Privacy Policy

Last updated: February 16, 2026

PeopleSafe Inc. ("PeopleSafe," "we," "us," or "our") is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our safety management platform, including our web application, mobile worker portal, and related services (collectively, the "Service").

1. Information We Collect

1.1 Information You Provide

  • Account information: Name, email address, phone number, company name, and role when you create an account or are added as a team member.
  • Worker profiles: Name, phone number, preferred language (English or Spanish), job title, certifications, and employment details entered by company administrators.
  • Safety data: Incident reports, hazard observations, inspection forms, training quiz responses, OSHA compliance records, and corrective action plans.
  • Communications: SMS messages sent and received through our Twilio-powered messaging system, including quiz links and safety reminders.
  • Digital signatures: Electronic signatures captured for form submissions and training acknowledgments.
  • Photos and documents: Images uploaded for incident documentation, inspection evidence, and safety records.

1.2 Information Collected Automatically

  • GPS location: Location data captured with digital signatures and form submissions to verify where safety activities occur. Location is collected only at the time of submission, not continuously.
  • Device and usage data: Browser type, operating system, IP address, pages visited, and interaction patterns to improve our Service.
  • Error and performance data: Application errors and performance metrics collected via Sentry to maintain service reliability. This may include technical details about errors encountered during use.

1.3 Information from Third Parties

  • Authentication provider (Clerk): When you sign in, we receive your verified identity information from Clerk, our authentication provider.
  • Payment processor (Stripe): We receive subscription status and billing information from Stripe. We do not store full credit card numbers.

2. How We Use Your Information

We use collected information to:

  • Provide, operate, and maintain the safety management platform.
  • Distribute weekly safety training quizzes via SMS in English and Spanish.
  • Generate and maintain OSHA compliance records (Forms 300, 300A, and 301).
  • Track worker certifications and send expiration notifications.
  • Process incident reports and facilitate corrective actions.
  • Provide AI-powered safety intelligence, including risk analysis and training recommendations.
  • Send SMS notifications and reminders related to safety activities.
  • Process payments and manage subscriptions.
  • Monitor and improve platform performance and reliability.
  • Comply with legal obligations, including OSHA recordkeeping requirements.

3. SMS Communications

PeopleSafe sends SMS messages to workers for safety training, quiz delivery, incident alerts, certification reminders, and other safety-related communications. By providing a phone number and consenting to receive messages, you agree to receive these communications.

  • Opt-out: You can opt out of SMS messages at any time by replying STOP to any message from PeopleSafe.
  • Opt back in: To resume receiving messages, reply START to any message or contact your company administrator.
  • Message and data rates may apply. Message frequency varies based on your company's training schedule.
  • We maintain a suppression list to ensure opted-out users do not receive further messages.

4. Data Sharing and Disclosure

4.1 Within Your Organization

Company administrators and safety managers can access worker safety data, quiz results, incident reports, and compliance records for their organization. Data is strictly isolated between companies -- no organization can access another organization's data.

4.2 Service Providers

We share information with third-party service providers who assist in operating our platform:

  • Convex: Real-time database hosting and backend infrastructure.
  • Clerk: Authentication and identity management.
  • Twilio: SMS delivery for training quizzes and safety notifications.
  • Resend: Email delivery for invitations and notifications.
  • Stripe: Payment processing and subscription management.
  • Google Vertex AI: AI-powered quiz generation and safety analysis. Content sent to AI models may include training material but does not include personally identifiable worker information.
  • Sentry: Error monitoring and performance tracking.
  • Vercel: Application hosting and deployment.

4.3 Legal Requirements

We may disclose information when required by law, such as in response to a subpoena, court order, or government request, including OSHA inspection requests. We may also disclose information to protect the rights, property, or safety of PeopleSafe, our users, or others.

5. Data Retention

  • OSHA records: OSHA Forms 300, 300A, and 301 are retained for a minimum of 5 years following the end of the calendar year they cover, as required by OSHA regulation 29 CFR 1904.33.
  • Incident records: Retained for a minimum of 5 years to comply with OSHA requirements and support workplace safety analysis.
  • Training records: Retained for the duration of employment plus 3 years to demonstrate compliance with training requirements.
  • Account data: Retained while your account is active and for a reasonable period thereafter to fulfill legal obligations.
  • Soft-deleted records: Records you delete are soft-deleted and permanently purged after 30 days.
  • SMS logs: Message delivery records are retained for 2 years for compliance and troubleshooting.

6. Data Security

We implement appropriate technical and organizational measures to protect your information:

  • All data is transmitted over encrypted connections (TLS/HTTPS).
  • Multi-tenant data isolation ensures each company's data is strictly separated at the database level.
  • Role-based access controls restrict data access based on user roles and permissions (60 granular permissions across 16 domains).
  • Authentication is managed by Clerk with industry-standard security practices.
  • Webhook endpoints verify signatures to prevent unauthorized access.
  • OSHA privacy cases (such as those involving sensitive medical conditions) are automatically redacted on Form 300 per OSHA guidelines.

7. Cookies and Local Storage

We use cookies and browser local storage for the following purposes:

  • Essential cookies: Authentication session management (Clerk), language preference (NEXT_LOCALE), and theme preference.
  • Performance: Vercel Speed Insights for performance monitoring.
  • Offline storage: IndexedDB is used to store form data locally when you are offline, which syncs automatically when connectivity is restored.

8. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate personal information.
  • Deletion: Request deletion of your personal information, subject to legal retention requirements (such as OSHA recordkeeping).
  • Portability: Request your data in a portable format.
  • Opt-out of SMS: Reply STOP to any SMS message at any time.

Workers should contact their company administrator for data access requests. Company administrators can export data through the PeopleSafe dashboard. For requests directly to PeopleSafe, contact us at privacy@peoplesafe.co.

9. Bilingual Service

PeopleSafe provides its Service in both English and Spanish. Training content, quiz materials, and SMS communications are delivered in the worker's preferred language as configured by their company administrator. This privacy policy is provided in English. If there is a conflict between a translated version and the English version, the English version will prevail.

10. Children's Privacy

PeopleSafe is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child under 18, we will take steps to delete that information.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. For significant changes, we may also notify you via email or through the Service. Your continued use of the Service after changes become effective constitutes acceptance of the revised policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

PeopleSafe Inc.

Email: privacy@peoplesafe.co

Web: peoplesafe.co/contact

See also: Terms of Service