Privacy Policy
Hiili S.L.
Identification of Processing
Data collection from Hiili's proprietary third-party pixel for estimating CO2 emissions from digital advertising.
Exercise of Rights
You may exercise your rights of access, rectification, erasure, right to restriction of processing, data portability, and to object by contacting us at hello@hiili.org.
GDPR
Hiili is fully compliant with the GDPR and respects the privacy of their employers, customers and providers.
All the personal data collected from them is used for the sole purpose of running the regular operation of the company such as: communication, bills generation, pay slips generation, etc.
Our website
Purpose
Our website aims to inform potential customers and stakeholders about the services offered by Hiili S.L. as well as illustrate the impact that digital marketing may have on direct and indirect carbon emissions out of its activity.
Cookies
We use the following cokies on our website for functionality purposes and to analyze our traffic.

Necessary cookies

The following necessary cookies help make a website usable.
The website cannot function properly without these cookies.
cookie duration description type
CookieConsent 1 year Stores the user's cookie consent state for the current domain HTTP

Marketing cookies

The following marketing cookies are used to track visitors across devices and marketing channels.
cookie duration description type
_ga 2 years Used to send data to Google Analytics about the visitor's device and behavior. Tracks the visitor across devices and marketing channels. HTTP
_ga_# 2 years Used to send data to Google Analytics about the visitor's device and behavior. Tracks the visitor across devices and marketing channels. HTTP
GDPR Compliance
Although we neither collect nor process any personal data our website uses Google Analytics for functionality purposes and to analyze our traffic. Following GDPR requirements we offer the user the possibility of configuring their cookies policies by being able to select: necessary, preferences, statistics, and marketing cookies. We implement an opt-in approach, the most privacy-preserving option, and by default, only necessary cookies are selected. This process allows us to collect the informed consent of the user in case they choose to select the use of another type of cookie beyond the necessary ones.
Carbontag
Purpose
The purpose of this third-party pixel is to collect data from the performance API of JavaScript with the aim of building a model that estimates the amount of CO2 generated in online ads.
Our solution measures the carbon emission and energy consumed by ad impressions.
To this end, we use a script which can be embedded directly inside a regular ad tag.
Upon the rendering process of the ad, the ad from our client calls our domain carbontag.hiili.org to download the ad tag using a specific URL where different parameters are included (e.g., campaign id, ad_id, etc).
These parameters are used for reporting purposes.
Our tag collects several attributes from the browser (none of them including personal data) and sends them to our backend server sitting at server.hiili.org.
Upon receiving these attributes in our backend, our solution uses them to compute the energy consumed by the ad as well as the carbon emissions associated with the ad using our proprietary technology.
Data collection and processing
Our tag collects the following data.
data type purpose
Clicks Estimating the CO2 generated per each click on the ad.
Performance Retrieving duration events, enabling us to compute more accurate CO2 consumption estimations.
performance.getEntries Obtaining a comprehensive dataset that influences CO2 generation estimations.
Navigator Understanding the user's platform helps us report CO2 usage based on the type of device or system being used.
Screen Factoring in the screen size to our estimations.
Size Factoring in the ad format's size contributes to the overall estimation of CO2 emissions.
Parent URL Knowing the webpage where the ad is displayed helps us understand its influence on CO2 generation.
IP prefix Knowing the country where the ad it displayed.
Domains
We use the following Domains to ensure Hiili can provide a reliable service to our clients and end-users.
domain name purpose
carbontag.hiili.org This is the domain from which our script is fetched, whenever an ad containing our Carbontag is loaded.
server.hiili.org This is the end point where the aforementioned data is sent, to be used to compute energy consumptions and resulting carbon emissions.
Data Access
We access the data by inspecting the HTML DOM of the ad, and analyze the requests and responses the ad performs to load the ad's content and track events with third-parties.
Data Storage
The collected information is stored in a secure backend server located at Amazon Web Servers (AWS).
Access to the server is limited to the team working on this project and is protected by user and password credentials.
We want to make it clear that our solution does not engage in any practices that compromise your data privacy.
Specifically, we do not handle any ad targeting, geo-targeting, or buy/sell any data.
We do not collect or use device IDs, employ any methods to track users, or gather information from users across multiple devices.
We also do not gather any personally identifiable information (PII) or utilize PII for any purpose.
Our commitment to your privacy extends to our advertising practices as well, as we do not conduct direct retargeting or contextual targeting.
Furthermore, we do not capture hyperlocal data upon serving the pixel, maintain user profiles or models, use cookies, or access the local storage of the user.
Your trust is important to us, and we take your privacy seriously.
Cookieless
Our Carbontag pixel does not uses cookies nor the local storage to write or read information.
Therefore, it does not manage any personal information linked to cookies or device storage.
GDPR Compliance
We do not collect any personal data.
IAB
We are members of Interesseorganisasjonen for digital markedsføring og kommunikasjon (INMA), the official representative of IAB Europe in Norway.
TCF
We have undergone the IAB Europe's Transparency & Consent Framework verification, and we have been validated and assigned the following TCF Vendor ID: 1247
CarbonAI Web Extension Plugin
Last Updated
02/09/2025
Purpose
Hiili ("we", "our", or "the Company") provides a browser plugin that shows energy consumption of the usage of certain Generative AI services, thus collects certain information related to the use of Large Language Model (LLM) chatbots such as ChatGPT, DeepSeek, and Gemini. This Privacy Policy explains what data we collect, why we collect it, how it is processed, and what rights you have under the General Data Protection Regulation (GDPR).
Information We Collect
When you use our plugin, we collect the following categories of data:
Chats and Metadata
  • Input and output texts processed by LLM chatbots, i.e., your queries and the responses.
  • Model used and the platform serving it (OpenAI, Google, DeepSeek, or similar providers).
  • Date and time of interaction.
  • Token counts and related statistics.
  • Conversation titles.
  • Token speed (tokens per second written by the service).
  • Chat IDs and message IDs assigned by these platforms.

