Privacy Notice

How Aquil Safety collects, uses, and protects personal data including authentication and platform usage information.

Overview

This Privacy Notice describes how Aquil Safety ("we," "us," or "our") collects, uses, discloses, and protects personal data in connection with our services, platforms, and websites. It applies to authorized users of the Aquil Safety dashboard, APIs, and related services.

By using our services, you acknowledge the data practices described in this notice.

Last reviewed: April 20, 2026.

Data we collect

Account and authentication data

We use Supabase to manage authentication. Depending on the sign-in method you use, we collect:

Google Sign-In

When you authenticate using Google, we receive the following information from your Google account:

Full name
Profile picture
Email address

Email and password

When you register or sign in with an email address and password:

Email address
A hashed (never plaintext) password, managed by Supabase Authentication

We do not store your plaintext password. Supabase handles password hashing and credential storage.

Usage and operational data

We may collect data related to your use of the Services, including:

Login timestamps and session metadata
Actions performed within the dashboard
API request logs (endpoint, timestamp, response status)
Device and browser type (for session security purposes)

Data provided through the Services

Clients and authorized operators may submit data through the Services in the course of safety operations, including incident reports, location data, and sensor outputs. This data is governed by the applicable executed agreement and the Acceptable Use Policy.

How we use your data

We use collected data to:

Authenticate and authorize access to the Services
Maintain session security and detect unauthorized access
Provide, operate, and improve the Services
Meet legal, contractual, and audit obligations
Communicate operationally significant updates

We do not sell your personal data to third parties.

Third-party services

Supabase

We use Supabase for authentication and data storage. Supabase processes personal data on our behalf under its own privacy and data processing terms. For details, see Supabase's Privacy Policy.

Google OAuth

When you sign in with Google, Google processes your authentication request under Google's Privacy Policy. We receive only the data listed above (full name, profile picture, email address) and do not have access to your Google account password.

Data retention

We retain personal data for the minimum period necessary to fulfill the purposes described in this notice, comply with applicable legal requirements, and meet contractual obligations. Account data may be retained for the duration of the contract term and for a period thereafter as required by law or audit obligations.

Data security

We apply industry-standard technical and organizational measures to protect personal data from unauthorized access, disclosure, alteration, or destruction. These include:

Encrypted data transmission (TLS)
Access controls and role-based permissions
Audit logging for sensitive operations
Supabase security infrastructure for authentication data

No system is completely secure. If you believe your account has been compromised, notify your administrator and use the incident contact path defined in your agreement immediately.

Your rights

Depending on your jurisdiction and applicable law, you may have the right to:

Access the personal data we hold about you
Request correction of inaccurate data
Request deletion of your account and associated data
Object to or restrict certain processing activities

To exercise these rights, contact us through the legal contact path defined in your agreement or through your organization's designated data protection contact.