Data Protection & Privacy Policy for CoolPlanet AI

This Data Protection & Privacy Policy (“Policy”) outlines the principles and procedures that CoolPlanet follows to protect our customers data when utilising artificial intelligence (AI) services within our products, including calls to OpenAI or any other third party provider of AI services. It ensures transparency in how data is processed, stored, and secured, maintaining compliance with applicable regulations such as GDPR, SOC 2, and other industry standards.

This Policy applies to all users and stakeholders interacting with CoolPlanet AI within CoolPlanetOS, including but not limited to employees, customers, and third-parties.

The only data transmitted to OpenAI consists of timeseries data, column header names from underlying datasets and additional contextual information related to these (e.g. ambient temperature).

It should be stressed that no client names, factory locations, or other sensitive information are shared by default unless explicitly included in header information or chat input by the user. We recommend reviewing inputs before submission to anonymise any identifiable data.

Users have the ability to rename headers before data is processed by the API to further anonymise any sensitive references.

All data transmitted to OpenAI is encrypted in transit using TLS 1.2+ to prevent unauthorised interception.

As of August 2025, OpenAI retains API data (including prompts and responses) for up to 30 days for abuse and misuse monitoring purposes. This applies to specific API endpoints, including those currently used by CoolPlanet.

This data is not used for model training or improvement. CoolPlanet is monitoring OpenAI’s roadmap to adopt enhanced data privacy options where feasible.

Data processing follows SOC 2 and GDPR-compliant protocols to maintain end-to-end security.

Further details on OpenAI’s data handling policies can be found at Open AI Data Privacy, security and compliance.

Lawful Basis for Processing: The data transmitted to OpenAI is strictly limited to non-identifiable metadata and is used solely for the purpose of analysis within the AI-powered feature.

Data Subject Rights: Users have the right to access, rectify, or erase any personal information that may be included in metadata by mistake.

Data Minimisation: The AI service operates under a data minimisation principle, ensuring that only essential data is processed.

OpenAI’s API and CPOS follow SOC 2 Type II standards, ensuring robust security, availability, processing integrity, confidentiality, and privacy controls.

Internal security audits are conducted periodically to assess compliance with these standards.

Review column headers or chat input before submission to ensure no sensitive data is included.

Anonymize identifiable metadata where necessary.

Report any concerns about data security in relation to CPOS or CoolplanetAI features to customersuccess@coolplanet.io.

OpenAI does not use API data for model training, improvements or shared with any third party. However, certain API endpoints may retain data for 30 days as part of OpenAI’s platform policy for abuse and misuse monitoring.

Data interactions with OpenAI follow strict confidentiality agreements.

Any integrations with third-party AI services beyond OpenAI will be assessed against the same rigorous security and privacy standards.

This Policy may be updated periodically.

Users will be notified of material changes that may impact data processing.

For further questions regarding data security, please contact customersuccess@coolplanet.io