Security and Data Protection

How MEA Carbon Suite approaches data protection, access governance, and responsible data handling across public website interactions and the platform environment.

Data Context Separation

Inquiry data submitted through the public website is handled separately from customer data within the MEA Carbon Suite platform environment.

Organization-Level Access

Each organization's data is accessible only to its authorized users. Platform access is governed by role-based permissions aligned with organizational responsibilities.

Document-Linked Records

Emissions records can be linked to supporting documents such as utility bills, fuel receipts, and meter readings to support traceable audit trails.

Staged Review Workflows

Records pass through structured review cycles with role-based permissions before entering the governed inventory, supporting controlled data promotion.

Calculation Provenance

Every calculated emission value retains its methodology source, emission factor reference, and review history, supporting traceable audit trails.

Customer Data Ownership

Customers control the accuracy, completeness, and management of the information and evidence they submit. The platform provides structure and tools; customers own their data.

Data Handling Approach

We maintain two distinct data contexts — public website interactions and platform customer operations — each with its own handling approach.

Inquiry data submitted through the public website (such as contact requests) is handled separately from the MEA Carbon Suite platform environment.
Platform customer data includes organization profiles, user details, activity records, evidence documents, and reporting configurations.
Customer data is processed to enable platform operations, administration, support, and reporting-readiness workflows.
Formal data-processing terms may be included in customer agreements during contracting.

Platform Governance Support

The platform is designed to help organizations maintain data quality, traceability, and controlled promotion of records through governance workflows.

Supporting documentation can be maintained alongside each emission record for review and verification purposes.
Records follow structured review and approval paths with permission-based access controls.
Reporting-ready outputs distinguish between reviewed governed data and working-set calculations.
Data organization reflects operational structure, including organizational boundaries, facilities, assets, and activity records.

Important Information

MEA Carbon Suite does not provide legal, assurance, or formal compliance advice.
External assurance is not included as part of the platform service unless separately arranged.
This page does not claim ISO 27001, SOC 2, or GDPR compliance certifications.
Security and data-processing details are governed by specific customer agreements.
This page describes security and data-handling principles and does not constitute a legally binding data processing agreement.

Learn more about our approach