Privacy Policy

Overview

At SafetyPhoenix, we are committed to protecting your privacy and maintaining the confidentiality of your safety data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our safety management platform.

Information We Collect

Account Information

• Organization Details: Company name, address, industry type, contact information
• User Information: Name, email address, job title, department, role within organization
• Login Credentials: Email/username and encrypted passwords

Safety Data

• OSHA Records: Incident reports, injury logs, compliance documentation
• Inspection Data: Inspection results, findings, photos, corrective actions
• Training Records: Employee certifications, completion dates, test scores
• Chemical Information: Inventory data, Safety Data Sheets, hazard assessments
• Meeting Documentation: Safety meeting notes, attendance records, topics discussed

Usage Information

• Platform Usage: Features accessed, time spent, frequency of use
• Device Information: Browser type, operating system, IP address
• Log Data: Access logs, error reports, performance metrics

How We Use Information

Service Provision

• Provide access to safety management tools and features
• Generate OSHA-compliant reports and documentation
• Enable collaboration between team members
• Process billing and subscription management

Platform Improvement

• Analyze usage patterns to improve user experience
• Identify and fix technical issues
• Develop new features based on user needs
• Ensure platform security and prevent fraud

Communication

• Send service updates and security notifications
• Provide customer support and technical assistance
• Share relevant safety industry news and best practices
• Send billing and subscription information

Information Sharing

We do not sell, trade, or otherwise transfer your personal information or safety data to third parties, except in the following limited circumstances:

Service Providers

• Cloud Hosting: Supabase for secure database hosting
• Payment Processing: Stripe for billing and subscription management
• Email Services: Transactional email providers for notifications

Legal Requirements

• When required by law or legal process
• To protect our rights, property, or safety
• To prevent fraud or illegal activity
• During OSHA inspections or regulatory audits (your own data only)

Data Security

Technical Safeguards

• Encryption: All data encrypted in transit (TLS 1.3) and at rest (AES-256)
• Access Controls: Role-based permissions and multi-factor authentication
• Regular Backups: Automated daily backups with point-in-time recovery
• Security Monitoring: 24/7 monitoring for suspicious activity

Operational Safeguards

• Employee Training: Regular security awareness training for all staff
• Access Management: Principle of least privilege for system access
• Incident Response: Documented procedures for security incidents
• Regular Audits: Quarterly security assessments and vulnerability testing

Data Retention

We retain your information for different periods based on the type of data and legal requirements:

• OSHA Records: Retained per applicable OSHA regulations (typically 5 years)
• Training Records: Retained per industry standards and certification requirements
• Account Information: Duration of active subscription plus reasonable retention period
• Usage Logs: Retained for operational needs and troubleshooting
• Billing Records: Retained per applicable tax and accounting requirements

Your Rights

You have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your information (subject to legal requirements)
• Portability: Export your data in a common, machine-readable format
• Restriction: Limit how we process your information
• Objection: Object to certain types of processing

To exercise these rights, contact us at privacy@safetyphoenix.com. We will respond within 30 days.

Cookies & Tracking Technologies

Essential Cookies

• Authentication and session management
• Security and fraud prevention
• Load balancing and performance

Analytics Cookies

• Usage analytics to improve our service
• Performance monitoring and error tracking
• Feature usage statistics

You can disable cookies through your browser settings, though this may affect platform functionality.

Third-Party Services

We use the following third-party services that may collect information:

• Supabase: Database hosting and authentication services
• Stripe: Payment processing and billing management
• Email Providers: Transactional email delivery

These services are bound by their own privacy policies and data processing agreements that meet our security standards.

Children's Privacy

SafetyPhoenix is designed for workplace safety management and is not intended for use by children under 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected information from a child under 13, we will delete it immediately.

Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of significant changes by email and by posting a notice on our platform. Your continued use of SafetyPhoenix after changes become effective constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us: