Privacy Policy
Effective date: May 9, 2026
1. Who We Are
Prova Safety is a safety management platform operated by NSTCS LLC("we," "us," or "our"). We provide software tools for construction and field-based companies to manage safety inspections, incident reporting, toolbox talks, training records, and OSHA compliance documentation.
Our website is https://provasafety.app. Questions about this policy can be sent to privacy@provasafety.app.
2. Information We Collect
Information you provide directly
- Account registration: name, email address, company name, role
- Organization details: company name, state, industry, crew size
- Safety records: inspection findings, incident reports, near-miss logs, toolbox talk content
- Workforce data: employee names, job titles, training certifications, e-signatures
- Documents: uploaded files such as subcontractor insurance certificates and safety plans
- Waitlist submissions: name, company, email, crew size
Information collected automatically
- Log data: IP addresses, browser type, pages visited, timestamps
- Device information: operating system, screen resolution, device type
- Usage data: features used, actions taken within the platform
- Location data: GPS coordinates collected during field inspections (with your permission)
- Photos: images captured or uploaded during inspections
Information from third parties
- Authentication providers (Supabase Auth / email-based login)
- Weather API data attached to inspection records
3. How We Use Your Information
We use collected information to:
- Provide, operate, and improve the Prova platform
- Generate safety reports, PDF exports, and compliance documentation
- Send transactional emails (inspection reports, training assignments, permit alerts)
- Notify you of permit expirations, overdue actions, and training compliance gaps
- Power AI-assisted features (inspection analysis, JHA generation, toolbox talk creation)
- Authenticate users and maintain account security
- Respond to support requests
- Comply with legal obligations
We do not sell your personal information to third parties. We do not use your safety records or workforce data to train AI models without your explicit consent.
4. AI Features
Prova uses AI models (including Anthropic Claude) to power features such as inspection photo analysis, JHA generation, toolbox talk creation, and investigation summaries. When you use these features:
- Your input (text, photos, form data) is sent to the AI provider to generate a response
- AI providers process this data under their own privacy policies and data processing agreements
- We do not share personally identifiable employee information with AI providers beyond what is necessary to generate the requested output
- AI-generated content is always reviewed and controlled by you before it is saved or shared
5. Data Storage and Security
Your data is stored on Supabase (PostgreSQL database hosted on AWS) and in Supabase Storage (S3-compatible object storage). All data is encrypted at rest and in transit (TLS 1.2+).
We implement row-level security (RLS) policies that ensure each organization can only access its own data. Uploaded documents (insurance certificates, subcontractor records) are stored in private storage buckets accessible only through authenticated, time-limited signed URLs.
Despite these measures, no system is perfectly secure. We encourage you to use strong passwords and report any suspected security issues to privacy@provasafety.app.
6. Data Sharing
We share your data only in the following circumstances:
- Service providers: Supabase (database/storage), Resend (transactional email), Anthropic (AI features), Vercel (hosting). Each is bound by data processing agreements.
- Within your organization: All users within your organization can access your organization's safety records based on their assigned role.
- Legal requirements: We may disclose data if required by law, court order, or to protect the rights and safety of our users.
- Business transfer: If NSTCS LLC is acquired or merges, your data may be transferred as part of that transaction. We will notify you in advance.
7. Data Retention
We retain your data for as long as your account is active or as needed to provide our services. Safety records (inspections, incidents, training logs) are retained indefinitely by default because OSHA regulations may require you to maintain records for specific periods (e.g., OSHA 300 logs for 5 years).
You may request deletion of your account and associated data at any time by contacting us at privacy@provasafety.app. Note that some data may be retained to comply with legal obligations.
8. Your Rights
Depending on your location, you may have the right to:
- Access: Request a copy of the personal data we hold about you
- Correction: Request correction of inaccurate data
- Deletion: Request deletion of your personal data
- Portability: Request your data in a portable format
- Objection: Object to certain types of processing
To exercise any of these rights, contact us at privacy@provasafety.app. We will respond within 30 days.
9. Cookies
We use cookies and similar technologies solely for authentication (session management via Supabase Auth). We do not use tracking cookies, advertising cookies, or third-party analytics cookies.
You can disable cookies in your browser settings, but this will prevent you from logging in to the platform.
10. Children's Privacy
Prova is a business platform intended for use by adults in professional contexts. We do not knowingly collect personal information from anyone under 18 years of age. If you believe a minor has provided us with personal information, contact us at privacy@provasafety.app.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the effective date at the top and notify active users via email if the changes are material. Your continued use of Prova after changes are posted constitutes your acceptance of the updated policy.
12. Contact Us
If you have questions, concerns, or requests related to this Privacy Policy: