This Privacy Policy explains how [INSERT NAME] ("[INSERT NAME]", "we", "us" and "our") collects, uses, stores, shares, and protects your personal data. [INSERT NAME] is operated by [LEGAL ENTITY]. [INSERT NAME] is a free tool that uses AI to draft workplace safety documents (such as a Job Hazard Analysis, SWMS, SSSP or RAMS) from a short description, photo, or voice note, and then routes the finished document to Lumin for electronic signing. This Privacy Policy covers the [INSERT NAME] website and service (the "Service"); the separate signing step performed by Lumin is governed by Lumin's own Privacy Policy, as explained in Section 6.
Overview
We have written this policy to describe what [INSERT NAME] actually does, rather than to list every kind of processing a large platform might perform. [INSERT NAME] does not charge fees, does not show advertising, does not sell personal data, and does not build advertising or marketing profiles about you.
Much of [INSERT NAME] works without an account: you can describe a job, attach a photo, or record a voice note and generate a draft document without signing in. You only sign in with your Lumin account when you choose to send a document for signing. The data we collect differs between these two stages, and we describe both below.
If you have any questions about this Privacy Policy or the personal data we hold, contact us through our contact page.
1. The Data We Collect
1.1. Generation inputs (no account required). When you ask [INSERT NAME] to generate or edit a document, we process the inputs you provide for that request: the job description or instructions you type, any images or PDF pages you attach, and any voice note you record. These inputs may contain personal data if you choose to include it (for example, a worker or contractor name, a site address, or a site contact). We ask you not to include sensitive personal data that is not needed to produce the document.
1.2. How generation inputs are handled. Generation inputs are sent to our AI provider (OpenRouter, which routes the request to an underlying large-language-model provider) solely to produce your document, and to our speech-to-text provider (also via OpenRouter) to transcribe a voice note into text. [INSERT NAME] does not store your raw generation inputs on its own servers: attachments are downscaled to images in your browser and passed through for that single request, and recorded audio is transcribed and then discarded. See Section 6 for the providers involved.
1.3. Account identity (when you sign in with Lumin). When you sign in to send a document for signing, you authenticate through Lumin using OAuth. We receive from Lumin a stable account identifier, your email address, and your display name. We use these to identify you, to attribute documents you send, and to create the signature request on your own Lumin account on your behalf. Lumin access and refresh tokens are held only to make signing calls on your behalf and are stored in an encrypted session.
1.4. Documents you send for signing. When you send a document for signing, we store a record of that document so we can show you a dashboard of its signing progress. This record (held in our database) includes: a reference to the Lumin signature request, your Lumin account identifier and email as the owner, the document title, jurisdiction, and type, the signing status and type, and the relevant timestamps (created, sent, completed, and expiry). It also includes a snapshot of the document content you sent, which may contain the personal data you placed in the document.
1.5. Signer details. For each person you add as a signer, we store their name, email address, signing role and order, their signing status, and the time they signed. Signers are typically third parties (for example a supervisor or contractor) whom you, as the document owner, choose to add. If you add another person as a signer, you are responsible for ensuring you may share their details with us and with Lumin for this purpose.
1.6. Messages you send us. If you use our contact form, we collect your name, email address, and message so we can review and respond. When product analytics has been initialized on your device, your browser may also create a support conversation in our PostHog inbox as part of submitting the form. We apply basic, short-lived rate limiting using your IP address to prevent spam; this is held only briefly in memory and is not stored as a durable record.
1.7. Technical and usage data. Like most websites, our hosting provider processes standard request information (such as IP address and basic request metadata) to deliver and secure the Service. We may use an approximate country signal derived from your connection to pre-select the most relevant document type for your region; this signal is used at request time and is not stored by [INSERT NAME] against your identity.
1.8. Cookies. We use cookies and similar local storage that are needed to operate the Service, including a session cookie when you are signed in and a first-party preference flag that records your cookie-consent choice. We do not use advertising or cross-site tracking cookies.
