Security & Trust

Your Safety Data, Protected

Safety records are sensitive. We treat them that way. Enterprise-grade security, transparent practices, and a commitment to earning your trust.

Security Standards & Compliance

SOC 2
TYPE II
SOC 2 Type II
In Progress
ISO
27001
ISO 27001
Framework Aligned
NIST
CSF
NIST Framework
Risk-Based Approach
OSHA
PSM
OSHA Aligned
PSM & RMP Ready
256-bit
AES Encryption
99.9%
Uptime SLA
24/7
Security Monitoring
TLS 1.3
Data in Transit

Our Security Commitment

Safety Square handles critical safety documentation, records that protect your workers and your business. We take that responsibility seriously. Our security program is built on three principles:

Defense in Depth

Multiple layers of protection at every level: infrastructure, application, and data.

Least Privilege

Access is granted only to those who need it, only for what they need, only for as long as they need it.

Continuous Improvement

Security isn't a destination. We continuously monitor, test, and improve our defenses.

Infrastructure Security

Cloud Infrastructure

  • SOC 2 Type II certified data centers
  • Geographic redundancy across multiple availability zones
  • 99.9% uptime SLA
  • Automated failover and disaster recovery

Network Security

  • Web Application Firewall (WAF) protection
  • DDoS mitigation
  • Encrypted data transmission (TLS 1.3)
  • Network segmentation and isolation
  • Intrusion detection and prevention

Physical Security

  • 24/7 security personnel
  • Biometric access controls
  • Video surveillance
  • Environmental controls

Data Protection

Encryption

  • In Transit: TLS 1.3 encryption for all data transmission
  • At Rest: AES-256 encryption for all stored data
  • Backups: Encrypted and stored in geographically separate locations

Data Isolation

Each customer's data is logically isolated. Your data is never commingled with other customers' data.

Data Retention

  • Active data: Retained for the duration of your subscription
  • Safety records: Retained per regulatory requirements (typically 5+ years)
  • Deleted data: Permanently removed within 90 days of deletion request

Data Portability

You own your data. You can export your complete dataset at any time in standard formats.

Application Security

Secure Development

  • Security-focused code review process
  • Automated vulnerability scanning
  • Regular penetration testing by third parties
  • Secure software development lifecycle (SSDLC)

Authentication

  • Strong password requirements
  • Multi-factor authentication (MFA) available
  • Session management and automatic timeouts
  • Secure credential storage (hashed and salted)

Access Controls

  • Role-based access control (RBAC)
  • Granular permissions by function
  • Audit logging of all access
  • Regular access reviews

Audit Trail Integrity

  • Append-only (cannot be deleted or modified)
  • Timestamped with tamper-evident logging
  • Retained per regulatory requirements
  • Available for export and legal discovery

Compliance

Regulatory Alignment

  • OSHA recordkeeping and documentation requirements
  • OSHA PSM (Process Safety Management) documentation
  • EPA RMP (Risk Management Program) requirements
  • State OSHA plan requirements

Industry Standards

  • SOC 2 Type II: Controls for security, availability, and confidentiality
  • ISO 27001: Information security management framework
  • NIST Cybersecurity Framework: Risk-based security approach

Certifications

We are actively pursuing SOC 2 Type II certification and ISO 27001 certification.

Privacy

Data Collection

We collect only the data necessary to provide our services:

  • • Account information (name, email, company)
  • • Safety records (briefings, check-ins, incidents)
  • • Face verification images (for briefing completion)
  • • Usage data (to improve the product)

Data Use

Your data is used only to:

  • • Provide Safety Square services
  • • Improve platform functionality
  • • Comply with legal requirements

We never sell your data, use it for advertising, or share it without consent.

Your Rights

You have the right to:

Access your dataCorrect inaccurate dataDelete your data (subject to legal retention requirements)Export your dataObject to processing

For privacy requests: support@safetysquareplatform.com

Read Full Privacy Policy

Incident Response

Monitoring

  • 24/7 automated monitoring for security events
  • Real-time alerting for anomalies
  • Regular log review and analysis

Response Process

  1. 1.Detect: Automated systems identify potential incidents
  2. 2.Contain: Immediate action to limit impact
  3. 3.Investigate: Root cause analysis
  4. 4.Remediate: Fix vulnerabilities and restore services
  5. 5.Notify: Communicate with affected customers
  6. 6.Improve: Update processes to prevent recurrence

Notification

If a security incident affects your data, we will notify you within 72 hours with: what happened, what data was affected, what we're doing about it, and what you should do (if anything).

Business Continuity

Redundancy

  • Multi-region deployment
  • Automated failover
  • No single point of failure

Backup

  • Daily automated backups
  • Point-in-time recovery
  • Geo-distributed storage
  • Regular restoration testing

Disaster Recovery

  • RTO: 4 hours
  • RPO: 1 hour
  • Documented procedures
  • Annual DR testing

Security FAQs

Where is my data stored?

Safety Square data is stored in secure, SOC 2 certified data centers in the United States.

Is my data encrypted?

Yes. All data is encrypted in transit (TLS 1.3) and at rest (AES-256).

Can Safety Square employees see my data?

Access to customer data is strictly limited to employees who need it to provide support, and all access is logged. We never access customer data without a legitimate business reason.

What happens to my data if I cancel?

Upon cancellation, you can export your data. After a 90-day grace period, data is permanently deleted (subject to any legal retention requirements).

Do you support Single Sign-On (SSO)?

SSO is available for Enterprise customers. Contact sales for details.

How do you handle security vulnerabilities?

We have a responsible disclosure program. If you discover a security vulnerability, please report it to support@safetysquareplatform.com.

Can I get a copy of your SOC 2 report?

SOC 2 reports are available to customers and prospects under NDA. Contact support@safetysquareplatform.com.

Trust Center Resources

Privacy PolicyTerms of ServiceCookie PolicyData Processing Agreement (on request)Security Whitepaper (on request)

Our Promise

Your safety records are critical to your workers, your compliance, and your business. We've built Safety Square from the ground up to protect that data with the same rigor you'd expect from any enterprise system.

Security isn't a feature we added. It's the foundation we built on.

If you have questions about our security practices, we're happy to discuss them. Reach out to support@safetysquareplatform.com