Privacy Policy

FieldFirst Safety Inc. ("FieldFirst Safety", "we", "our", or "us") operates the FieldFirst Safety platform, including the website at fieldfirstsafety.ca and all associated mobile and web applications (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Service.

By accessing or using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please discontinue use of the Service.

1. Information We Collect

Account information

When you create an account or sign in via a third-party provider (Microsoft or Google), we receive your name, email address, and profile photo (if provided by your identity provider). We use this information to create and maintain your account.

Company and organizational data

We collect your organization's email domain to associate you with your employer's account on FieldFirst Safety. Administrators may also provide employee names, positions, and departmental structure.

Field Level Hazard Assessment (FLHA) data

We store the content of FLHAs you create or participate in, including job details, hazard identifications, controls, crew member sign-offs, and supervisor comments. This data is associated with your account and your employer's organization.

Usage data

We automatically collect information such as browser type, device type, IP address, pages visited, and timestamps of actions taken within the Service. This data is used to improve performance, diagnose issues, and understand usage patterns.

Payment information

Payment processing is handled by Stripe. We do not store credit card numbers or full payment details on our servers. We retain billing-related information such as subscription status, plan tier, and invoices.

2. How We Use Your Information

• To provide, maintain, and improve the Service
• To authenticate your identity and manage your account
• To associate you with your employer's organization on the platform
• To enable real-time collaboration on FLHAs with your crew
• To send transactional emails (account invitations, billing receipts, sign-off confirmations)
• To enforce our Terms of Service and prevent misuse
• To comply with legal obligations

We do not sell your personal information to third parties. We do not use your FLHA content for advertising or training AI models.

3. How We Share Your Information

We share your information only in the following circumstances:

Within your organization

Administrators and editors within your company account can view FLHAs, crew assignments, and compliance data for their organization. Your name and sign-off status are visible to other crew members on shared FLHAs.

Service providers

We use the following third-party services to operate the platform:

• Supabase — database hosting and authentication
• Vercel — application hosting and content delivery
• Stripe — payment processing
• Resend — transactional email delivery
• Cloudflare — DNS and DDoS protection

Each of these providers processes data only as necessary to provide their services to us, and under contractual obligations consistent with this Privacy Policy.

Legal requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court order or government agency request).

4. Data Retention

We retain your account information and FLHA data for as long as your account remains active or as needed to provide the Service. If you request account deletion, we will remove your personal information within 30 days, except where retention is required by law or for legitimate business purposes (such as resolving disputes or maintaining audit records).

FLHA records may be retained by your organization's administrator independently of your personal account. Contact your organization's administrator regarding their data retention policies.

5. Data Security

We implement industry-standard security measures to protect your information, including:

• Encryption in transit (TLS/HTTPS for all communications)
• Encryption at rest for database content
• Authentication via trusted identity providers (Microsoft, Google) with their native multi-factor authentication
• Role-based access controls limiting data access to authorized users
• Row-level security enforced at the database layer

No method of transmission or storage is 100% secure. In the event of a data breach that affects your personal information, we will notify you as required by applicable law.

6. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access — request a copy of the personal information we hold about you
• Correction — request correction of inaccurate personal information
• Deletion — request deletion of your personal information
• Portability — receive your data in a structured, machine-readable format
• Objection — object to certain processing of your personal information

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

7. Cookies and Tracking

We use essential cookies to maintain your authenticated session and remember device trust preferences. We also use analytics tools (Vercel Analytics) to understand aggregate usage patterns. We do not use advertising cookies or cross-site tracking.

8. Children's Privacy

The Service is intended for use by adults in professional workplace settings. We do not knowingly collect personal information from individuals under the age of 16. If you believe we have inadvertently collected such information, please contact us immediately.

9. International Data Transfers

Your information may be stored and processed in Canada, the United States, or other countries where our service providers operate. By using the Service, you consent to the transfer of your information to these jurisdictions, which may have different data protection laws than your country of residence.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a new effective date and, where appropriate, by email. Your continued use of the Service after changes are posted constitutes acceptance of the revised policy.

11. Contact Us

If you have questions about this Privacy Policy or how we handle your personal information, please contact: