Privacy Policy.

This Privacy Policy describes how OKG Solutions ("OKG," "we," "us," or "our") collects, uses, stores, and protects information when you use our AI-powered safety compliance platform (the "Service"). By using the Service, you consent to the practices described in this Privacy Policy.

1. Information We Collect

1.1 Account Information

When you create an account, we collect personal and business information necessary to provide the Service, including:

• Full name and job title;
• Email address;
• Company name, address, and industry;
• State of operation;
• Phone number (if provided);
• Account credentials (passwords are stored in hashed form only).

1.2 Safety Data

In the course of using the Service, you may upload or create safety-related data, including:

• Incident reports and investigation records;
• Inspection checklists and results;
• Training records and certifications;
• Machine and equipment information;
• Lockout/Tagout (LOTO) procedures;
• Job Safety Analysis (JSA) documents;
• Corrective action records;
• Maintenance logs;
• Employee names associated with safety records;
• Bulk-imported records (including employee rosters, certification data, and training histories) provided by account administrators via CSV upload.

File Upload Scanning: All files uploaded to the Service are scanned for malware using ClamAV and validated by MIME-type inspection before storage. Files that fail either check are rejected and are not written to our systems; metadata about the rejection (filename, detected signature, account ID, timestamp) is retained for security auditing.

1.2a Multi-Factor Authentication (MFA) Data

If you enable multi-factor authentication on your account, we store:

• An encrypted TOTP (time-based one-time password) secret used to validate your authenticator app codes;
• A set of one-time backup recovery codes, stored as hashes only;
• Timestamps of MFA enrollment and successful MFA verification events.

MFA is opt-in for all customer roles. MFA secrets are never transmitted after enrollment and cannot be recovered by OKG Solutions staff.

1.2b Kiosk Mode Submissions

OKG Solutions offers a plant-floor kiosk mode where workers may interact with the AI safety chat via a public QR code without logging in. When kiosk mode is used, we collect:

• The text of the question or message submitted;
• The AI-generated response;
• The IP address of the device used;
• Date and timestamp of the interaction;
• The facility or location identifier associated with the QR code.

Kiosk submissions are not associated with a named individual unless the worker voluntarily identifies themselves in their message. Customer-administrators are responsible for ensuring kiosk QR codes are distributed only to authorized workers and for informing workers that submissions are logged.

1.2c Pre-Account Submissions (Contact Form & Waitlist)

If you submit our contact form or join our waitlist without creating an account, we collect and store the following for the purpose of responding to your inquiry and evaluating pilot fit:

• Contact form: name, email address, company name, message text, IP address, browser user-agent string, and referring URL;
• Waitlist: email address, IP address, browser user-agent string, and referring URL.

These submissions are stored in append-only logs accessible only to OKG Solutions administrators. They are retained for as long as reasonably necessary to respond to you and to maintain records of inbound interest. You may request deletion of your contact-form or waitlist entry at any time by emailing [email protected].

1.3 Usage Data

We automatically collect certain information about how you interact with the Service, including:

• Pages visited and features used;
• Date and time of access;
• Device type, operating system, and browser information;
• IP address;
• Referring URLs;
• Click patterns and navigation paths within the Service.

1.4 AI Chat Logs

When you or your workers interact with our AI safety chat feature, we collect and store the conversation logs, including questions asked and AI-generated responses. These logs are associated with your account and facility data to provide contextually relevant safety guidance.

1.5 Cookies and Analytics

We use cookies and similar tracking technologies to enhance your experience, remember your preferences, and collect aggregate usage statistics. The types of cookies we use include:

• Essential cookies: Required for the Service to function properly (authentication, session management);
• Analytics cookies: Help us understand how users interact with the Service so we can improve it;
• Preference cookies: Remember your settings and preferences across sessions.

You can control cookie preferences through your browser settings. Disabling essential cookies may impair the functionality of the Service.

2. How We Use Information

We use the information we collect for the following purposes:

• Providing the Service: To operate, maintain, and deliver the features and functionality of the platform, including generating AI-powered safety documentation and compliance guidance;
• Improving the Product: To analyze usage patterns, identify areas for improvement, and develop new features;
• Communication: To send you important account notifications, service updates, security alerts, and promotional communications (you may opt out of promotional emails at any time);
• Customer Support: To respond to your inquiries, troubleshoot issues, and provide technical assistance;
• Security: To detect, prevent, and respond to fraud, abuse, security incidents, and technical issues;
• Legal Compliance: To comply with applicable laws, regulations, legal processes, or governmental requests.

3. Data Sharing

We do not sell your personal information or Customer Data to any third party. We share information only in the following limited circumstances:

3.1 AI Processing

Conversations with our AI safety chat feature are processed by OKG AI, our integrated AI service. When you use the AI chat, relevant conversation data and facility context are sent to our AI sub-processors for processing. A current list of AI sub-processors is available upon request to [email protected]. Please refer to Section 4 below for details on AI data handling.

