Privacy Policy
Stratum is a workplace safety inspection platform for sand, gravel, and aggregate mining operations. This policy explains what data we collect, how we use it, and your rights as a user.
1. Who We Are
Stratum is operated by Stratum LLC. For privacy questions, contact us at sethwindsor8@protonmail.com.
2. Who Uses Stratum
Stratum is an invite-only, B2B application for mining organizations. There is no open registration. Accounts are created by an organization administrator and are associated with a specific organization and one or more mine sites. Personal data is processed on behalf of the employing organization.
3. Data We Collect
3a. Account & Identity Data
Collected when an administrator creates your account or when you sign in:
- Name
- Email address
- Phone number (optional, used for notifications)
- Authentication tokens (stored encrypted on-device via iOS Keychain / Android Keystore)
3b. Organization & Site Data
- Organization name and structure (sites, crews, assignments)
- Site names and identifiers
- Employee records (name, role, site assignments) within your organization
3c. Inspection Data
- Inspection type, date, site, crew, and status
- Checklist responses
- Photos of equipment and work areas taken during inspections
- Findings: identified hazards, severity, applicable MSHA regulation citations (30 CFR)
- Corrective actions and their resolution status
3d. Usage & Diagnostic Data
- Aggregated counts of inspections and findings by site (used for analytics within your org)
- Sync status and upload queue state (stored locally, not transmitted separately)
We do not collect precise or background location. We do not collect microphone audio. We do not use data for advertising.
4. How We Use Your Data
| Purpose | Data used |
|---|---|
| Delivering the inspection service | All inspection data, photos, findings |
| AI-powered hazard analysis (see §5) | Inspection photos |
| Authentication and account management | Name, email, phone, auth tokens |
| Push notifications (sync status, findings) | Device push token, associated org/site |
| In-app analytics for your organization | Aggregated inspection and findings counts |
| Compliance recordkeeping | Inspection records, findings, corrective actions |
5. AI Photo Analysis — Anthropic Claude
When you complete an inspection and sync, Stratum's backend sends inspection photos to Anthropic's Claude API (anthropic.com) for MSHA hazard analysis. The photos are transmitted as image data and analyzed by Claude's vision model to identify potential safety hazards relevant to the inspection type and applicable 30 CFR standards.
Anthropic processes this data according to their Privacy Policy and API usage terms. Under Anthropic's commercial API terms, photos and analysis outputs are never used to train Anthropic's models, and API inputs and outputs are automatically deleted from Anthropic's systems within 7 days (see Anthropic's data usage policy). We recommend reviewing Anthropic's current privacy terms before relying on this for compliance purposes, as terms may change.
Photos sent to Anthropic include: the image content and a label identifying the photo position (e.g., "front", "left side", "photo_1"). No personal identity information about the inspector is included in the API payload.
6. Third-Party Services
| Service | Purpose | Data shared | Their privacy policy |
|---|---|---|---|
| Clerk (clerk.com) | Authentication, session management | Name, email, phone, device tokens | clerk.com/privacy |
| Supabase (supabase.com) | Database and photo storage | All app data including photos | supabase.com/privacy |
| Anthropic (anthropic.com) | AI hazard analysis of inspection photos | Inspection photos (see §5) | anthropic.com/privacy |
| Cloudflare (cloudflare.com) | Backend networking and transit | Encrypted traffic in transit only | cloudflare.com/privacypolicy |
| Expo / EAS (expo.dev) | App build, delivery, and OTA updates | App version, device info for updates | expo.dev/privacy |
7. Data Storage & Security
Inspection data and photos are stored in Supabase (hosted on AWS infrastructure). Data is encrypted in transit via HTTPS/TLS. Authentication tokens are stored on-device using the platform's secure enclave (iOS Keychain, Android Keystore).
Offline inspection data (queued while on a remote site without connectivity) is stored in encrypted on-device storage and uploaded automatically when connectivity is restored.
Access to your organization's data is restricted to users who belong to your organization. Data from one organization is not accessible to users of another organization.
8. Data Retention
Inspection records, findings, photos, and corrective actions are owned by the organization and retained for the lifetime of the organization's account. These records may be subject to MSHA recordkeeping requirements (30 CFR Part 50) that mandate minimum retention periods independent of this policy.
Account (personal) data — name, email, phone, auth credentials — is retained while your account is active and deleted or anonymized when you request account deletion (see §9).
Your organization can export its complete data set at any time from the web dashboard's Reports page in standard formats (PDF, CSV, JSON). If a subscription is terminated, organizational data is retained for a 90-day grace period so it can be exported before deletion. Stratum never sells, shares, or discloses customer data to any third party.
9. Account Deletion & Your Rights
You may request deletion of your account from within the Stratum app (Settings → Account → Delete Account). When you delete your account:
- Personal data (name, email, phone, authentication credentials) is deleted or anonymized.
- Organizational data (inspections, findings, photos, corrective actions you authored) is retained as part of your organization's compliance records. This data belongs to the organization, not to your individual account, and may be subject to mandatory MSHA retention requirements.
If you are the sole administrator of an organization, you must transfer organization ownership to another user before your account can be deleted. If no other user exists, contact us at sethwindsor8@protonmail.com to wind down the organization and initiate full deletion.
You may also submit a data deletion request via email without reinstalling the app. Send requests to sethwindsor8@protonmail.com with the subject line "Data Deletion Request" and include your name and email address associated with your account. We will respond within 30 days.
10. Children's Privacy
Stratum is designed for use by adult employees of mining operations. We do not knowingly collect data from anyone under 18 years of age. This app is not directed at or suitable for children.
11. Changes to This Policy
We may update this policy periodically. When we do, we will update the "Last updated" date at the top of this page. Continued use of Stratum after an update constitutes acceptance of the revised policy. Material changes will be communicated via in-app notification or email.
12. Contact
For privacy questions, data requests, or to exercise your rights, contact:
Stratum LLC
sethwindsor8@protonmail.com