect the security of your personal information both online and offline, including encryption in transit (TLS) and at rest. However, no method of transmission over the Internet or method of electronic storage is 100% secure.

7. Data Retention

We retain your data according to the following schedule:

• Account data (email, profile) — retained while your account is active, deleted within 30 days of account deletion request
• Audit results — retained for 12 months after account deletion, then permanently removed
• Billing records — retained for 7 years after last transaction as required by U.S. tax law (IRS record-keeping requirements)
• Anonymous, aggregated analytics — may be retained indefinitely as this data cannot be linked to individual users
• Server logs — automatically purged after 90 days

You may delete your account and associated data at any time through your profile settings or by contacting us.

8. Your Rights (GDPR & CCPA)

Depending on your location, you may have the right to access, correct, delete, or restrict the use of your personal data. If you wish to exercise these rights, please contact us. You can delete your account and associated data directly from your profile settings or by contacting our support team.

For EU/EEA residents: our legal basis for processing personal data is contract performance (providing the audit service you requested) and legitimate interest (improving the Platform). Analytics processing is based on your consent.

8.1 CCPA — Categories of Personal Information

Under the California Consumer Privacy Act (CCPA), we collect the following categories of personal information:

• Identifiers — Name, email address, IP address, account ID
• Commercial information — Subscription plan, billing history, transaction records
• Internet or electronic network activity — Pages visited, feature usage, audit URLs submitted, browser type, referring URL
• Geolocation data — Approximate location derived from IP address (city/region level only)
• Inferences — Subscription tier eligibility, usage patterns for product improvement

We do not sell or share personal information for cross-context behavioral advertising. California residents may request disclosure, deletion, or correction of their data by contacting us at hello@sustainable207.com or via our Do Not Sell My Personal Information page.

9. Data Breach Notification

In the event of a data breach affecting your personal information, we will notify affected users within 72 hours of discovery via the email address associated with your account and a prominent notice on the Platform. We will also notify relevant supervisory authorities as required by applicable law, including but not limited to the GDPR (Article 33) and applicable U.S. state breach notification laws.

The notification will include: a description of the nature of the breach, the categories and approximate number of users affected, the likely consequences of the breach, and the measures taken or proposed to address the breach.

10. International Data Transfers & Canadian Routing

SmarterTariff™ and DigitalContinuity.ai are operated by Renew EcoMe LLC, a company incorporated in Maine, United States. Our founder is a dual citizen of Canada and the United States.

🍁 EU/EEA API Routing via Canada (since December 2025): All API requests from EU/EEA visitors are automatically routed through our Canadian infrastructure at api.mastwoods.ca, hosted by CanSpace in Canada. Canada is recognized by the European Commission as providing an adequate level of data protection under GDPR Article 45. This routing has been active since December 2025. The mastwoods.ca site itself has its own GDPR cookie consent banner.

The name “mastwoods” comes from our founder's grandfather's farm in Port Hope, Ontario — where he grew up and had his first summer jobs. This isn't just compliance infrastructure; it's heritage.

Additional transfer safeguards: For transfers not covered by the Canadian adequacy decision, we rely on Standard Contractual Clauses (SCCs) — Module 2 (Controller to Processor) adopted in EU Commission Decision 2021/914. Our key sub-processors (Vercel, Supabase, Stripe, Anthropic, Google Cloud) each maintain their own lawful transfer mechanisms. Details are available in our DPA Schedule 2.

To request transfer safeguard information: hello@sustainable207.com

11. Data Processing Agreement (DPA)

If you are a business customer processing EEA personal data through our platform, you may be required under GDPR to enter into a Data Processing Agreement (DPA) with us. Our standard DPA covers processing scope, security measures, sub-processors, SCCs, breach notification timelines, data subject rights assistance, and audit rights.

To request a DPA, please email hello@sustainable207.com with subject “DPA Request — [Your Company Name]”. We will respond within 5 business days.

12. SDG Alignment

Our privacy practices reflect our commitment to the UN Sustainable Development Goals. Specifically, transparent data governance supports SDG 16 (Peace, Justice & Strong Institutions), and accessible, privacy-respecting digital services advance SDG 10 (Reduced Inequalities).

13. Data Protection Contact

Renew EcoMe LLC does not currently meet the thresholds requiring appointment of a formal Data Protection Officer (DPO) under GDPR Article 37. However, we have designated a data protection point of contact for all privacy-related inquiries:

For EEA residents wishing to exercise GDPR rights (access, rectification, erasure, restriction, portability, objection, or withdrawal of consent), please contact us at the above address.

You also have the right to lodge a complaint with your local data protection supervisory authority. In Ireland: Data Protection Commission. In the UK: Information Commissioner's Office.

14. Canadian Privacy (PIPEDA & CASL)

14.1 PIPEDA — Personal Information Protection and Electronic Documents Act

As a company with Canadian connections and a customer base that includes Canadian residents, Renew EcoMe LLC handles personal information in accordance with Canada's federal Personal Information Protection and Electronic Documents Act (PIPEDA) and its Ten Fair Information Principles:

• Accountability — Chris Edwards, Founder, is the designated privacy officer responsible for compliance with PIPEDA (contact: hello@sustainable207.com)
• Identifying Purposes — Purposes for collecting personal information are identified in Section 2 (How We Use Your Information) prior to or at the time of collection
• Consent — We obtain meaningful consent for the collection, use, and disclosure of personal information. For analytics and marketing cookies, consent is obtained via our cookie consent banner before any tracking begins
• Limiting Collection — We collect only the minimum information necessary to provide the Service
• Limiting Use, Disclosure, and Retention — Personal information is used only for identified purposes; retention schedules are detailed in Section 7
• Accuracy — You may update your account information at any time through your profile settings
• Safeguards — Technical and organizational measures are described in Section 6 (Data Security)
• Openness — This Privacy Policy is publicly accessible and kept current. Any material changes are communicated by email or in-app notice
• Individual Access — Canadian residents may request access to their personal information held by us within 30 days of a written request. To exercise this right, contact hello@sustainable207.com
• Challenging Compliance — If you believe we have not complied with PIPEDA, you may file a complaint with the Office of the Privacy Commissioner of Canada (OPC)

Cross-border transfers: Personal information of Canadian residents may be transferred to and processed in the United States. We have put in place contractual protections with our service providers to ensure your information receives a comparable level of protection. You acknowledge that your information may be subject to access by U.S. law enforcement authorities.

14.2 CASL — Canada's Anti-Spam Legislation

If you are located in Canada, our email communications are governed by Canada's Anti-Spam Legislation (CASL). We comply with CASL as follows:

• Express consent — We will only send you commercial electronic messages (CEMs) after obtaining your express consent via a clear opt-in (e.g., a checkbox on our sign-up form), or where permitted by CASL, implied consent based on an existing business relationship
• Identification — Every commercial email we send identifies Renew EcoMe LLC, Cape Elizabeth, Maine 04107 USA, and our contact email
• Unsubscribe mechanism — Every commercial email contains a prominent, functional unsubscribe link. Unsubscribe requests are processed within 10 business days
• Transactional emails — Receipts, subscription confirmations, security alerts, and account notifications are transactional in nature and are not subject to CASL consent requirements

To unsubscribe from all marketing communications, use the unsubscribe link in any email or contact hello@sustainable207.com.

15. Contact Us

If you have any questions about this Privacy Policy, please contact us at hello@sustainable207.com.