1. Data Collection & Telemetry

We collect essential telemetry (IP addresses, JWT sessions) necessary for the secure operation of the platform. We also store the data you create while using the service: documents (metadata and encrypted extracted text), projects, hazards, compliance check results, consultation requests, and cryptographic audit trails. Source files uploaded for classification are never retained after processing.

2. Your Rights under GDPR

As an EU/UK citizen or Enterprise client, you retain the following rights:

Right to Access: You may request a copy of your personal data.
Right to Erasure (Right to be Forgotten): You may delete your data via the Settings dashboard.
Right to Portability: You may export your entire SQL Database Dump as a JSON file.

3. Data Sovereignty (Tier 3)

Your RAMS documents are stored in a dedicated database isolated from other tenants. Uploaded source files are never stored — only metadata is retained. Extracted document text is retained in AES-256-GCM encrypted form to enable the document preview and audit support features. We do not use your private documents to train our core AI models.

4. Use of Cookies

We use secure cookies exclusively for maintaining your authenticated Supabase session.

5. Legal Entity & Compliance Contact

This platform is operated by Enclave Systems. For any privacy, GDPR, or general compliance inquiries, please contact us at legal@enclavesystem.com. Our New Zealand Business Registration Number (NZBN) is 9429053741905.