1. Introduction

This Privacy Policy describes how Hazurion ("Hazurion," "we," "us," or "our") collects, uses, stores, and protects information when you use our conversational safety intelligence platform, including the SAVIA reasoning engine, VERA validation system, and AEGIS advisory interface (collectively, the "Services").

Hazurion provides AI-powered workplace safety management solutions designed for organizations with 25 to 1,000 employees across manufacturing, construction, oil and gas, energy utilities, and chemical/petrochemical industries. This policy applies to all users of our Services, including organizational administrators, safety managers, supervisors, and frontline workers.

2. Definitions

For purposes of this Privacy Policy:

- "Account" means a registered user account for accessing the Services.

- "AEGIS" means Adaptive Expert Guidance Intelligence System, our AI personality layer that presents safety guidance through a conversational interface.

- "Organization" means a company or entity that maintains an organizational account with Hazurion.

-"Safety Data" means incident reports, hazard assessments, risk analyses, safety observations, inspection records, and other safety-related information.

- "SAVIA" means Safety Assessment, Validation, Inference, and Action, our core AI reasoning engine.

-  "User Content" means data, documents, conversation logs, and information submitted to the Services.

- "VERA" means Validation and Explainability Reasoning Architecture, our transparency system that provides reasoning traces for AI recommendations.

3. Information We Collect

3.1 Account and Organization Information

When you register for the Services, we collect:

-       Name, email address, and job title

-       Organization name, size, and industry classification

-       Role and permission level within your organization

-       Authentication credentials

-       Billing and payment information (for organizational accounts)

3.2 Safety and Operational Data

Through your use of the Services, we process:

-       Incident reports, including injuries, near misses, property damage, and environmental events

-       Hazard identifications and risk assessments

-       Safety observations and inspection records

-       Training records and certifications

-       Workplace conditions and equipment information

-       Permits to work and job safety analyses

-       Compliance documentation and audit records

3.3 Conversation and AI Interaction Data

When you interact with SAVIA and AEGIS, we collect:

-       Natural language queries and safety questions

-       Conversation history and context

-       VERA reasoning traces and decision logs

-       AI-generated recommendations and documents

-       User feedback on AI responses

3.4 Technical and Usage Data

We automatically collect:

-       IP address, device type, and operating system

-       Browser type and version

-       Feature usage patterns and session duration

-       Error logs and performance metrics

-       API usage and integration activity

4. How We Use Information

4.1 Providing Safety Intelligence Services

-       Processing safety queries through our 13 specialized SAVIA agents

-       Generating risk assessments, safety recommendations, and compliance guidance

-       Creating safety documents, reports, and audit trails

-      Providing industry-specific safety intelligence through 106 trigger patterns

-       Delivering transparent reasoning through VERA validation

4.2 AI Processing and Model Improvement

We use AI and machine learning technologies to:

-       Analyze safety queries and provide contextually relevant responses

-       Detect industry context and match appropriate safety protocols

-       Generate predictive analytics for incident prevention

-       Improve the accuracy and relevance of safety recommendations

Important: Your organization's Safety Data is not used to train general AI models shared with other customers. Any model improvements are applied at the organizational level with your consent.

4.3 Compliance and Legal Obligations

-       Maintaining records required by OSHA, ISO 45001, and other regulatory frameworks

-       Supporting audit trails and compliance documentation

-       Responding to valid legal requests and regulatory inquiries

-       Preserving incident records as required by applicable law

Data Retention

5. Data Retention

We retain different categories of data for varying periods based on legal requirements and operational needs. The retention periods are as follows:

- Incident Records: Retained for 5+ years (OSHA recordkeeping requirements)
- Training Records: Retained for the duration of employment plus 3 years (regulatory compliance)
- Audit Trails: Retained for 7 years (compliance documentation)
- Conversation Logs: Retained for 2 years (service improvement)
- Account Information: Retained for the lifetime of the account plus 1 year (service provision)

6. Data Security

We implement enterprise-grade security measures to protect your information:

- Encryption: All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption. We maintain strict key rotation policies and secure key management practices.

- Access Controls: We employ role-based access control (RBAC) with five permission levels: Worker, Supervisor, Safety Manager, Administrator, and System Admin. Multi-factor authentication is available for all accounts.

- Infrastructure Security: Our Services are hosted on secure cloud infrastructure with 99.9% uptime SLA, regular security audits, and continuous monitoring for unauthorized access.

- Compliance Certifications: We maintain compliance with SOC 2 Type II standards, GDPR requirements, and are pursuing ISO 27001 certification.

7. Organizational Data Ownership

For organizational accounts:

Your Organization Owns Its Data. All Safety Data, incident reports, and compliance documentation submitted through the Services remain the property of your organization. Hazurion acts as a data processor on behalf of your organization.

Administrator Access. Organizational administrators may access, export, or delete user data within their organization in accordance with their internal policies and applicable law.

Data Portability. Organizations may request export of all their data in standard formats at any time during their subscription or within 30 days of termination.

8. Your Rights and Choices

Depending on your location and applicable law, you may have the following rights:

- Access and Correction: You may view, correct, or update your personal information through your account settings or by contacting your organizational administrator.

- Deletion: You may request deletion of your personal information, subject to legal retention requirements and organizational policies. Note that certain Safety Data may need to be retained for regulatory compliance.

- Data Portability: You may request a copy of your personal data in a structured, machine-readable format.

- Opt-Out: You may opt out of marketing communications at any time via your account settings or by following the unsubscribe instructions in our emails.

9. Cookies and Tracking Technologies

Hazurion uses cookies and similar technologies to:

-       Maintain your session and authentication state

-       Remember your preferences and settings

-       Analyze platform usage and performance

-       Improve the Services and user experience

You may manage cookie preferences through your browser settings. Note that disabling certain cookies may affect the functionality of the Services.

10. Third-Party Services and Integrations

Our Services may integrate with third-party platforms including:

•       Slack and Microsoft Teams for notifications

•       Cloud infrastructure providers (AWS/Azure)

•       Payment processors for billing

•       Analytics services for platform improvement

We require all third-party service providers to maintain appropriate security and privacy protections. We do not sell your personal information to third parties.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by relevant data protection authorities, for any international transfers of personal data.

12. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

-       Posting a notice on the Services

-       Sending an email to organizational administrators

-       Updating the "Effective Date" at the top of this policy

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

Email: privacy@hazurion.com

General Inquiries: info@hazurion.com

Website: hazurion.com

For organizational accounts, you may also contact your designated Hazurion account representative or Customer Success Manager.