← Back

Privacy Policy

Version 2026-05-04 • Effective May 4, 2026

This Privacy Policy explains how EinsteinDocs ("we", "us", "our") collects, uses, discloses, and protects information when you use the EinsteinDocs platform, including the website, web application, and any related services (collectively, the "Service"). By using the Service you agree to the practices described here. If you do not agree, do not use the Service.

1. Who we are

EinsteinDocs is a business-to-business compliance and recordkeeping tool used by industrial radiography teams to track radioactive-source equipment, sign-out logs, calibration records, and related regulatory documents. The Service is provided to authenticated users invited by their employer or program administrator.

2. Information we collect

We collect the following categories of information:

  • Account information: name, email address, hashed password, employer / branch affiliation, and assigned role (e.g. user, admin, corporate admin).
  • Operational records: equipment sign-out and sign-in entries, location of use, radiographer name, typed or drawn signature, survey readings, scanned source documents, calibration certificates, transport logs, and other compliance artifacts you upload.
  • Authentication & security data: login timestamps, IP address, user-agent string, and session cookies used to keep you signed in.
  • Device & usage data: standard server logs, error reports, and offline-queue metadata stored in your browser's local storage to support offline use.
  • Consent records: the version of this Privacy Policy and the Terms of Service you accepted, plus the timestamp, IP address, and user-agent at the moment of acceptance.

We do not knowingly collect information from individuals under 18 years of age. The Service is not directed at consumers and is not intended for personal or household use.

3. How we use information

We use the information described above to:

  • provide, operate, and maintain the Service;
  • authenticate users and enforce role-based access controls requested by your employer or program administrator;
  • generate, store, and export the regulatory records and audit trails the Service is designed to produce;
  • detect, investigate, and prevent fraud, abuse, or unauthorized access;
  • send transactional and operational notifications (e.g. invite emails, weekly upload digests, password resets); and
  • comply with our legal obligations and respond to lawful requests from regulators or auditors.

We do not sell personal information, and we do not use personal information for advertising, profiling, or automated decision-making with legal or similarly significant effects.

4. Legal bases for processing

Where the EU/UK GDPR or comparable laws apply, we process personal data on the following legal bases:

  • Contract: to deliver the Service to your employer and to you as an authorized user.
  • Legitimate interests: to keep the Service secure, prevent abuse, and improve reliability.
  • Legal obligation: to retain records required by radiation-safety, transportation, or other regulators.
  • Consent: where you give it (e.g. accepting this Policy and the Terms).

5. How we share information

We share information only as needed to operate the Service:

  • Within your organization: admins and corporate admins of your branch / organization can view records you create, including your name, signature, and submitted logs. This is the core purpose of the Service.
  • Service providers (sub-processors): we use trusted infrastructure vendors that process data on our instructions, including:
    • Supabase (database, authentication, file storage)
    • Vercel (application hosting and edge delivery)
    • SendGrid (Twilio) (transactional and digest email delivery)
  • Regulators and auditors: when required to fulfill the compliance purpose of the Service, or when compelled by lawful process.
  • Successors: in connection with a merger, acquisition, or asset sale, subject to equivalent privacy protections.

6. Data retention

Because the Service exists to produce defensible audit trails, operational records (sign-out logs, calibration entries, transport logs, source documents, audit binders, etc.) are retained for as long as your organization remains a customer and for any additional period required by applicable law. Account information is retained while your account is active and deleted or anonymized within a reasonable period after the account is closed, except where retention is required for legal, regulatory, or audit purposes.

7. Security

We use industry-standard safeguards including encryption in transit (HTTPS/TLS), encryption at rest at our infrastructure providers, role-based access controls, row-level security policies in the database, and least-privilege service accounts. No system is perfectly secure; you are responsible for keeping your password confidential and for notifying us immediately of any suspected unauthorized access to your account.

8. International transfers

Our infrastructure providers may store and process data in the United States and other countries. Where required, transfers are made under appropriate safeguards (such as Standard Contractual Clauses) provided by those vendors.

9. Your rights

Depending on where you live, you may have the right to access, correct, delete, port, or restrict processing of your personal information, and to withdraw consent. Because the Service is provided to you through your employer, many of these requests should be directed to your employer in the first instance. You can also contact us directly at the address below and we will respond within the timeframes required by applicable law.

California residents have additional rights under the CCPA/CPRA, including the right to know what personal information we collect, the right to delete, and the right to non-discrimination for exercising those rights. We do not sell or "share" personal information for cross-context behavioral advertising.

10. Cookies & local storage

We use strictly necessary cookies to keep you signed in and to remember your branch context. We use browser local storage to queue sign-outs while offline so that data is not lost if your device loses connectivity. We do not use advertising cookies or third-party tracking cookies.

11. Changes to this Policy

We may update this Policy from time to time. When we make material changes we will increase the version number and require you to re-accept the updated Policy before continuing to use the Service. The "Effective" date at the top of this page reflects the latest version.

12. Contact

For privacy questions, data-subject requests, or to report a security concern, contact us at privacy@einsteindocs.com.

See also our Terms of Service.