Privacy Policy

Last updated: March 24, 2026

Information We Collect

  • Account information: name, email address, and company name when you sign up.
  • Job Hazard Analysis data: job titles, locations, steps, hazards, and controls you enter while using the platform.
  • Guest JHA data: email address provided when completing a guest JHA (before account creation).
  • Usage data: pages visited, features used, and timestamps — collected automatically to improve the platform.
  • Payment information: processed securely through Stripe — we never store credit card numbers directly.

How We Use Your Information

  • To provide and improve the Kestrel EHS platform.
  • To send you JHA documents you've requested (guest JHA PDF delivery).
  • To communicate important account and service updates.
  • To send product updates and safety tips if you've opted in.
  • To analyze aggregate usage patterns to improve the product (no individual data is shared).

Data Storage and Security

  • Your data is stored securely on Supabase (cloud infrastructure hosted in the United States).
  • All data is encrypted in transit (HTTPS/TLS) and at rest.
  • We use Row Level Security to ensure users can only access their own data.
  • We do not sell, rent, or share your personal information with third parties for marketing purposes.

Third-Party Services

  • Stripe: payment processing (subject to Stripe's privacy policy).
  • Resend: transactional email delivery (subject to Resend's privacy policy).
  • Vercel: application hosting (subject to Vercel's privacy policy).
  • Cloudflare: DNS and security (subject to Cloudflare's privacy policy).

Guest JHA Data

  • Guest JHAs are stored for 30 days and then automatically deleted if no account is created.
  • If you create an account with the same email, your guest JHA data is migrated to your account.
  • We use your email to send you the completed JHA PDF and, if opted in, follow-up communications.

Your Rights

  • You can request a copy of your data at any time by emailing [email protected].
  • You can request deletion of your account and associated data by emailing [email protected].
  • If you opted in to marketing communications, you can unsubscribe at any time.

Cookies

  • We use essential cookies for authentication and session management.
  • We do not use third-party advertising or tracking cookies.

Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes via email or in-app notification.

Contact

For privacy questions: [email protected]