1.9. Analytics and your consent. We use PostHog, a product-analytics tool, to understand how the Service is used and to measure how often documents are generated and sent for signing, so we can improve the product. Analytics scripts and cookies do not load and no analytics data is sent until you have given consent. You give consent either by accepting our cookie banner or by signing in to send a document for signing. Until then, the Service runs without analytics. When you are signed in, we identify your analytics activity by your Lumin account identifier, not your email address, and you can be un-identified again when you sign out. We do not currently provide an in-product preference center to withdraw analytics consent after sign-in; contact us if you need help with a consent-related request. PostHog processes this data on our behalf (in the United States); see Section 6. Separately, when a document you sent is completed, we record that completion as a business metric on our servers as part of operating the Service and measuring signing volume; this server-side record is not set through a cookie.
2. How We Use Your Data
2.1. To provide the Service. We use your generation inputs to produce and edit the document you requested, your Lumin identity to authenticate you and create signature requests on your behalf, and your document and signer records to display your signing dashboard and progress.
2.2. To communicate with you. We use your contact details to respond to enquiries you send us. We do not send marketing emails.
2.3. To understand and improve usage. With your consent, we use product analytics to understand how the Service is used and to measure the path from generating a document to it being signed, so we can improve the product.
2.4. To secure and maintain the Service. We use technical data to operate, debug, protect, and improve the reliability and security of the Service, and to prevent abuse.
2.5. To comply with law. We may use or disclose data where reasonably necessary to comply with applicable law, respond to lawful requests, or protect the rights, property, or safety of [INSERT NAME], our users, or the public.
2.6. Legal bases. Where data-protection law requires a legal basis, we rely on performance of our service to you, our legitimate interests in operating and securing the Service, your consent where applicable (including for analytics cookies), and compliance with legal obligations.
2.7. Aggregated and de-identified data. We may create and use aggregated or de-identified data that does not identify you (for example, overall counts and funnel metrics) for any lawful purpose, including to analyze and improve the Service. We do not attempt to re-identify such data.
3. AI Generation and Your Inputs
3.1. [INSERT NAME] is an AI tool. The text, images, and transcribed voice notes you submit are processed by AI models (via OpenRouter) to generate a structured safety document. We instruct the model to base the document only on what you provide and not to invent site-specific facts, but AI output is a draft starting point that you must review.
3.2. We do not use your inputs to train our own models, and we do not retain your raw generation inputs after producing your result. Our AI providers process the inputs to return a result under their own terms; see Section 6 for who they are.
3.3. Please avoid submitting personal data, or sensitive information, that is not necessary to produce the document. Where a site-specific detail is needed but unknown, [INSERT NAME] is designed to insert a neutral placeholder rather than require real personal data.
4. How We Store and Secure Your Data
4.1. Where data is stored. The document and signer records described in Sections 1.4 and 1.5 are stored in our managed database (Supabase, hosted in [SUPABASE REGION]). The Service is hosted on Vercel. Connections to the Service are encrypted in transit.
4.2. What we do not store. [INSERT NAME] does not store the signed PDF documents or signing certificates themselves. Those are created and held by Lumin and are retrieved from Lumin by reference only when needed. [INSERT NAME] also does not store your raw generation inputs (attachments and audio) after a request is processed.
4.3. Access controls. Access to stored records is restricted to the document owner's own records and to a limited set of personnel and service accounts that need it to operate the Service. We take reasonable technical and organizational measures to protect personal data against unauthorized access, loss, or misuse.
4.4. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
5. Data Retention
5.1. Generation inputs are not retained after your request is processed.
5.2. Document and signer records are retained for as long as needed to provide the signing dashboard and to meet our legal and record-keeping obligations [LEGAL REVIEW: confirm a specific retention period, e.g. records are deleted X months after a request expires or completes, or upon a deletion request].
5.3. Contact-form messages are retained for as long as needed to handle your enquiry and keep a reasonable record of our correspondence.
