Privacy Policy
Effective Date: June 12, 2026
1. Introduction
OSHA Made Easy ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the OSHA Made Easy Student Access platform ("Platform"). This policy applies to all users including students, instructors, and administrators.
2. Information We Collect
We collect the following categories of personal information: Account Information: Name, email address, role (student/instructor/admin), account creation date, and Terms of Service agreement timestamp. Authentication Data: Security question text and hashed answers (stored as SHA-256 hashes — your original answers are never stored in plain text). Authentication tokens managed by Supabase Auth. Training Activity: Time-on-platform (tracked as session duration in seconds), module progress, quiz responses and scores, attendance records from instructor-led sessions. User-Generated Content: Personal notes you add to course sections. Communications: Messages sent to instructors or administrators through the Platform's messaging system. Device and Usage Data: Browser push notification subscription data (if you opt in), and general usage patterns for platform improvement.
3. How We Use Your Information
We use collected information to: deliver OSHA training content and track completion for certification purposes; communicate with you about your enrollment, class schedule, and course progress; generate certificates of completion; comply with OSHA training documentation requirements; and improve the Platform.
4. Transactional Email
We use Google Workspace SMTP to send transactional emails, including login magic links, enrollment confirmations, class schedules, and certificates. By creating an account, you consent to receiving these communications. Your email address is not used for marketing without your separate consent.
5. Data Storage and Security
Your data is stored on Supabase (PostgreSQL hosted on AWS). All data is encrypted in transit (TLS 1.2+) and at rest. Row-level security policies ensure users can only access their own data. We implement reasonable technical and organizational safeguards to protect your information.
6. Third-Party Services
We use the following third-party services: Supabase (authentication and database hosting); Google Workspace (transactional email); Google Analytics (anonymized usage analytics, if enabled). We do not sell your personal data to third parties.
7. Offline Data
When you use the Platform offline, time-tracking data is temporarily stored in your browser's local storage. This data is automatically synchronized to our servers when you reconnect to the internet.
8. Data Retention
Account and training records are retained for the duration of your enrollment and for a period thereafter as required by applicable law and OSHA documentation requirements. You may request deletion of your account and associated data by contacting your administrator; however, records required for OSHA compliance documentation may be retained for the legally required retention period.
9. Your Rights
Depending on your jurisdiction, you may have rights to: access your personal data; correct inaccurate information; request deletion of your data (subject to legal retention requirements); object to or restrict processing; and data portability. To exercise these rights, contact your platform administrator or instructor.
10. Children's Privacy
The Platform is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from minors.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify registered users of material changes by email. Continued use of the Platform after changes are posted constitutes acceptance of the revised Policy.
For privacy questions or data requests, contact your instructor or platform administrator. Final legal review of this document is the operator's responsibility.