SB553ReadyPrivacy Policy
This policy describes how [OPERATOR ENTITY] ("SB553Ready", "we") collects and handles information when you use the SB553Ready service.
What we collect
- Account data — your email address and authentication credentials.
- Compliance records you enter — organization and worksite details, employee names, roles and training status, incident log entries, hazard assessments, and related notes. You control what goes in these records; enter only what your compliance program requires.
- Billing data — handled by Stripe; we store subscription status and identifiers, never card numbers.
- Operational data — standard logs needed to run and secure the service.
How we use it
To provide the service: storing your records, computing compliance status, sending the reminder emails you sign up for, and processing subscriptions. We do not sell personal information and we do not use your compliance records for advertising.
Service providers
| Provider | Purpose |
|---|---|
| Supabase | Database, authentication, and serverless functions (data stored in the United States) |
| Stripe | Subscription billing and payments |
| Resend | Transactional and reminder email delivery |
| Cloudflare | Application hosting and content delivery |
Retention
Compliance records are retained while your organization's account exists — that is the product's purpose (SB 553 requires, for example, five-year retention of violent incident logs and one-year training records). If you delete your account, we delete your organization's records within 90 days, after giving you the opportunity to export them.
Your rights
You can access and export your records at any time from within the app, including after a subscription lapses. California residents may have rights under the CCPA/CPRA to request access to or deletion of personal information; contact us to exercise them. If your employer entered your information into SB553Ready as part of its compliance program, your employer is the controller of those records — direct requests to them and we will support their fulfillment.
Security
Data is encrypted in transit, access is segregated per organization with database-level row security, and we follow the principle of least privilege for service credentials. No system is perfectly secure; we will notify affected customers of any breach as required by law.
Changes
We may update this policy; material changes get at least 30 days' notice by email or in-app notice.
Contact
Privacy questions: [email protected]