Back to Home

Privacy Policy

Last updated: December 8, 2025

Your Privacy Matters

SafetyDatas is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, and safeguard your information in compliance with GDPR and European data protection laws.

1. Introduction

SafetyDatas ("we", "us", or "our") operates the SafetyDatas.com web application. This Privacy Policy informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Service.

By using the Service, you agree to the collection and use of information in accordance with this policy.

2. Data Controller

SafetyDatas is the data controller responsible for your personal data. For questions about this Privacy Policy or your personal data, please contact us through our contact page.

3. Information We Collect

3.1 Personal Data

While using our Service, we may ask you to provide certain personally identifiable information:

  • Email address
  • Name and company name
  • Billing information (for paid subscriptions)
  • Contact preferences

3.2 Usage Data

We automatically collect certain information when you use our Service:

  • IP address
  • Browser type and version
  • Pages visited and time spent
  • Device information
  • Error logs and diagnostics

3.3 Document Data

We store the safety data sheets (PDF files) you upload to our Service. This may include chemical names, manufacturer information, and safety instructions. We do not read or analyze the content of your documents except as necessary to provide the Service (e.g., extracting compound names from filenames).

4. How We Use Your Data

We use your personal data for the following purposes:

  • To provide and maintain our Service
  • To process your documents and create alphabetical indexes
  • To manage your account and subscriptions
  • To process payments and send invoices
  • To send you service updates and support communications
  • To improve our Service and user experience
  • To detect and prevent technical issues or security threats
  • To comply with legal obligations

5. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

  • Contractual Necessity: To fulfill our contract with you and provide the Service
  • Legitimate Interest: To improve our Service, prevent fraud, and ensure security
  • Consent: For marketing communications (you can withdraw consent at any time)
  • Legal Obligation: To comply with applicable laws and regulations

6. Data Storage and Security

6.1 Data Storage

Your data is stored on secure servers located in the European Union. We use Vercel for hosting and Upstash (Redis) for data storage. All data remains within EU jurisdictions.

6.2 Security Measures

We implement industry-standard security measures to protect your data:

  • Encryption in transit (HTTPS/TLS)
  • Encryption at rest for all stored data
  • Regular security audits and updates
  • Access controls and authentication
  • Automatic expiration of shared collections (90 days)

6.3 Data Retention

We retain your personal data only as long as necessary to provide the Service and comply with legal obligations. Active accounts: data is retained while your subscription is active. Canceled accounts: data is retained for 30 days before permanent deletion. Shared collections: automatically deleted after 90 days.

7. Data Sharing and Third Parties

We do not sell or rent your personal data to third parties. We may share your data with:

  • Service Providers: Vercel (hosting), Upstash (database) - all EU-based or GDPR-compliant
  • Payment Processors: For handling subscription payments (they have their own privacy policies)
  • Legal Requirements: When required by law or to protect our legal rights

All third-party providers are contractually obligated to protect your data and comply with GDPR.

8. Your Rights (GDPR)

Under GDPR, you have the following rights regarding your personal data:

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to Restriction: Limit how we use your data
  • Right to Data Portability: Receive your data in a machine-readable format
  • Right to Object: Object to certain types of processing
  • Right to Withdraw Consent: Withdraw consent for marketing communications

To exercise any of these rights, please contact us through our contact page. We will respond within 30 days.

9. Cookies and Tracking

We use essential cookies to provide the Service (e.g., session management, authentication). We do not use third-party advertising or tracking cookies.

You can control cookies through your browser settings. Disabling essential cookies may limit Service functionality.

10. International Data Transfers

Your data is stored and processed within the European Union. If data is transferred outside the EU, we ensure appropriate safeguards are in place (e.g., Standard Contractual Clauses, adequacy decisions).

11. Children's Privacy

Our Service is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a notice on our Service. Continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or want to exercise your rights, please contact us:

SafetyDatas

Email: Contact Form

Response time: Within 30 days (GDPR requirement)

14. Supervisory Authority

You have the right to lodge a complaint with your local data protection supervisory authority if you believe we have not complied with GDPR or your local data protection laws.