This information is collected to estimate energy consumption associated with LLM usage. It may be used for both commercial and research purposes. We do not share this data with third parties. We do not collect any information such as usernames or emails, therefore we are unable to discover the identity of the user with the provided information. Even if a user includes personal details within a chat, we cannot verify whether such statements are accurate or whether they are made by the actual person described. As a result, this information is not sufficient for us to properly identify an individual user. While identifiability is limited, personal data may still appear in chats provided by the users and is processed accordingly.

Energy Consumption Data
  • Estimated energy usage associated with LLM activity performed through the plugin.
Geolocation (Approximate)
  • Continent, country, region, zip-code derived from IP address.
  • Used only for statistical purposes and to assess real CO2 emissions.
  • We do not store or log the IP address itself.
User Identifier
  • A random UUID is generated when the plugin is installed.
  • Visible in the plugin interface.

We use this User Identifier to avoid storing personal identifying information such as e-mails. This makes us unable to link back to identify individuals. In addition, It is Used to handle GDPR-related requests such as correction, erasure, or access to ensure users’ rights.

Registration Data
  • We record when you install the plugin.
  • Preferred language.
  • User Agent.

We record this information for statistical purposes and are linked to your UUID.

Legal Basis for Processing

We process your data based on:

  • Legitimate Interests: We process data to analyze the energy consumption and environmental impact of LLM usage. This includes both commercial and research purposes, such as studying how chatbot services are used. To achieve these goals, we need access to the complete information described in this policy, since aggregated data alone would not allow us to perform accurate analysis.
  • Consent: Where required by law, particularly regarding plugin installation and data collection.

We consider the limited identifiability, strict access controls, and security measures to ensure that the impact on individual privacy is minimal relative to the purposes of this processing.

How We Use the Data
  • To estimate and analyze energy consumption related to AI usage.
  • To conduct research and improve our commercial offerings, e.g., improving the plugin, creating reports, or developing new services.
  • To assess environmental impact (CO2 emissions).
  • To maintain plugin functionality and user support.
Data Sharing and Processors
  • We do not sell, rent, or share your data with third parties for their own purposes.
  • To operate our services, we use trusted third-party providers (known as “processors” under the GDPR) who process data on our behalf. These providers include: Amazon Web Services (AWS) for secure cloud storage within the European Union.
Data Storage and Security
  • All data is stored securely within our AWS infrastructure in the European Union.
  • Certain plugin-related data is also stored locally in your browser’s IndexedDB. This storage is specific to your Chrome installation and can only be removed by uninstalling the extension. Please note that deleting the extension does not remove data already stored in our backend systems.
  • We apply technical and organizational measures to protect your information against unauthorized access, loss, or misuse.
  • All data and communications with our services are secured in transit using HTTPS. Data stored in our systems is encrypted at rest using Amazon S3 managed keys.
  • AAccess to data stored in our systems is strictly restricted to authorized personnel and is logged through AWS CloudWatch for auditing and security monitoring purposes.
Transparency

The plugin only collects information related to your interactions with LLM chatbots and the associated metadata described above. It does not access, track, or monitor your general browsing history or any other activity outside of the chatbot services. In particular, the plugin does not have the capability to access pages outside of the chatbots that are implemented.

Data Retention

We retain the data for as long as necessary to fulfill the purposes described in this policy and for innovation purposes of Hiili products. This implies at least 6 months later since the last planned innovation has been completed unless a shorter period is required by law or you request deletion under your GDPR rights.

Your GDPR Rights

Under the GDPR, you have the right of access, the right to rectification, the right to erasure, the right to restrict processing, the right to data portability, and the right to object. You can exercise these rights by providing your random user ID displayed in the plugin interface. You can exercise your rights via email provided at the bottom of this privacy policy.

Changes to This Policy

We may update this Privacy Policy from time to time. Any updates will be published with a new "Last Updated" date.

Contact Us

If you have questions or would like to exercise your GDPR rights, please contact us:

Hiili
Email: hello@hiili.org