Privacy Policy

SafeOpsHub LLC ("SafeOpsHub," "Company," "we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, store, and protect information when you access or use the SafeOpsHub platform, including all associated websites, applications, services, and features (collectively, the "Service").

By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your information as described herein. If you do not agree with this Privacy Policy, please do not use the Service.

This Privacy Policy should be read in conjunction with our Terms of Service.

1. Information We Collect

1.1 Information You Provide Directly

We collect information that you voluntarily provide when using the Service, including:

• Account Information: Name, email address, and authentication credentials when you create an account.
• Organization Information: Company name, organization details, and site/location information you configure within the Service.
• Safety Data Sheets: SDS documents (PDF files) that you upload to the Service for management and storage.
• Contact Information: Name, email, phone number, and message content when you submit a contact form or support request.
• Payment Information: Billing details provided during subscription checkout. Payment card information is processed directly by Stripe, Inc. and is never stored on SafeOpsHub servers.
• User-Generated Content: Any other data, notes, labels, or configurations you create within the Service.

1.2 Information Collected Automatically

When you access the Service, we automatically collect certain technical information, including:

• Device Information: Browser type, operating system, device type, and screen resolution.
• Log Data: IP address, access times, pages viewed, referring URL, and actions taken within the Service.
• Usage Data: Feature usage patterns, search queries, document access history, and interaction data to help us improve the Service.
• Cookies and Similar Technologies: Session cookies for authentication and preferences. See Section 7 for details.

1.3 Information from AI Processing

When you use AI-powered features (such as SDS data extraction, label generation, or risk assessment), the content of your uploaded SDS documents is processed by artificial intelligence systems. This processing generates structured data including chemical identifiers, hazard classifications, ingredient lists, safety precautions, and other information derived from your documents. This extracted data is stored within your account and is associated with the original SDS document.

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 Service Delivery

• To provide, maintain, and operate the Service and its features.
• To process and store your SDS documents and related safety data.
• To perform AI-powered data extraction, label generation, and risk assessment.
• To manage your account, organization, and subscription.
• To process payments and manage billing through our payment processor.
• To generate QR codes and provide document access to your authorized users.

2.2 Communication

• To respond to your inquiries, support requests, and feedback.
• To send transactional emails related to your account and subscription (e.g., payment confirmations, password resets).
• To send service-related announcements (e.g., maintenance notices, security alerts, feature updates).

2.3 Improvement and Analytics

• To analyze usage patterns and improve the Service's features, performance, and user experience.
• To monitor and prevent fraud, abuse, and security threats.
• To develop new features and services based on aggregated, anonymized usage data.

2.4 Legal Compliance

• To comply with applicable laws, regulations, legal processes, or governmental requests.
• To enforce our Terms of Service and protect our rights, property, and safety.

3. How We Share Your Information

SafeOpsHub does not sell, rent, or trade your personal information to third parties. We may share your information only in the following limited circumstances:

3.1 Service Providers

We engage trusted third-party service providers who perform services on our behalf, subject to contractual obligations to protect your data. These include:

3.2 Within Your Organization

Information you store in the Service (SDS documents, labels, site data) is accessible to other Authorized Users within your Organization, as configured by your Organization's administrator.

3.3 Legal Requirements

We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or if we believe in good faith that disclosure is necessary to: (a) comply with a legal obligation; (b) protect and defend the rights or property of SafeOpsHub; (c) prevent fraud or address security issues; or (d) protect the personal safety of users or the public.

3.4 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.

4. Data Storage and Security

4.1 Storage Location. Your data is stored on cloud infrastructure provided by Amazon Web Services (AWS) and TiDB, with servers located in the United States. By using the Service, you consent to the storage and processing of your data in the United States.

4.2 Security Measures. We implement industry-standard administrative, technical, and physical security measures to protect your data, including: encrypted data transmission (TLS/SSL), secure authentication mechanisms, access controls and role-based permissions, regular security monitoring and logging, and secure cloud infrastructure with redundancy.

4.3 No Absolute Security. While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee the absolute security of your data. You acknowledge and accept this inherent risk when using the Service.

4.4 Breach Notification. In the event of a data breach that affects your personal information, we will notify you in accordance with applicable law, typically within 72 hours of becoming aware of the breach.

5. Data Retention

5.1 Active Accounts. We retain your data for as long as your account is active and as needed to provide the Service.

5.2 After Termination. When your account is terminated or cancelled, we retain your data for 30 days to allow for data export. After this period, your data may be permanently deleted from our systems, including backups, within a reasonable timeframe.

5.3 Legal Obligations. We may retain certain information for longer periods as required by applicable law, regulation, or legal proceedings, or as necessary to enforce our Terms of Service.

5.4 Aggregated Data. We may retain anonymized, aggregated data that does not identify any individual for analytical and improvement purposes indefinitely.

6. Your Rights and Choices

6.1 General Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of inaccurate or incomplete personal information.
• Deletion: Request deletion of your personal information, subject to legal retention requirements.
• Data Portability: Request a copy of your data in a structured, machine-readable format.
• Restriction: Request restriction of processing of your personal information in certain circumstances.
• Objection: Object to the processing of your personal information for certain purposes.
• Withdrawal of Consent: Withdraw your consent to data processing at any time, where processing is based on consent.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days, or as required by applicable law.

6.2 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including:

• Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes for collection, and the categories of third parties with whom we share your information.
• Right to Delete: You may request that we delete your personal information, subject to certain exceptions.
• Right to Opt-Out of Sale: SafeOpsHub does not sell personal information. If this practice changes, we will provide a "Do Not Sell My Personal Information" link.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

6.3 European Economic Area Residents (GDPR)

If you are located in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR). Our legal bases for processing your personal data include: (a) performance of a contract (providing the Service); (b) legitimate interests (improving the Service, preventing fraud); and (c) your consent (where applicable). You may exercise your GDPR rights by contacting us at the email address above. You also have the right to lodge a complaint with your local data protection authority.

6.4 International Data Transfers

If you are located outside the United States, your information will be transferred to and processed in the United States. By using the Service, you consent to this transfer. We take appropriate safeguards to ensure that your personal information is protected in accordance with this Privacy Policy and applicable law.

7. Cookies and Tracking Technologies

7.1 Essential Cookies. We use essential cookies that are strictly necessary for the operation of the Service, including session cookies for authentication and security. These cookies cannot be disabled.

7.2 Analytics. We may use analytics tools to collect anonymized usage data to help us understand how the Service is used and to improve its performance and features.

7.3 No Third-Party Advertising. SafeOpsHub does not use third-party advertising cookies or tracking technologies. We do not serve ads or share your data with advertising networks.

7.4 Browser Settings. Most web browsers allow you to manage cookie preferences through browser settings. However, disabling essential cookies may prevent you from using certain features of the Service.

8. Children's Privacy

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly. If you believe a child under 18 has provided us with personal information, please contact us at [email protected].

9. Third-Party Links and Services

The Service may contain links to third-party websites or services that are not owned or controlled by SafeOpsHub. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access through the Service.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated Privacy Policy on the Service and updating the "Last Updated" date at the top of this page. For significant changes, we may also provide additional notice via email. Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the updated policy.

11. Do Not Track Signals

Some web browsers transmit "Do Not Track" (DNT) signals. Because there is no universally accepted standard for how to respond to DNT signals, the Service does not currently respond to DNT signals. However, as noted above, we do not use third-party advertising trackers.