Security

Security & Compliance

CarbonAtoZ is built for regulated carbon-compliance workflows where access control, auditability, and data stewardship matter as much as calculation accuracy.

Last updated 29 June 2026Frontend legal surface

Control posture

Role-based access

Product workspaces are fenced by role and organization so users only reach the workflows they are authorized to operate.

Audit trails

Sensitive operational changes are designed to leave an auditable record for review, investigation, and compliance follow-up.

Privileged action checks

Administrative and paid-tier workflows use server-side checks rather than relying on hidden frontend controls.

Data stewardship

Public privacy intake, cookie preference handling, and authenticated governance workflows are separated so visitor requests can be handled without exposing product workspaces.

  • Privacy requests are routed through a public intake and verification flow.
  • Cookie choices are presented separately from essential security behavior.
  • Access reviews and security posture tools live in authenticated governance and admin areas.

Scope note

This public page summarizes the product security posture at a high level. Contractual security exhibits, detailed penetration-test reports, and customer-specific data-processing terms should be handled through the commercial or legal review process.