Privacy Policy

1. Information We Collect

We collect the following information when you use OSHACheck:

• Account information: Email address and password (hashed) provided at signup
• Search data: Company names and states you search, results returned, and timestamps
• Payment information: Billing details processed by Stripe. OSHACheck does not store card numbers or CVVs
• Usage data: Pages visited, search queries, and feature interactions
• Dispute submissions: Email address and reason text submitted via the Flag Record feature

2. How We Use Your Information

We use collected information to:

• Provide, operate, and improve the OSHACheck service
• Process payments and manage subscriptions
• Display your search history in your dashboard
• Send transactional emails (receipts, account notices)
• Detect and prevent fraud or abuse
• Comply with applicable law

3. Data Storage

Your account data, search history, and preferences are stored securely using Supabase, a GDPR-compliant database platform. Data is encrypted at rest and in transit. Supabase’s infrastructure is hosted on AWS.

4. Payment Processing

All payment transactions are processed by Stripe, a PCI-DSS Level 1 certified payment processor. OSHACheck never stores, processes, or transmits full card numbers. Stripe’s privacy policy is available at stripe.com/privacy.

5. Third-Party Services

OSHACheck uses the following third-party services that may process your data:

• Supabase — database and authentication
• Stripe — payment processing
• Apify — OSHA data retrieval
• Anthropic — AI risk summary generation (search result data only; no PII)

6. Data We Do Not Sell

OSHACheck does not sell, rent, or trade your personal information to any third party for marketing purposes. We do not share your search history with employers or companies you search.

7. Data Retention

We retain your account information for as long as your account is active. Search history is retained for 2 years. You may request deletion of your account and associated data by contacting us at privacy@oshacheck.org.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Right to Access: Request a copy of the personal data we hold about you
• Right to Correction: Request correction of inaccurate personal data
• Right to Deletion: Request deletion of your account and associated data
• Right to Portability: Request your data in a portable format
• Right to Opt Out: California residents may opt out of the sale of personal information under CCPA. OSHACheck does not sell personal information

To exercise any of these rights, contact us at privacy@oshacheck.org. We will respond within 30 days.

9. Cookies

OSHACheck uses essential cookies for authentication session management. We do not use tracking or advertising cookies. No third-party ad networks have access to your browsing behavior on OSHACheck.

10. Contact

For privacy-related questions or data requests:

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on the Service. Continued use of the Service after changes take effect constitutes your acceptance of the revised policy.