SAMRISK Logo
SAMRISK
Back to Home

Privacy Policy

Last updated: 8th December 2025

1. Introduction

Welcome to SAMRISK. We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our building risk assessment and management platform.

Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the platform.

2. Information We Collect

2.1 Personal Information

We collect personal information that you provide to us:

  • Account Information: Name, email address, phone number, company name, and job title
  • Profile Information: Profile photo, user preferences, and role within your organization
  • Building Information: Building names, addresses, images, and related property data
  • Visitor Information: Visitor names, email addresses, phone numbers, car registrations, company names, and custom field data collected during visitor registration
  • Communication Data: Messages, discussions, comments, and file attachments you share within the platform

2.2 Automatically Collected Information

When you access our platform, we automatically collect certain information:

  • Log Data: IP address, browser type, operating system, access times, and pages viewed
  • Device Information: Device type, unique device identifiers, and mobile network information
  • Usage Data: Features used, actions taken, and time spent on the platform

2.3 Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our platform and hold certain information. You can manage your cookie preferences at any time.

3. How We Use Your Information

We use your information for the following purposes:

  • Platform Operation: To provide, maintain, and improve our risk assessment and building management services
  • User Authentication: To create and manage your account, verify your identity, and provide secure access
  • Communication: To send you technical notices, updates, security alerts, and support messages
  • Analytics: To understand how users interact with our platform and improve user experience (only with your consent)
  • Compliance: To comply with legal obligations and protect against fraudulent or illegal activity
  • Visitor Management: To facilitate visitor check-in/check-out processes and maintain security records for buildings

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

  • Within Your Organization: With other users in your company who have appropriate access permissions
  • Service Providers: With third-party vendors who perform services on our behalf (hosting, analytics, customer support)
  • Legal Requirements: When required by law or to respond to legal process
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • With Your Consent: When you explicitly authorize us to share your information

5. Data Security

We implement appropriate technical and organizational security measures to protect your personal information:

  • Encryption of data in transit and at rest
  • Regular security assessments and penetration testing
  • Access controls and authentication mechanisms
  • Regular backups and disaster recovery procedures
  • Employee training on data protection practices

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.

6. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law.

  • Account Data: Retained while your account is active and for a reasonable period thereafter
  • Visitor Logs: Retained for security and compliance purposes as required by local regulations
  • Building Data: Retained according to your organization's data retention policies

When you delete your account, we will delete or anonymize your personal information within 30 days, except where retention is required by law.

7. Your Privacy Rights (GDPR)

If you are a resident of the European Economic Area (EEA), you have certain data protection rights:

  • Right to Access: Request a copy of your personal information
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal information ("right to be forgotten")
  • Right to Restrict Processing: Request limitation of how we process your data
  • Right to Data Portability: Request transfer of your data to another service
  • Right to Object: Object to our processing of your personal information
  • Right to Withdraw Consent: Withdraw consent where processing is based on consent

To exercise these rights, please contact us at [email protected]. We will respond to your request within 30 days.

8. International Data Transfers

Your information may be transferred to and maintained on servers located outside of your country where data protection laws may differ. We ensure appropriate safeguards are in place for such transfers, including:

  • Standard Contractual Clauses approved by the EU Commission
  • Adequacy decisions by relevant authorities
  • Privacy Shield certification (where applicable)

9. Children's Privacy

Our platform is not intended for use by children under the age of 16. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

10. Third-Party Services and Data Processors

Our platform integrates with the following third-party services and data processors. These services process data on our behalf under strict data processing agreements:

10.1 Core Infrastructure

  • Supabase (Supabase Inc.): Our primary backend infrastructure provider, which includes:
    • PostgreSQL Database: Stores all platform data including user accounts, building information, risk assessments, visitor logs, and related records
    • Authentication Services: Manages user authentication, password encryption, and session management
    • Realtime Services: Enables live updates for discussions, task boards, and collaborative features
    • Storage Services: Stores user profile pictures and company logos

    Location: Supabase uses AWS infrastructure with servers located in multiple regions. Data is encrypted at rest and in transit. Privacy Policy: https://supabase.com/privacy

10.2 File Storage and CDN

  • DigitalOcean Spaces: Cloud object storage for documents, building images, QR codes, and file attachments. Files are stored in region-specific data centers with encryption and delivered via global CDN for fast access. Privacy Policy: https://www.digitalocean.com/legal/privacy-policy

10.3 Location Services

  • Google Maps Platform: Used to display building locations and provide interactive maps. When you view a building's location map, your IP address and location coordinates of the building are sent to Google's servers to render the map. This service operates under Google's standard terms. Privacy Policy: https://policies.google.com/privacy

10.4 Analytics (Consent-Based)

  • Google Tag Manager: Only activated with your explicit consent. Used for analytics, user behavior tracking, and marketing optimization. You can withdraw consent at any time through our cookie preferences. No analytics data is collected without your consent. Privacy Policy: https://policies.google.com/privacy

10.5 Client-Side Libraries

The following libraries run entirely in your browser and do not transmit data to external servers:

  • Chart.js: Visualizes analytics and statistics within the platform (client-side only, no data transmission)
  • QR Code Generator: Generates QR codes for visitor logbooks and building items (client-side only)

10.6 Data Processing Agreements

We maintain Data Processing Agreements (DPAs) with all third-party processors to ensure GDPR compliance. These agreements specify:

  • The scope and purpose of data processing
  • Security measures and encryption requirements
  • Data retention periods and deletion obligations when our relationship ends
  • Restrictions on further sub-processing without our approval
  • Obligations to assist with data subject rights requests

Important: These third-party services have their own privacy policies and terms of service. We encourage you to review them. We are not responsible for the privacy practices of these third parties, but we carefully select partners who maintain high standards of data protection.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last updated" date at the top
  • Sending you an email notification (for significant changes)

We encourage you to review this Privacy Policy periodically for any changes.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

Email: [email protected]

Data Protection Officer: [email protected]

13. Cookie Management

You can manage your cookie preferences at any time by clicking the button below. This will reset your cookie consent and allow you to make new choices.