Privacy Policy

PHASR Systems is operated by [Company Name], registered in the Netherlands. We are the data controller for personal data collected through phasrsystems.com and app.phasrsystems.com.

Contact: privacy@phasrsystems.com

We collect the following categories of personal data:

• Account data: name, email address, password (hashed)
• Usage data: features used, session duration, error logs
• Project data: function trees, safety assessment content you create
• Communication data: messages sent via our contact form
• Payment data: handled by our payment processor — we do not store card details

We process your personal data on the following legal bases under GDPR:

• Contract: to provide the PHASR Systems service you have signed up for
• Legitimate interest: to improve the product, prevent abuse, and ensure security
• Consent: for optional analytics cookies (you can withdraw at any time)
• Legal obligation: where required by applicable law

• To provide, maintain and improve the PHASR Systems platform
• To authenticate your account and manage your subscription
• To send transactional emails (account confirmation, password reset)
• To respond to support and sales enquiries
• To detect and prevent fraud and abuse
• To comply with legal obligations

We do not sell your personal data to third parties.

Your data is stored securely using Supabase (hosted on AWS in the EU). We apply row-level security to ensure users can only access their own data. Data is encrypted at rest and in transit.

Project data — function trees, safety assessments and related content — is stored in your account and is never shared with other users or organisations without your explicit consent.

We retain your account data for as long as your account is active. If you delete your account, we will delete or anonymise your personal data within 30 days, unless we are required to retain it for legal reasons.

Under GDPR, you have the following rights:

• Access: request a copy of the data we hold about you
• Rectification: correct inaccurate personal data
• Erasure: request deletion of your personal data
• Portability: receive your data in a machine-readable format
• Objection: object to processing based on legitimate interest
• Restriction: request we limit processing of your data

To exercise any of these rights, contact us at privacy@phasrsystems.com. We will respond within 30 days.

We use essential cookies required for the service to function, and optional analytics cookies. See our Cookie Policy for full details.

We use the following third-party processors:

• Supabase — database and authentication (EU hosting)
• Vercel — hosting and edge network
• Resend — transactional email delivery
• Stripe — payment processing (planned)

Each processor is bound by a Data Processing Agreement.

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by a prominent notice on our website.

For privacy-related questions: privacy@phasrsystems.com

You also have the right to lodge a complaint with the Dutch data protection authority: Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl).