Privacy Policy for SafetySnap
Last Updated: December 24, 2025
Effective Date: December 24, 2025
Introduction
SafetySnap (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and services.
By using SafetySnap, you agree to the collection and use of information in accordance with this policy.
- Email address - Used for account creation, authentication, and report notifications
- Display name - Used for report attribution and crew identification
- User ID - Automatically generated Firebase authentication identifier
- Crew code - Used to organize users into teams and route reports
2. Audio Recordings
- Voice recordings - Captured when you create safety reports using the voice recording feature
- Purpose: To generate safety report transcripts and structured data
- Processing: Audio files are processed in-memory and sent to OpenAI Whisper API for transcription
- Storage: Audio files are NOT stored permanently. Only the resulting transcript is retained.
3. Report Data
- Transcripts - Text transcriptions of your voice recordings, generated by OpenAI Whisper
- Structured report fields - Location, hazard type, severity, descriptions, recommendations (generated by AI from your recordings)
- Metadata - Report type, timestamp, user attribution
- Purpose: To create, store, and deliver safety reports to appropriate personnel
4. Images (Optional)
- Photos - When using the vision analysis feature, images are sent to OpenAI Vision API
- Purpose: To identify safety hazards, inspect tools, or assess job progress
- Storage: Images are NOT stored permanently. Only the analysis results are retained.
5. Usage Data
- Rate limiting data - Request counts and reset timestamps stored in Firestore
- Authentication tokens - Firebase ID tokens for API authentication
- IP addresses - Temporarily logged for rate limiting and security monitoring
We use the collected information for the following purposes:
- Provide core functionality - Enable voice-to-text safety reporting
- AI processing - Analyze audio and images to generate structured safety reports
- Report delivery - Email reports to designated safety personnel and administrators
- Access control - Authenticate users and enforce crew-based permissions
- Rate limiting - Prevent abuse and manage API usage based on subscription tier
- Security - Monitor for suspicious activity and prevent unauthorized access
- Service improvement - Analyze usage patterns to improve app functionality
Third-Party Data Sharing
We share your data with the following third-party service providers:
OpenAI (https://openai.com)
- Data Shared: Audio recordings (temporary), images (temporary), transcripts
- Purpose: Speech-to-text transcription (Whisper API), report analysis (GPT-4), image analysis (Vision API)
- OpenAI’s Privacy Policy: https://openai.com/privacy
- Data Processing Agreement: OpenAI processes data according to their API terms
- Retention: Audio/images are processed in real-time and not stored by OpenAI beyond processing duration
Firebase / Google Cloud (https://firebase.google.com)
- Data Shared: Email, user ID, crew codes, report data, usage metrics
- Purpose: Authentication, database storage, hosting
- Google Privacy Policy: https://policies.google.com/privacy
- Data Location: United States (configurable via Firebase project settings)
SMTP Email Service Provider
- Data Shared: Report content (transcripts, analysis, metadata), recipient email addresses
- Purpose: Deliver safety report notifications via email with PDF attachments
- Transport Security: All emails sent via TLS-encrypted connections
- Note: Email contents are transmitted to recipient inboxes and subject to recipient email provider policies
Firebase Admin SDK
- Data Shared: User authentication tokens, rate limit data
- Purpose: Server-side authentication verification and rate limit enforcement
- Infrastructure: Runs on Netlify Functions (serverless)
Data Retention
- Account data: Retained while your account is active. Deleted within 30 days of account deletion request.
- Reports: Retained indefinitely for compliance and record-keeping unless you request deletion.
- Transcripts: Stored in Firestore as part of report records.
- Audio/Images: NOT stored. Processed in real-time and discarded immediately after analysis.
- Rate limit data: Reset daily at UTC midnight; historical data deleted after 90 days.
- Server logs: Security and error logs retained for 30 days, then automatically deleted.
