OSHA Action PacketOSHA Packet
Menu
Sample packetDashboardHome
Upload

Legal

Privacy Policy

Last updated: April 15, 2026

1. What we collect

  • Email address (for authentication and purchase receipts)
  • Uploaded OSHA citation PDFs
  • Payment information (processed by Stripe; we never see your full card number)
  • Basic usage data (pages visited, actions taken)

2. How we use your data

  • Process your citation and generate your action packet
  • Send transactional emails (login links, packet-ready notifications)
  • Improve the Service

3. Where your data is stored

  • Database: Neon Postgres (cloud-hosted, encrypted at rest)
  • File storage: Amazon S3 (us-east-1, server-side encryption)
  • Payments: Stripe (PCI-compliant)

4. Data sharing

We do not sell, rent, or share your personal data with third parties for marketing purposes. Data may be shared with service providers (Stripe, AWS, Neon) solely to operate the Service.

5. Cookies

We use a single HTTP-only session cookie (osha_session) for authentication. No third-party tracking cookies are used. If analytics are enabled, they use privacy-respecting, cookie-free methods.

6. Data retention and deletion

Your data is retained as long as your account exists. To request deletion of your data, email support@oshaactionpacket.com. We will delete your uploaded PDFs, generated packets, and account data within 30 days of your request.

7. Security

All data is encrypted in transit (TLS) and at rest. Access to production systems is restricted to authorized personnel. We follow industry-standard security practices.

8. Changes to this policy

We may update this policy at any time. Material changes will be noted by updating the “Last updated” date.

9. Contact

Questions? Email support@oshaactionpacket.com.