Privacy Policy
Safety Mate® Platform
Safety Assistance Limited
Company Number: 14664242
Last Updated: 1 January 2026
1. Introduction
1.1 About This Policy
This Privacy Policy explains how Safety Assistance Limited ("we", "us", "our", or "Safety Mate®"), a company registered in England and Wales (Company Number: 14664242), with its registered office at 54 St James Street, Liverpool, L1 0AB, United Kingdom, collects, uses, stores, and protects your personal information when you use the Safety Mate® platform ("Platform", "Service", or "Services").
1.2 Our Commitment to Privacy
We are committed to protecting your privacy and ensuring your personal data is processed lawfully, fairly, and transparently in accordance with:
- UK General Data Protection Regulation (UK GDPR)
- Data Protection Act 2018
- Privacy and Electronic Communications Regulations 2003
1.3 Who This Policy Applies To
This Privacy Policy applies to:
- Visitors to our website
- Users of the Safety Mate® mobile application and platform
- Company administrators and authorised users
- Individuals whose information is stored within the platform (e.g., workers, employees)
1.4 Contact Information
2. Information We Collect
2.1 Information You Provide Directly
Account Registration Information:
- Name
- Email address
- Phone number
- Company name
- Job title/role
- Password (encrypted)
- Profile information
Company and Business Information:
- Company details (name, size, industry)
- Worker and employee records (names, roles, contact details, competencies)
- User groups and access permissions
- Organisational structure
Health and Safety Data:
- Incident reports and investigations
- Accident and near-miss records
- Risk assessments
- Audit and inspection records
- Training and competency records
- Equipment and asset information
- Documents, policies, and procedures
- Witness statements and investigation notes
- Pre-use check records
Payment Information:
- Billing name and address
- Payment method details (processed by Stripe - we do not store full card details)
- VAT information
- Transaction history
2.2 Information Collected Automatically
Technical Information:
- IP address
- Browser type and version
- Device type and operating system
- Screen resolution
- Time zone and language settings
- Pages viewed and time spent on pages
Mobile Application Data:
- Device Identifiers: Unique device identifiers (e.g., IDFV on iOS, Android ID) for app functionality and analytics
- Push Notification Tokens: Device tokens to deliver push notifications (if you enable notifications)
- Crash Data: Crash logs, stack traces, and diagnostic information to identify and fix app issues
- App Performance Data: App launch times, screen load times, and performance metrics
- Firebase Analytics: Anonymous usage statistics including screens viewed, features used, and user engagement metrics
- App Version: The version of the app you are using
Usage Information:
- Features used
- Actions performed
- Date and time of access
- Session duration
- Search queries within the platform
- Error logs and performance data
2.3 Information from Third Parties
Authentication Providers: If you sign in using third-party authentication (e.g., Google, Apple), we receive basic profile information as permitted by the provider.
Payment Processors: Stripe provides us with payment status, transaction IDs, and billing information.
AI Service Providers: When you use AI features, anonymised prompts and generated content may be processed by OpenAI.
3. How We Use Your Information
3.1 Legal Basis for Processing
We process your personal data on the following legal bases:
Contract Performance:
- Providing the Service to you
- Managing your account
- Processing payments
- Providing customer support
Legitimate Interests:
- Improving and developing the Service
- Ensuring security and preventing fraud
- Analysing usage to enhance user experience
- Conducting business operations
Legal Obligation:
- Complying with applicable laws and regulations
- Responding to legal requests
- Tax and accounting requirements
Consent:
- Marketing communications (where required)
- Optional features requiring consent
- Cookies and similar technologies
3.2 Purposes of Processing
To Provide the Service:
- Create and manage your account
- Enable access to platform features
- Store and manage your health and safety data
- Generate AI-powered documents and risk assessments
- Provide incident reporting and investigation tools
- Manage audits, inspections, and compliance activities
- Track worker competencies and training
- Send service-related notifications and updates
To Ensure Security:
- Detect and prevent fraud
- Monitor for unauthorised access
- Investigate security incidents
- Protect against malicious activity
- Ensure data integrity
4. Data Sharing and Disclosure
4.1 When We Share Your Information
We share your personal data only in the following circumstances:
Service Providers (Data Processors):
| Provider |
Service |
Location |
Purpose |
| Google Ireland Limited |
Firebase (hosting, database, authentication, storage) |
EEA (London, UK) |
Platform infrastructure |
| Amazon Web Services EMEA SARL |
Email delivery (SES) |
EEA (Ireland) |
Transactional emails |
| Stripe Payments Europe Limited |
Payment processing |
EEA (Ireland) |
Subscription billing |
| OpenAI OpCo, LLC |
AI services |
United States |
Document generation (anonymised data) |
4.2 Third-Party Data Protection Standards
Equal Protection Requirement: All third-party service providers listed above are contractually bound to protect your data to the same standard as this Privacy Policy. We require our processors to:
- Implement appropriate technical and organisational security measures
- Process data only on our documented instructions
- Ensure confidentiality of personnel with access to data
- Assist us in responding to data subject rights requests
- Delete or return data upon termination of services
- Submit to audits and inspections to verify compliance
These requirements are enforced through Data Processing Agreements (DPAs) with all processors.