3.2 Payment Processor

We use a third-party payment processor to handle billing and payment transactions. Your payment information (such as credit card numbers) is transmitted directly to and stored by the payment processor in accordance with their security standards. We do not store full credit card numbers on our servers.

3.3 Legal Requirements

We may disclose your information if required to do so by law or in the good faith belief that such action is necessary to:

• Comply with a legal obligation, subpoena, or court order;
• Protect and defend the rights or property of OKG Solutions;
• Prevent or investigate possible wrongdoing in connection with the Service;
• Protect the personal safety of users of the Service or the public.

3.4 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

4. AI Data Handling

Our Service uses OKG AI, powered by third-party AI sub-processors, to deliver our AI safety chat and document generation features. The following details how your data is handled in connection with AI processing:

• Processing: Conversations and relevant facility context are sent to our AI sub-processors to generate responses. This data is processed in real time to provide safety guidance;
• No Model Training: Your data is not used by OKG Solutions or its AI sub-processors to train or improve AI models. Your conversations remain private and are used solely for delivering the Service;
• Retention: AI conversation logs are retained within your account for your reference and to provide continuity in safety guidance. They are subject to the same data retention policies as other Customer Data;
• Security: All data transmitted to AI sub-processors is encrypted in transit using TLS encryption.

5. Data Security

We implement industry-standard security measures to protect your information, including:

• Encryption in Transit: All data transmitted between your browser and our servers is encrypted using TLS (Transport Layer Security);
• Encryption at Rest: Customer Data stored on our servers is encrypted at rest;
• Access Controls: Access to Customer Data is restricted to authorized personnel on a need-to-know basis. We employ role-based access controls, and multi-factor authentication (TOTP) is available to all customer users and required for administrative access;
• Upload Scanning: All uploaded files are scanned for malware (ClamAV) and validated by MIME-type inspection before being written to storage;
• Regular Backups: We perform regular automated backups of Customer Data to prevent data loss;
• Monitoring: We monitor our systems for security threats and unauthorized access attempts;
• Infrastructure: The Service is hosted on cloud servers located in the United States.

While we strive to protect your information, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security but are committed to maintaining and improving our security practices.

6. Data Retention

• Active Accounts: Customer Data is retained for as long as your account remains active and in good standing;
• Terminated Accounts: Upon account termination, Customer Data will be available for export for 30 days. After the export window, Customer Data will be deleted from our production systems within 90 days of termination;
• Backup Purging: Customer Data in backup systems will be purged within 180 days of account termination;
• Legal Holds: We may retain certain data beyond the standard retention periods if required by law or to resolve disputes, enforce our agreements, or protect our legal rights;
• Usage Data: Aggregated, anonymized usage data may be retained indefinitely for analytics and product improvement purposes.

7. Customer Data Rights

You have the following rights with respect to your data:

7.1 Right to Access

You may access and export your Customer Data at any time through the export functionality available within the Service. You may also request a copy of the personal information we hold about you by contacting us.

7.2 Right to Correct

You may update or correct your account information and Customer Data at any time through the Service. If you believe any information we hold about you is inaccurate, you may contact us to request a correction.

7.3 Right to Delete

You may request deletion of your account and associated data by contacting our support team. Upon receiving a verified deletion request, we will delete your data in accordance with the retention schedule described in Section 6. Certain data may be retained as required by law.

7.4 Right to Portability

You may export your Customer Data in standard, machine-readable formats including CSV and PDF through the export features available in the Service. This allows you to transfer your data to another service provider at any time.

8. Children's Privacy

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have inadvertently collected personal information from a child under 18, we will take steps to delete such information promptly. If you believe we have collected information from a child under 18, please contact us immediately.

9. Third-Party Links

The Service may contain links to third-party websites, services, or resources. OKG Solutions is not responsible for the privacy practices or content of those third parties. We encourage you to review the privacy policies of any third-party services you access through links on our platform. This Privacy Policy applies solely to information collected through the OKG Solutions Service.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by:

• Sending an email notification to the address associated with your account;
• Posting a prominent notice on the Service.

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after any changes constitutes your acceptance of the updated Privacy Policy.

11. California Consumer Privacy Act (CCPA) Compliance

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

11.1 Right to Know

You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which we collected the information, the business or commercial purpose for collecting the information, and the categories of third parties with whom we share the information.

11.2 Right to Delete

You have the right to request that we delete the personal information we have collected from you, subject to certain exceptions provided by law.

11.3 Right to Opt-Out of Sale

We do not sell personal information as defined under the CCPA. Therefore, there is no need to opt out of the sale of personal information.

11.4 Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. We will not deny you the Service, charge you different prices, provide a different level of service, or suggest that you may receive a different price or level of service for exercising your rights.

11.5 Exercising Your Rights

To exercise your CCPA rights, please contact us using the information provided in Section 12 below. We will verify your identity before processing your request and respond within 45 days as required by law.

12. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

OKG Solutions
Email: [email protected]
Website: www.okgsolutions.com

For CCPA-specific requests, you may also contact us at: [email protected]