Privacy Policy
Last updated: 6 June 2025
1. Who we are
BoltScope Pty Ltd ("BoltScope", "we", "our", "us") operates a blockchain-powered marketplace that lets organisations collect, verify and exchange ESG and Scope 3 emissions data. Our registered office is in Melbourne, Australia.
2. The data we collect
| Category | Typical items | Source | Purpose / lawful basis* |
|---|---|---|---|
| Account & contact | Name, job title, company, email, phone | You | Contract; legitimate interest |
| Org. & ESG data | Supplier IDs, facility locations, emission metrics, audit docs | You / your suppliers | Contract; legitimate interest |
| Wallet / blockchain IDs | Public wallet address | You | Contract; consent |
| Usage data | Log files, IP, device, browser, session timestamps | Your device | Legitimate interest |
| Cookies & similar tech | See Cookie Policy below | Your device | Consent (where required) |
*Under GDPR: Art 6 (1)(a) consent; (b) contract; (f) legitimate interest (security, fraud prevention, service improvement).
3. How we use your data
To provide the platform—create accounts, authenticate users, execute smart-contracts and record data on-chain.
Verification & compliance—validate supplier information, generate blockchain proofs, meet legal obligations.
Service improvement & analytics—measure usage patterns, debug, train models and enhance UI/UX.
Marketing (optional)—send newsletters or product updates; you can opt out any time.
4. Sharing & disclosure
We never sell your personal information. We may share it only:
On-chain: ESG records become tamper-proof and publicly discoverable. Sensitive supplier data is hashed or tokenised before upload.
Service providers: hosting (AWS Sydney), analytics, email & support vendors under strict DPAs.
Legal & safety: when required by law or to defend legal claims.
Corporate events: merger, acquisition or asset sale (we will notify you).
5. International transfers
Where data moves outside Australia/EU/UK, we rely on:
Standard Contractual Clauses (EU) or UK Addendum;
The recipient's APP-compliant safeguards.
6. Security
We apply ISO 27001-aligned controls: encryption in transit & at rest, private keys stored in HSMs, role-based access, continuous monitoring and annual penetration testing.
7. Retention
Account data → while you hold an account + 7 years (to meet audit obligations).
Blockchain entries → permanently immutable; where erasure is requested we can only add a "tombstone" hash.
8. Your rights
Depending on your location you may:
- Access / download a copy of your data
- Correct or update it
- Erase or restrict processing (where technically feasible)
- Object to direct marketing
- Port data to another provider
- Complain to OAIC (AU), ICO (UK) or your local DPA
Email contact@getboltscope.com to exercise any right.
9. Children
The platform is for business users 18+. We don't knowingly collect children's data.
10. Changes
We'll post any revisions here and, if material, email account holders 14 days before they take effect.