Trust Center: Data Security & GDPR Compliance

Last updated: 14 April 2026

At ExecutESG Oy, safeguarding your corporate data and personal information is our highest operational priority. As a B2B enterprise software provider serving the European Union, we recognize that our clients require rigorous assurances regarding data sovereignty, privacy, and regulatory compliance.

This Trust Center outlines our technical architecture and policies designed specifically to exceed the standards set forth by the General Data Protection Regulation (GDPR).

1. EU Data Sovereignty & Hosting Architecture

100% of our production software stack—including web instances, message queues, and primary databases—operates securely within the European Union.

  • Server Locations: Helsinki (Finland) and Falkenstein (Germany).
  • No Non-EU Transfer: Core operational data, SQL block volumes, and encrypted backups never leave EU borders, ensuring strict compliance with Data Localization requirements.

2. Right to Erasure & Right to Be Forgotten

ExecutESG facilitates Data Subject Access Requests (DSARs) rapidly and comprehensively. When a verified Right to Erasure request is processed:

  • Our proprietary backend anonymization command irrevocably scrubs personal identifiers (PII), hashes, and precise billing footprints.
  • Referential integrity holds—your generated reports remain structurally intact for your company administration, completely completely decoupled from your identity.

3. Data Portability

In accordance with GDPR Article 20, you retain full ownership and mobility of your data.

  • Self-Service Export: A dedicated "Export My Data" function is available directly from your Profile settings.
  • Machine-Readable Format: Your export is generated instantly as a structured JSON file containing your active subscriptions, corporate profile links, and reporting history.

4. Strict Cookie & Analytics Consent

We respect your digital footprint from the moment you access our platform.

  • No Implicit Tracking: Analytics packages (such as Google Analytics) are completely firewalled from our application until explicit, active "Accept All" consent is provided.
  • Essential Only Default: If you select "Essential Only", no marketing cookies, cross-site trackers, or external behavioral scripts will execute on your browser.

5. Zero-Retention Sub-Processors & AI Integration

As an AI-enhanced ESG platform, we leverage cutting-edge language models (OpenAI, DeepSeek) to assist with complex taxonomy mapping. To protect client confidentiality:

  • Zero Data Training: Our commercial Data Processing Agreements with AI sub-processors legally prohibit them from retaining your data or using any of your inputs to train their models.
  • Ephemeral Processing: Prompts are processed strictly over encrypted API channels and discarded immediately upon generation.

6. Enterprise-Grade Encryption

Security spans our entire network perimeter.

  • In Transit: Application traffic is exclusively enforced over state-of-the-art TLS/HTTPS. Connections attempting plain HTTP are aggressively rejected at the edge layer.
  • At Rest: Underlying production drives, backup storage buckets, and password storage (Argon2 / Bcrypt) are heavily encrypted to prevent offline exploitation.

7. Contact the Privacy Team

If you require a formal Data Processing Agreement (DPA) execution, or need to issue a DSAR request to our privacy office, we are here to help.

Please reach out to our team at admin@executesg.com. We commit to responding to all data inquiries within the statutory 30-day requirement.

🍪 Your Privacy Options

We use strictly necessary cookies to keep you signed in and protect your session. With your explicit consent, we also use analytics cookies (Google Analytics GA4) to improve our service. You can choose to accept all cookies or only allow essential ones. Read our Privacy Policy.