Privacy Policy

Last updated: 22 June 2026

This policy explains how SWMSBuilder handles personal information, consistent with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth).

What we collect

• Account & workspace: name, email, company name, ABN, logo, brand colour, role.
• SWMS content: the job, scope, tasks, hazards, controls and people you enter or generate.
• Worker sign-ons: name, role, signature, and a timestamp/IP/version recorded for compliance when a worker signs on via QR.
• Usage & billing: AI generation counts, and payment details handled by Stripe (we do not store card numbers).

How we use it

To provide and operate the Service: generate and store your documents, run compliance checks, process payments, record sign-ons, and improve reliability. We do not sell personal information.

Who we share it with (processors)

• Supabase — database, authentication and file storage.
• Vercel — hosting.
• Stripe — payments.
• AI provider (via Vercel AI Gateway) — to generate the drafts you request; sent only when you use AI generation.
• Resend — transactional email.

These providers process data on our behalf under their own security commitments. Some may store data outside Australia.

Security & retention

Access is protected by authentication and row-level security so each workspace only sees its own data. We keep your data while your account is active and as needed for legal/compliance purposes (e.g. sign-on audit records), then delete or de-identify it.

Your rights

You may access or correct your personal information, request deletion, or raise a privacy concern by emailing hello@swmsbuilder.au. If you are not satisfied, you can contact the Office of the Australian Information Commissioner (OAIC).

Cookies

We use essential cookies for sign-in and security only.