SiteTag ("we," "us," or "our") provides a hardware-enabled safety management and document retrieval platform for the construction and heavy industry sectors. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit our website, use our cloud-based Dashboard, or interact with our physical NFC wearable tags (collectively, the "Services").
Section 01
Our Role: Data Processor vs. Data Controller
SiteTag operates exclusively strictly on a Business-to-Business (B2B) model.
The Client as Data Controller: The employer, General Contractor, or company purchasing our Services (the "Client") is the Data Controller. The Client determines what worker data is uploaded to the platform and is legally responsible for obtaining explicit, documented consent from their workers before uploading any personal information to SiteTag.
SiteTag as Data Processor: We act solely as a Data Processor, hosting and displaying the information as directed by the Client. If you are an individual worker with questions about your data, you must contact your employer directly.
Section 02
Information We Collect
We collect information in three distinct categories based on how you interact with our Services:
A. Client Account Data (Information from Employers)
When a Client subscribes to our Services, we collect business contact and billing information, including: company name and address; names, email addresses, and phone numbers of the Client's authorized Dashboard administrators; and billing and payment processing details.
B. Worker Profile Data (Information Uploaded by Employers)
Clients may upload the following information regarding their personnel or sub-contractors to be associated with a physical SiteTag: worker name and employer/trade affiliation; digital safety passports (e.g., active safety tickets, site orientation status, trade qualifications); emergency contact names and phone numbers; and custom, non-medical "quick notes" intended for emergency scenarios.
C. Scanner Log Data (Information Collected Automatically)
When any individual taps a physical SiteTag using an NFC-enabled smartphone, our web servers automatically collect standard technical logs, which may include: the IP address of the scanning device; browser type and operating system; and the date, time, and approximate geographic location of the scan.
Note: We do not collect the personal identity of the person scanning the tag.
Section 03
The "Credential-Less" Public Disclosure Acknowledgment
SiteTag's core value is frictionless, immediate access in the field. Worker Profile Data associated with a physical SiteTag is not protected by passwords or user logins. By design, anyone who physically taps an active SiteTag with an NFC-enabled smartphone can view the associated digital profile.
We strictly process this data on the premise that the Client has informed their workers of this public-key retrieval architecture and obtained consent for this physical proximity-based disclosure.
Section 04
Strict Prohibition of Medical and Health Data
To protect individual privacy and comply with relevant privacy legislation, SiteTag explicitly prohibits the collection, storage, or transmission of personal medical records.
No Health Data: Clients and workers are strictly forbidden from uploading blood types, specific medical diagnoses, allergy information, or personal health numbers.
If we discover that prohibited medical information has been uploaded into a worker's profile or "quick notes," SiteTag reserves the right to delete that data immediately and without prior notice.
Section 05
How We Use the Information
SiteTag uses the collected information strictly to:
- Provide, operate, and maintain the Services (including resolving the NFC URL payload).
- Process Client transactions and manage billing.
- Monitor system performance, prevent tag cloning, and ensure platform security.
- Comply with legal obligations.
We do not sell, rent, or lease Client Account Data or Worker Profile Data to third-party marketers or data brokers.
Section 06
Data Retention and Deletion
Active Accounts: We retain Worker Profile Data as long as the Client maintains an active subscription and chooses to keep the data on our platform.
Termination: Upon termination of a Client's subscription, or upon a Client's direct request via the Dashboard, SiteTag will permanently delete or anonymize Worker Profile Data within 30 days, rendering the physical tags inactive.
Worker Requests: Because SiteTag is a Data Processor, individual workers requesting the deletion of their data must route their request through their employer (the Client).
Section 07
Data Security and Residency
We implement industry-standard administrative, technical, and physical security measures to protect the data stored on our cloud servers, including encryption at rest and in transit (AES-256). All Worker Profile Data and Client Account Data is hosted securely on servers located within Canada to ensure compliance with domestic data residency preferences.
Section 08
Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect changes in our technology, business practices, or legal requirements. We will notify Client administrators of any material changes via email or a prominent notice on the Dashboard prior to the changes taking effect.
Section 09
Contact Us
If you have any questions or concerns about this Privacy Policy or our data practices, please contact our team at: