Back
Privacy Policy for makeswms
# Privacy Policy
**makeswms.com**
Last Updated: December 17, 2025
---
This Privacy Policy describes how SIA Valabijs (Reg. No. 40203667525), a company registered in Latvia, doing business as makeswms.com ("we," "us," or "our") collects, uses, and shares your personal information when you use our website, services, and applications (collectively, the "Service"). By using the Service, you agree to the collection and use of information in accordance with this policy.
---
## 1. INFORMATION WE COLLECT
### 1.1 Information You Provide
We collect information that you provide directly to us, including:
- Name and contact information (email address, phone number)
- Business information (business name, ABN, address, trade or industry)
- Payment information (processed securely through our payment provider)
- Information entered into document templates, including:
- Site and project details
- Hazard and risk information
- Control measures and safety procedures
- Worker names and competencies
- Equipment and PPE information
- Emergency contact details
- Communications with us (support requests, feedback)
### 1.2 Information Collected Automatically
When you use our Service, we automatically collect:
- Log data (IP address, browser type, pages visited)
- Device information (device type, operating system)
- Usage data (features used, documents generated, time spent on pages)
- Cookie data (see Section 6 for details)
### 1.3 Information About Third Parties
You may input information about third parties into documents generated through the Service, including:
- Worker names and contact details
- Principal contractor information
- Emergency contact information
- Competency and licensing information
You represent that you have the authority to provide this information and have informed the relevant individuals about its use.
---
## 2. HOW WE USE YOUR INFORMATION
We use the information we collect to:
- Provide, maintain, and improve our Service
- Process your transactions and manage your subscription
- Generate and store documents on your behalf
- Send service-related communications (account updates, security alerts)
- Respond to your requests and provide customer support
- Analyse usage patterns to improve our templates and features
- Ensure the security and integrity of our Service
- Comply with legal obligations
We may use anonymised and aggregated data from document generation to improve our templates, hazard databases, and control measure libraries. This data is not personally identifiable.
---
## 3. LEGAL BASIS FOR PROCESSING (GDPR)
We process your personal data based on the following legal grounds:
- **Contract Performance:** To provide the Service you've purchased
- **Legitimate Interests:** To improve our Service, ensure security, and enhance our templates
- **Legal Obligations:** To comply with applicable laws
- **Consent:** For marketing communications (where applicable)
---
## 4. DATA SHARING AND THIRD-PARTY SERVICES
We share your information with:
### 4.1 Service Providers
- **Stripe** — Payment processing
- **MongoDB Cloud** — Database and document storage
- **Cloudflare** — Security and content delivery
- **Resend** — Transactional email delivery
- **Plausible** — Privacy-focused analytics
- **Anthropic** — AI-assisted document generation features
- **Hetzner** — Server infrastructure
We only share information necessary for these providers to perform their services. All providers are bound by data processing agreements.
### 4.2 Legal Requirements
We may disclose your information to comply with legal obligations, respond to lawful requests, or protect our rights and safety.
### 4.3 Business Transfers
If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.
---
## 5. INTERNATIONAL DATA TRANSFERS
Your information may be transferred to and processed in countries other than your own. Our primary servers and database are located in Singapore. Our company is registered in the European Union (Latvia).
For transfers of personal data, we rely on:
- Standard contractual clauses approved by the European Commission
- Adequacy decisions where applicable
- Other appropriate safeguards in accordance with GDPR requirements
Singapore maintains robust data protection laws under the Personal Data Protection Act (PDPA) and is a recognised international data hub.
---
## 6. COOKIES AND TRACKING TECHNOLOGIES
We use the following types of cookies:
- **Essential cookies:** Required for Service functionality (login, session management)
- **Analytics cookies:** To understand how you use our Service (via Plausible, which is privacy-focused and does not use personal identifiers)
- **Functional cookies:** To remember your preferences
We do not use advertising or marketing cookies.
