Privacy Policy | ShieldSphere

Introduction

ShieldSphere Safety, LLC, a Georgia limited liability company (“ShieldSphere,” “we,” “our,” or “us”), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered workplace safety policy platform (the “Service”). By using the Service, you agree to the collection and use of information in accordance with this policy.

Information We Collect

Account Information

When you create an account, we collect your name, email address, and authentication credentials.

Company and Safety Information

When you use our policy generation service, we collect information about your company including:

Company name, industry classification, and location(s)
Employee counts and operational details
Workplace hazards, safety concerns, and current controls
Applicable OSHA standards and jurisdictions
Generated policies, training records, inspections, and incident data

Usage Data

We automatically collect certain information when you access the Service, including IP address, browser type, device information, pages visited, and time spent on the platform. We use this data for security, analytics, and service improvement.

Payment Information

Payment details are collected and processed by our payment processor (Stripe). We do not store full credit card numbers on our systems.

How We Use Your Information

We use the information we collect to:

Provide, operate, and maintain the Service
Generate customized safety policies tailored to your workplace
Analyze your company's safety requirements and compliance gaps
Process payments and manage subscriptions
Communicate with you about your account, policies, and our services
Detect, investigate, and prevent fraudulent or unauthorized activity
Comply with legal obligations

Legal Bases for Processing (EEA / UK users)

If you are located in the European Economic Area or United Kingdom, we process your personal data under the following legal bases:

Contract — to provide the Service you have signed up for
Legitimate interests — to secure, improve, and analyze the Service
Legal obligation — to comply with applicable laws
Consent — for optional communications and where otherwise required

AI and Data Processing

The Service uses third-party large language model providers (currently OpenAI) to generate safety policy content from the information you provide. Data submitted to these providers is processed under their enterprise API terms and is not used to train their foundation models. We do not use your data to train proprietary AI models without your explicit consent.

Subprocessors

We use the following third-party service providers (“subprocessors”) to operate the Service. Each is contractually obligated to protect your information and process it only for the purposes we specify.

Provider	Purpose	Data Location
Supabase	Database, authentication, file storage	United States
Vercel	Application hosting and edge delivery	Global (primary: US)
OpenAI	AI-assisted policy content generation	United States
Stripe	Payment processing	United States
Resend	Transactional email delivery	United States
Upstash	Rate limiting and caching	United States
Sentry	Error monitoring (mobile app)	United States

We may update this list from time to time. Material changes will be reflected on this page.

International Data Transfers

Our services and subprocessors are primarily located in the United States. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States. Where required by law, we rely on appropriate safeguards, including Standard Contractual Clauses, for transfers of personal data out of the EEA, UK, or Switzerland.

Data Security

We implement industry-standard security measures to protect your information, including encryption in transit (TLS 1.2+) and at rest, role-based access controls, audit logging, and tenant isolation via row-level security. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

Data Breach Notification

In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify affected users and, where legally required, supervisory authorities without undue delay and within 72 hours of becoming aware of the breach, in accordance with applicable law.

Data Retention

We retain your data as follows:

Account and profile data — for the life of your account plus 90 days after deletion
Generated policies and safety records — for the life of your account, exportable on request
Billing records — retained for 7 years to meet tax and accounting obligations
Audit logs — retained for at least 1 year for security and compliance purposes
Backups — retained per our backup schedule (typically 30 days) before being overwritten

You may request earlier deletion of your account and data by contacting us at matt@shieldspheresafety.com.

Your Rights

Depending on your location, you may have the right to:

Access the personal information we hold about you
Request correction of inaccurate information
Request deletion of your information (“right to be forgotten”)
Object to or restrict processing of your information
Export your data in a portable format
Withdraw consent where processing is based on consent
Lodge a complaint with your local data protection authority

To exercise any of these rights, contact us at matt@shieldspheresafety.com. We will respond within 30 days.

California Privacy Rights (CCPA / CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), including the rights to know, delete, correct, and limit the use of sensitive personal information, and the right not to be discriminated against for exercising these rights. We do not sell or share personal information for cross-context behavioral advertising. To exercise your rights, contact us at matt@shieldspheresafety.com.

Children's Privacy

The Service is not directed to individuals under 16, and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will take steps to delete it.

Cookies and Tracking

We use cookies and similar technologies for authentication, security, and analytics. You can control cookies through your browser settings. Disabling cookies may affect functionality of the Service.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the “Last updated” date, and where appropriate by email.

Contact Us

If you have questions about this Privacy Policy or our data practices, or to exercise your rights, please contact us at matt@shieldspheresafety.com.