Privacy Policy

Information You Provide

When your company administrator creates your account or when you use the Platform, we collect:

• Account information: Name, email address, and password.
• Company information: Company name and your role within the company (Company Admin, Field Leader, or Field Employee).
• Training records: Attendance records for Effective Toolbox Training (eTT) sessions, including facilitator name, attendees present, knowledge check responses, lessons learned, and hazards and controls discussed.
• Form submissions: Safety inspection reports, observation reports, incident reports, and other safety documentation submitted through the Platform, including any notes, comments, and checklist responses.
• Uploaded content: Photos attached to forms, Safety Data Sheets uploaded to company libraries, and other files uploaded to the Platform.

Information Collected Automatically

When you use the Platform, we automatically collect:

• Device information: Device type, operating system, and browser type.
• Usage data: Pages visited, features used, and timestamps of activity.
• Log data: IP address, access times, and referring URLs.

Information We Do NOT Collect

• We do not collect precise GPS location data (this feature is planned for future release and will require your explicit permission).
• We do not collect biometric data such as fingerprints or facial recognition data. If biometric login is enabled in the future, authentication is handled entirely by your device's operating system — we never receive, store, or process your biometric information.
• We do not collect financial information. Subscription billing is handled by Stripe, a third-party payment processor, and we do not store credit card numbers or bank account details.

We use the information we collect to:

• Provide the Platform: Deliver training content, track attendance, store safety documents, process form submissions, and generate compliance reports.
• Manage accounts: Create and maintain user accounts, authenticate logins, and manage roles and permissions.
• Generate records: Create PDF attendance records, training certificates, and compliance documentation.
• Send communications: Deliver welcome emails, password reset links, training notifications, and platform updates via email.
• Improve the Platform: Analyze usage patterns to fix bugs, improve features, and develop new functionality.
• Ensure security: Monitor for unauthorized access, detect fraud, and protect the integrity of the Platform.

We do NOT use your information to:

• Sell or rent your personal information to third parties.
• Serve advertisements or allow third parties to advertise to you through the Platform.
• Build advertising profiles or track you across other websites or apps.
• Make automated decisions that produce legal or similarly significant effects on you.

Within Your Company

The Platform is designed for companies to manage their safety programs. Your information is shared within your company according to the role-based access system:

• Company Administrators can see training records, form submissions, and compliance data for all employees in their company.
• Field Leaders can see their own submissions and the attendance of crew members they train.
• Field Employees can see their own training history and form submissions.

With Service Providers

We share information with trusted service providers who help us operate the Platform:

These providers are contractually required to protect your data and may only use it to provide services to us.

With Authorities

We may disclose your information if required by law, regulation, legal process, or governmental request, including to meet national security or law enforcement requirements.

We Do NOT Share Your Information With

• Advertisers or advertising networks.
• Data brokers.
• Social media platforms.
• Any third parties for their own marketing purposes.

Where Your Data Is Stored

Your data is stored on servers located in the United States, provided by Supabase (built on Amazon Web Services infrastructure). All data is encrypted in transit (TLS/SSL) and at rest.

Security Measures

We implement the following security measures:

• Encryption: All data transmitted between your device and our servers is encrypted using TLS/SSL.
• Row Level Security: Database-level security ensures that each company can only access their own data. This cannot be bypassed by application code.
• Password protection: Passwords are hashed using industry-standard algorithms. We offer leaked password detection that warns you if your chosen password has appeared in known data breaches.
• Role-based access: Users can only see data appropriate to their role within their company.
• Daily backups: Automated daily database backups with point-in-time recovery.
• Secure authentication: Support for strong passwords and session management.

Data Retention

• Active accounts: Your data is retained for as long as your account is active and your company maintains an active subscription.
• After account deletion: When you delete your account, your personal information is removed from active systems within 30 days. Backup copies may persist for up to 90 days before being overwritten.
• Company data: Training records and compliance documentation are retained for the duration of your company's subscription to support OSHA recordkeeping requirements. Companies may request deletion of all company data by contacting us.
• After subscription cancellation: Company data is retained for 90 days after subscription cancellation to allow for reactivation, after which it is permanently deleted.

Depending on your location, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of inaccurate or incomplete information.
• Deletion: Request deletion of your personal information through the "Delete My Account" feature in the app or by contacting us. Note: Deleting your account removes your personal profile. Training attendance records that have been submitted may be retained as part of your company's compliance records, as required for OSHA documentation.
• Data portability: Request your data in a commonly used, machine-readable format.
• Opt-out of communications: Unsubscribe from non-essential emails using the link in any email we send. Transactional emails (password resets, account notifications) cannot be opted out of while your account is active.

To exercise any of these rights, contact us at privacy@esafetypro.com.

eSAFETY PRO is a workplace safety platform designed for use by adults in professional construction settings. We do not knowingly collect information from anyone under the age of 16. If we learn that we have collected information from a child under 16, we will delete it promptly. If you believe a child has provided us with personal information, please contact us at privacy@esafetypro.com.

California Residents (CCPA/CPRA)

If you are a California resident, you have the right to: know what personal information we collect and how it is used; request deletion of your personal information; opt out of the sale of your personal information (we do not sell personal information); and not be discriminated against for exercising your privacy rights.

To submit a request, contact us at privacy@esafetypro.com. We will verify your identity before processing your request.

Other State Privacy Laws

We comply with applicable state privacy laws including the Virginia Consumer Data Protection Act (VCDPA), Colorado Privacy Act (CPA), Connecticut Data Privacy Act (CTDPA), and other state privacy regulations as they take effect. Residents of these states may exercise their rights by contacting us at privacy@esafetypro.com.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by updating the "Last Updated" date at the top of this policy and, where appropriate, providing additional notice through the Platform or via email.

If you have questions about this Privacy Policy or our data practices, contact us at: