SWMSBuilder← Home

Privacy Policy

Last updated: 28 June 2026

This policy explains how SWMSBuilder handles personal information, consistent with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth).

What we collect

  • Account & workspace: name, email, company name, ABN, logo, brand colour, role.
  • SWMS content: the job, scope, tasks, hazards, controls and people you enter or generate.
  • Worker sign-ons: name, role, signature, and a timestamp/IP/version recorded for compliance when a worker signs on via QR.
  • Usage & billing: AI generation counts, and payment details handled by Stripe (we do not store card numbers).

How we use it

To provide and operate the Service: generate and store your documents, run compliance checks, process payments, record sign-ons, and improve reliability. We do not sell personal information.

Who we share it with (processors)

  • Supabase — database, authentication and file storage.
  • Vercel — hosting and privacy-friendly, cookieless web analytics.
  • Stripe — payments.
  • AI provider (via Vercel AI Gateway) — to generate the drafts you request; sent only when you use AI generation.
  • Resend — transactional email.
  • Google Analytics (GA4) — website usage and conversion measurement.
  • PostHog — product analytics and conversion funnels (US-hosted).

These providers process data on our behalf under their own security commitments. Some may store data outside Australia.

Security & retention

Access is protected by authentication and row-level security so each workspace only sees its own data. We keep your data while your account is active and as needed for legal/compliance purposes (e.g. sign-on audit records), then delete or de-identify it.

Your rights

You may access or correct your personal information, request deletion, or raise a privacy concern by emailing hello@swmsbuilder.au. If you are not satisfied, you can contact the Office of the Australian Information Commissioner (OAIC).

Cookies & analytics

We use essential cookies for sign-in and security. We also use analytics to understand how the marketing site and product are used so we can improve them:

  • Vercel Web Analytics — aggregate traffic; cookieless.
  • Google Analytics (GA4) — usage and conversion measurement; sets cookies.
  • PostHog — product analytics and conversion funnels (and, where enabled, session recordings with input fields masked); sets cookies and is hosted in the United States.

You can opt out using your browser's privacy controls or an analytics blocker, and via Google's GA opt-out browser add-on. Disabling analytics does not affect your ability to use the Service.

SWMSBuilder is a document-drafting aid, not a provider of legal or safety advice. Questions? hello@swmsbuilder.au