5.4. You can ask us to delete personal data we hold about you as described in Section 7.
6. Who We Share Data With (Service Providers)
6.1. We do not sell your personal data and we do not share it for advertising. We share data only with the service providers that help us run the Service, each acting under contract and only to the extent needed to perform their function:
6.1.1. Lumin — identity (OAuth sign-in) and electronic signing. When you sign in and send a document, Lumin authenticates you and creates and manages the signature request on your own Lumin account, including delivering signing invitations to your signers and storing the signed document and certificate. Lumin's processing of that data is governed by Lumin's own Privacy Policy, which you should also read.
6.1.2. OpenRouter (and the underlying AI model providers it routes to) — to generate and edit your document and to transcribe voice notes, using the inputs you submit for that request.
6.1.3. Supabase — our managed database provider, which stores the document and signer records described in this policy.
6.1.4. Vercel — our hosting and content-delivery provider, which processes requests to operate and secure the Service.
6.1.5. PostHog — our product-analytics provider (hosted in the United States), used, with your consent, to measure how the Service is used as described in Sections 1.9 and 2.3 and, when available, to receive support conversations created from the contact form.
6.2. We may also disclose data if required to comply with law, to enforce our Terms, to prevent fraud or abuse, or in connection with a corporate transaction (such as a merger or acquisition), in which case we will seek to ensure your data remains protected.
7. Your Privacy Rights
7.1. Depending on where you live, you may have rights over your personal data, including the right to access, correct, delete, or receive a copy of it, and to object to or restrict certain processing. To exercise any of these rights, contact us through our contact page. We may need to verify your identity before acting on a request, and we will respond within the time required by applicable law.
7.2. European Economic Area and United Kingdom (GDPR / UK GDPR). You have the rights described above and the right to lodge a complaint with your local data protection authority. Where we rely on consent, you may withdraw it at any time.
7.3. United States — California (CCPA / CPRA). California residents may request access to and deletion of personal information and may opt out of any "sale" or "sharing" of personal information. [INSERT NAME] does not sell or share personal information as those terms are defined, and does not use it for cross-context behavioral advertising. We will not discriminate against you for exercising your rights.
7.4. New Zealand (Privacy Act 2020). You may request access to and correction of your personal information and may complain to the Office of the Privacy Commissioner.
7.5. Australia (Privacy Act 1988 / Australian Privacy Principles). You may request access to and correction of your personal information and may complain to the Office of the Australian Information Commissioner.
7.6. Canada (PIPEDA and applicable provincial laws). You may request access to and correction of your personal information and may complain to the Office of the Privacy Commissioner of Canada.
7.7. Signers. If you received a signing invitation and want to know what data we hold about you or to have it deleted, contact us through our contact page. Note that the owner who sent the document may need to retain the record for their own legal and safety purposes.
8. International Transfers
8.1. [INSERT NAME] and its service providers may process your personal data in countries other than your own, including the United States. Where we transfer personal data across borders, we take steps to ensure it continues to receive an appropriate level of protection as required by applicable law.
9. Third-Party Links
9.1. The Service may contain links to other websites that we do not operate, including Lumin's website and its Privacy Policy. We are not responsible for the content or privacy practices of those websites. When you follow a link to another site, that site's own privacy policy applies, and we encourage you to review it.
10. Children
10.1. [INSERT NAME] is a tool for creating workplace safety documentation, is intended for use by adults (18 or older), and is not directed at children. We do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact us and we will take appropriate steps to delete it.
11. Changes to this Privacy Policy
11.1. We may update this Privacy Policy from time to time. We will post any changes on this page and update the "last updated" date above. If the changes are significant, we will provide a more prominent notice where appropriate.
12. Contact Us
12.1. If you have questions about this Privacy Policy, the personal data we hold, or you would like to exercise a privacy right, contact us through our contact page. [INSERT NAME] is operated by [LEGAL ENTITY].
12.2. [LEGAL REVIEW: If [LEGAL ENTITY] is established outside the EEA and the UK but offers the Service to users there, name an EU and/or UK representative under Article 27 of the GDPR / UK GDPR here, and a Data Protection Officer if one is required.]