Skip to content

ML and AI Usage

Last update / effective date: 27 October 2025

ℹ️ This note reflects how Carbonfact intends to use Machine Learning and Artificial Intelligence for processing customer data. This covers features currently under development that have not yet been released to customers.

We regularly review and update our AI governance, security, and compliance frameworks to reflect evolving regulations and best practices.

How Carbonfact Uses Artificial Intelligence (AI) and Machine Learning (ML) for Customer Data

At Carbonfact, we use Machine Learning (ML) and Artificial Intelligence (AI, such as Large Language Models, or LLMs) to enhance data quality, automate reporting, and streamline sustainability workflows.

We design all AI features to be secure, transparent, and compliant with privacy and regulatory standards, including the EU AI Act and GDPR.

 

💡 How AI/ML are used to process Customer Data

We use AI/ML to process customer data in a few focused ways:

  • Data enrichment and gap-filling: Our platform uses machine learning algorithms to fill data gaps and extrapolate missing values when primary data is unavailable, always making clear which results are based on primary data and which are computed or estimated.
  • Heuristics and anomaly detection: ML is used to apply heuristics and detect anomalies in customer-supplied data, improving data integrity and reducing manual workload.
  • Automated reporting: Generative AI may be used to assist in the preparation of sustainability reports, summaries, and regulatory documentation, based on structured customer data.
  • Generative AI/LLM features: Where applicable, generative AI models (our current model providers are Anthropic, OpenAI and Google Cloud Platform) may be used to provide customer-facing features such as chat-based support, document Q&A, or automated data mapping. Customers are informed when these features are active and can request at any time for them to be disabled (opt-out).

 

🔒 Data Protection and Safeguards

We take strong measures to protect all customer data:

  • Data minimization: Only the minimum necessary data is processed by AI features. Personal data is excluded from AI/LLM processing.
  • No data storage or training by AI providers: All model providers are contractually and technically configured so that customer data is not stored, retained, or used for training the models. This is a mandatory criterion for provider selection and integration.
  • Opt-in/opt-out controls: Customers can opt out of AI/LLM-powered features at the account level, and some features may require explicit customer approval before customer data is processed by generative AI.
  • Transparency and auditability: All data processing activities are logged, and customers may request information about how their data is processed or exported

 

⚖️ Compliance with Regulations (EU AI Act, GDPR)

Our AI systems are classified as low-risk under the EU AI Act.

They are used for reporting automation and workflow optimization — never for high-risk applications like biometric identification or social scoring.

To ensure compliance:

  • We maintain full transparency about all AI features and safeguards.
  • We ensure all providers meet GDPR, EU AI Act, and Carbonfact security standards.

 

✅ Approved AI Providers

We only work with providers that guarantee data privacy, non-retention, and non-training of customer data.

Our current approved providers are:

  • Anthropic (Claude)
  • OpenAI
  • Google Cloud Platform (Gemini)

All integrations are configured to disable data retention and restrict processing strictly to the feature’s purpose.

For more information, please contact Carbonfact’s CTO at cto@carbonfact.com.

If you click on “Accept all” you agree to the use of these cookies. To find out more about the cookies we use, see our Privacy & Cookie Policy. Or, you can continue without agreeing .