Data Security
We implement industry-standard security measures to protect your data:
Technical Safeguards
- Encryption in transit: All data transmitted via HTTPS/TLS encryption
- Encryption at rest: Firestore data encrypted by Google Cloud Platform
- Authentication: Firebase Authentication with ID token verification
- Authorization: Role-based access control and crew-based data isolation
- Rate limiting: Per-user and per-IP rate limits to prevent abuse
- Fail-closed security: System blocks requests when security checks fail
- Firestore security rules: Server-side enforcement of least-privilege access
Access Controls
- Users can only access their own data and data from their crew (shared crew code)
- Admins have elevated permissions for crew management
- API endpoints require valid Firebase authentication tokens
- Protected fields (rate limits, subscription plans, roles) cannot be modified by clients
Network Security
- Cleartext HTTP traffic disabled (HTTPS-only enforcement)
- Network security configuration prevents unencrypted connections
- Firebase SDK enforces secure connections
Your Rights
You have the following rights regarding your personal data:
Access
- View your profile and all reports you’ve created via the app
Correction
- Update your display name and profile information in app settings
Deletion
- Request account deletion by contacting us at safetysnapos@gmail.com
- Upon deletion, we will remove your account data and anonymize your reports within 30 days
- Note: Reports may be retained in anonymized form for compliance purposes
Export
- Request a copy of your data by contacting us at safetysnapos@gmail.com
- We will provide your data in JSON format within 30 days
Opt-Out
- You cannot opt out of data processing required for core app functionality
- You can choose not to use optional features (e.g., vision analysis)
- You can delete your account at any time to stop all data collection
Children’s Privacy
SafetySnap is not intended for use by children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.
International Data Transfers
Your data may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have different data protection laws. By using SafetySnap, you consent to the transfer of your data to these countries.
Firebase and OpenAI operate globally, and your data may be processed in:
- United States (primary infrastructure)
- European Union (if configured in Firebase)
- Other regions where Google Cloud Platform and OpenAI operate
California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act:
- Right to Know: Request disclosure of data collected, sources, purposes, and third parties
- Right to Delete: Request deletion of your personal information (subject to exceptions)
- Right to Opt-Out: Opt out of “sale” of personal information (Note: We do NOT sell your data)
- Right to Non-Discrimination: We will not discriminate against you for exercising your rights
To exercise these rights, contact us at safetysnapos@gmail.com
European Privacy Rights (GDPR)
If you are located in the European Economic Area (EEA), you have rights under the General Data Protection Regulation:
- Legal Basis for Processing: Consent, contract performance, legitimate interests
- Data Controller: [YOUR COMPANY NAME AND ADDRESS]
- Data Protection Officer: [DPO CONTACT IF REQUIRED]
- Right to Withdraw Consent: Contact us to withdraw consent at any time
- Right to Lodge a Complaint: You may file a complaint with your local data protection authority
Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Updating the “Last Updated” date at the top of this policy
- Posting a notice in the app
- Sending an email notification (for significant changes)
Your continued use of SafetySnap after changes become effective constitutes acceptance of the updated policy.
Data Breach Notification
In the event of a data breach that affects your personal information, we will:
- Notify affected users within 72 hours of discovering the breach
- Provide details about what data was compromised
- Explain steps we’re taking to address the breach
- Advise you on steps to protect yourself
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Email: safetysnapos@gmail.com
Mailing Address:
SafetySnapOS
620 B Route 595
Temperance Vale, NB
E6G2J4
Canada
Response Time: We aim to respond to all privacy inquiries within 5 business days.
Consent
By using SafetySnap, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your information as described herein.
For EU/EEA Users: By clicking “Accept” during account creation, you provide explicit consent to process your personal data as described in this policy.
Data Processing Summary (Quick Reference)
| Data Type |
Collected |
Stored |
Shared |
Purpose |
| Email |
✓ |
Firestore |
No |
Authentication, notifications |
| Display Name |
✓ |
Firestore |
Via email reports |
User identification |
| Audio Recordings |
✓ |
No (temporary) |
OpenAI (processing) |
Speech-to-text |
| Transcripts |
✓ (generated) |
Firestore |
Via email reports |
Report content |
| Images |
✓ (optional) |
No (temporary) |
OpenAI (processing) |
Hazard analysis |
| Report Data |
✓ (generated) |
Firestore |
Via email |
Safety documentation |
| Crew Code |
✓ |
Firestore |
Via email reports |
Team organization |
| IP Address |
✓ (temporary) |
Server logs (30 days) |
No |
Rate limiting, security |
| Rate Limit Data |
✓ (auto) |
Firestore |
No |
Abuse prevention |
Version: 1.0
Effective: December 24, 2025
Next Review: June 24, 2026