You can manage cookie preferences through your browser settings. Note that disabling essential cookies may affect Service functionality.
---
## 7. DATA RETENTION
### 7.1 Account Data
We retain your account information for as long as your account is active or as needed to provide you with the Service.
### 7.2 Generated Documents
Documents you generate are stored in your account for your convenience. You may delete documents at any time. Upon account termination, documents are retained for a reasonable period (typically 30 days) before deletion.
### 7.3 Post-Termination
Following account termination, we may retain certain data as required by law or for legitimate business purposes (such as resolving disputes or enforcing agreements).
### 7.4 Backup Data
Backup copies of data may be retained for a limited period as part of our disaster recovery procedures.
---
## 8. YOUR RIGHTS (GDPR)
Under the General Data Protection Regulation, you have the right to:
- **Access** your personal data
- **Rectify** inaccurate data
- **Request erasure** of your data ("right to be forgotten")
- **Restrict processing** of your data
- **Data portability** — receive your data in a structured, machine-readable format
- **Object to processing** based on legitimate interests
- **Withdraw consent** where processing is based on consent
To exercise these rights, contact us at [email protected]. We will respond to your request within 30 days as required by law.
---
## 9. YOUR RESPONSIBILITIES REGARDING THIRD-PARTY DATA
When you input information about workers, contractors, or other third parties into the Service, you are responsible for:
- Ensuring you have the authority to provide this information
- Informing those individuals that their information is being used
- Responding to any requests from those individuals regarding their data
- Complying with applicable privacy and data protection laws
We act as a Data Processor for third-party information you input. You remain the Data Controller for this information.
---
## 10. CHILDREN'S PRIVACY
Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected such information, we will take steps to delete it.
---
## 11. SECURITY
We implement appropriate technical and organisational measures to protect your personal information, including:
- SSL/TLS encryption for data in transit
- Encryption of sensitive data at rest
- Access controls and authentication
- Regular security assessments
However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security. You are responsible for maintaining the security of your account credentials.
---
## 12. DATA BREACH NOTIFICATION
In the event of a data breach that poses a risk to your rights and freedoms, we will:
- Notify the relevant supervisory authority within 72 hours where required
- Notify affected users as soon as practicable
- Take appropriate remedial measures
---
## 13. MARKETING COMMUNICATIONS
We may send you service-related communications (such as account notifications and updates) as part of providing the Service.
Marketing communications are only sent with your consent. You can opt out at any time by:
- Clicking the unsubscribe link in any marketing email
- Contacting us at [email protected]
---
## 14. AUTOMATED PROCESSING
We may use automated systems to:
- Generate document content based on your inputs and our templates
- Suggest hazards and control measures based on trade selection
- Analyse usage patterns to improve our Service
These automated processes assist in document generation but do not make decisions that produce legal effects concerning you. You retain full control over document content and can modify any automated suggestions.
---
## 15. LINKS TO THIRD-PARTY WEBSITES
Our Service may contain links to third-party websites or resources (such as regulatory authority websites). We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.
---
## 16. CHANGES TO THIS POLICY
We may update this Privacy Policy from time to time. We will notify you of any material changes by:
- Posting the new policy on our website with an updated "Last Updated" date
- Sending an email notification for significant changes
Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.
---
## 17. CONTACT INFORMATION
For any questions about this Privacy Policy or our data practices, please contact:
**SIA Valabijs** (doing business as makeswms.com)
Reg. No. 40203667525
Email: [email protected]
Website: https://makeswms.com
SIA Valabijs is the Data Controller for personal data processed through the Service, as defined under GDPR.
---
## 18. SUPERVISORY AUTHORITY
If you are located in the European Economic Area and believe we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with your local data protection supervisory authority.
For users in Latvia, the supervisory authority is:
**Data State Inspectorate (Datu valsts inspekcija)**
Website: https://www.dvi.gov.lv