4.3 What We Don't Do
We do not:
- Sell your personal data to third parties
- Share your data for third-party marketing purposes
- Use your data for purposes incompatible with those disclosed
5. Data Storage and Security
5.1 Where We Store Your Data
Primary Data Location: Your data is stored within the European Economic Area (EEA):
- Firestore Database: Google Cloud Platform, London, UK (europe-west2)
- File Storage: Google Cloud Storage, London, UK (europe-west2)
- Email Services: AWS, Ireland (eu-west-1)
5.2 Security Measures
We implement industry-standard security measures to protect your data:
Encryption:
- In Transit: TLS 1.2 or higher for all data transmissions
- At Rest: AES-256 encryption for all stored data
- Backups: Encrypted backup storage
Access Controls:
- Role-based access control (RBAC)
- Multi-factor authentication capability
- Unique user credentials
- Principle of least privilege
5.3 International Data Transfers
Transfers Outside the EEA: While we store your primary data within the EEA, certain processing activities require transfers to countries outside the EEA, specifically the United States.
OpenAI (United States):
When you use AI-powered features (such as document generation or risk assessment creation), your prompts and context data are transferred to OpenAI's servers in the United States. To protect your data during these transfers, we have implemented the following safeguards:
- Standard Contractual Clauses (SCCs): We have executed EU/UK Standard Contractual Clauses with OpenAI, as approved by the European Commission and UK ICO, ensuring contractual protection for transferred data.
- Data Minimisation: We only send the minimum data necessary for AI processing. Personal identifiers are removed or anonymised where possible.
- Data Processing Agreement: OpenAI is bound by a comprehensive DPA requiring them to protect data to standards equivalent to UK GDPR.
- Encryption: All data transfers use TLS 1.2+ encryption in transit.
- Optional Feature: AI features are entirely optional. You may choose not to use them to avoid any international transfer.
By using AI-powered features, you acknowledge and consent to the transfer of relevant data to the United States under these safeguards.
Other Providers:
Google (Firebase), AWS, and Stripe process data within the EEA (UK and Ireland) and do not transfer your data outside the EEA for our services.
5.4 Data Retention
Active Accounts: We retain your personal data for as long as your account is active and as necessary to provide the Service.
Deleted Accounts:
- You have 30 days to export your data
- After 30 days, we permanently delete your data from our active systems
- Backup copies are deleted in accordance with our backup retention schedule (typically within 90 days)
6. Your Rights and Choices
6.1 Your Data Protection Rights
Under UK GDPR, you have the following rights:
- Right of Access: You can request a copy of the personal data we hold about you.
- Right to Rectification: You can ask us to correct inaccurate or incomplete personal data.
- Right to Erasure ("Right to be Forgotten"): You can request deletion of your personal data in certain circumstances.
- Right to Restriction of Processing: You can request that we limit how we use your personal data.
- Right to Data Portability: You can request a copy of your personal data in a structured, machine-readable format.
- Right to Object: You can object to our processing of your personal data based on legitimate interests or for direct marketing.
- Right to Withdraw Consent: Where processing is based on consent, you can withdraw consent at any time.
6.2 How to Exercise Your Rights
6.3 Account Management
Account Creation:
Accounts are created through the Safety Mate web application (safetymate.app). Company administrators create and manage user accounts for their organisation. The mobile application does not support direct account creation — mobile app users are authorised users added by their company administrator via the web platform.
Your Account Rights:
- Access Your Data: You can access most of your personal data directly through your account settings on the web platform or mobile app.
- Update Your Information: You can update your account information, profile, and preferences at any time through the platform.
- Export Your Data: Company administrators can export company data, documents, and records at any time using the web platform's export features.
Account Deletion:
To request deletion of your account and associated data:
- Company Administrators: Can delete their company account via the web platform settings, or by contacting support@safetymate.co.uk
- Authorised Users: Contact your company administrator to have your user account removed, or email support@safetymate.co.uk directly
- All Users: You may request account deletion at any time by emailing support@safetymate.co.uk with the subject line "Account Deletion Request"
We will process deletion requests within 30 days. After deletion, you have 30 days to request data export before permanent deletion occurs.
7. Children's Privacy
Age Restriction: The Service is not intended for children under 18 years of age.
We do not knowingly collect personal information from children under 18.
If you believe we have inadvertently collected information from a child under 18, please contact us immediately at privacy@safetymate.co.uk so we can delete it.
8. Cookies and Tracking Technologies
8.1 What Are Cookies
Cookies are small text files stored on your device when you visit a website or use an application. They help us provide, protect, and improve the Service.
8.2 Types of Cookies We Use
- Strictly Necessary Cookies: Essential for the operation of the Service (authentication, security, load balancing). These cannot be disabled.
- Functional Cookies: Enable enhanced functionality and personalisation (preferences, language settings).
- Analytics Cookies: Help us understand how visitors use the Service (usage analytics, performance monitoring).
- Performance Cookies: Help us improve Service performance (error reporting, performance metrics).
8.3 Managing Cookies
You can control cookies through your browser or device settings. Most browsers allow you to view, delete, and block cookies.
Important: Disabling certain cookies may affect Service functionality and your ability to use certain features.
9. Artificial Intelligence and Automated Processing
9.1 AI-Powered Features
The Service includes AI-powered features for document generation, risk assessment creation, and content suggestions.
9.2 How AI Processing Works
When you use AI features:
- Your prompts and context are sent to OpenAI
- Company name and industry information may be included
- Personal identifiers are minimised or removed where possible
9.3 No Solely Automated Decisions
We do not make decisions based solely on automated processing that significantly affect you. All AI-generated content is provided as suggestions only and subject to human review and approval.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes, we will:
- Update the "Last Updated" date at the top
- Post the updated policy on our website and app
- Notify you by email or through the platform
- Provide 30 days' notice before material changes take effect
Continued use of the Service after changes take effect constitutes acceptance of the updated Privacy Policy.
11. Contact Us
Complaints to the ICO
If you are not satisfied with our response or believe we are not processing your personal data lawfully, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Information Commissioner's Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Phone: 0303 123 1113
Website: ico.org.uk
Email: casework@ico.org.uk