Legal
Privacy Policy
Last updated: April 21, 2026
1. What we collect
- Email address for access links, receipts, and case notifications
- Uploaded federal OSHA citation PDFs
- Extracted case data, packet progress notes, and generated packet outputs
- Payment metadata from Stripe, but not your full card number
- Basic product analytics and operational logs
2. How we use your data
- Generate your preview and paid packet outputs
- Save packet progress, proof status, and packet QA answers
- Send transactional emails such as access links and purchase confirmations
- Operate, secure, and improve the Service
3. Where your data is stored
- Database: Neon Postgres
- File storage: Amazon S3
- Payments: Stripe
- Application hosting and logs: infrastructure providers we use to run the Service
4. Data sharing
We do not sell your personal data. We share data only with service providers needed to run the product, such as hosting, storage, database, email, and payment vendors.
5. Cookies and sessions
We use a secure session cookie for authentication. We may use privacy-respecting analytics and operational monitoring, but we do not use the Service to sell advertising audiences.
6. Retention and deletion
We retain uploaded files, extracted case data, packet progress, and packet outputs until you ask us to delete them or we retire them under our internal policies. For deletion requests, email support@oshaactionpacket.com.
7. Security
Data is transmitted over TLS and stored with industry-standard protections provided by our vendors. Access to production systems is limited to authorized personnel.
8. Changes to this policy
We may update this policy from time to time. Material changes will be reflected by updating the last-updated date on this page.
9. Contact
Questions about privacy can be sent to support@oshaactionpacket.com.