Links
🔓

Data Privacy Statement

EHDD is committed to protecting the privacy of those using the open access EPIC web application (hereafter, "EPIC") and the confidentiality of their data. However, by using this service you agree that EHDD has no liability whatsoever for damage caused by the disclosure of information entered into the site, whether due to a software error or any other reason. We sincerely intend and make our best effort to implement the policy below, but ultimately this service is offered as-is and without warranties or guarantees of any kind.
This agreement covers the two kinds of data provided by EPIC users: user data and project data. “User data” refers to information that identifies a user and their account. “Project data” refers to the information entered by a user related to a specific project, its base case parameters, and its carbon reduction scenarios. All project and user data entered into EPIC are presumed to be proprietary and confidential. Project and user data in EPIC are not shared publicly, not available for purchase, and not accessible internally within EHDD.
EPIC’s system administrators, whether employed by or contracted to EHDD, may have access to user or project data in some cases. These cases are delineated below.

Confidentiality of user data

Identifying user information will be used by system administrators in only the following cases:
  1. 1.
    Feedback and troubleshooting. If you contact EHDD with questions about EPIC or its use, we will use the identifying information in your message to communicate with and assist you. In some cases, a user may share user or project data with EPIC administrators to troubleshoot issues or problems they encounter using the tool. While troubleshooting, any disclosure of data on the part of the user is entirely voluntary.
  2. 2.
    Email communication. At sign-up or any time thereafter, a user can opt-in to receive occasional email updates related to EPIC. The use of identifying information is necessary to send these messages. In the case of a security breach or significant update, all EPIC users will be notified via email.
User data and authentication services are handled by Clerk, a user management service that is SOC 2 type certified, GDPR & CCPA compliant, and conducts regular third-party audits and pen testing. Read more about Clerk’s security measures.

Confidentiality of project data

For security reasons, all project data are associated only with a random identification number and do not contain personally-identifying information. System administrators will have access to the anonymized project data while performing database maintenance but are not authorized to disclose or divulge this data within EHDD or to others.
These anonymized project data are maintained in a secure MongoDB Atlas database hosted on cloud servers by Amazon Web Services (AWS). All data are protected by a dedicated firewall, all server traffic is end-to-end encrypted using TLS, and the service is SOC 2 type certified and GDPR compliant. Read more about MongoDB Atlas’s security measures.

Use of web cookies

EPIC uses web cookies as a security measure during a user session to verify a user’s identity and allow verified users to view project and user data stored within EPIC. The use of necessary first-party cookies does not require consent under GDPR. EPIC does not use any third-party cookies.

Communication regarding this statement

Any communication regarding data confidentiality or this statement should be directed to [email protected].

Changelog

We may make occasional updates to this data confidentiality statement. Any material changes to the statement will be outlined in the changelog below.
May 27, 2022 - Data confidentiality statement published.
March 8, 2023 - Reformatted statement with no changes to content.
April 4, 2023 - Renamed "Data Privacy Statement" and clarified reference to the open access EPIC web application.
​