Privacy Policy

Last updated: February 2, 2025

1. Who We Are

Food Safety Audit is a document management and compliance platform created by Rueth Systems & Strategy LLC. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

Contact Information:
Rueth Systems & Strategy LLC
Email: [email protected]

2. What This Policy Covers

This Privacy Policy applies to information we collect through our web application at foodsafeaudit.org, including when you create an account, use our services, or communicate with us.

3. Information We Collect

3.1 Account Information

When you sign in with Google, we receive and store:

  • Your name and email address from your Google account
  • Your Google account identifier (for authentication purposes)
  • Profile picture URL (if available)

3.2 Workspace and Organization Information

We collect information about your facility and organization, including:

  • Facility name, address, and contact information
  • Certification schemes and audit standards you follow
  • Team member information you add to your workspace

3.3 Google Drive Data

When you connect a Google Drive folder to our service, we access the following information necessary to provide the Service:

  • File and folder identifiers (IDs)
  • File names and folder structure
  • File timestamps (created, modified dates)
  • Permission metadata

Important: How We Handle Your Documents

We do not copy or store your full documents on our servers. Instead, we store references and metadata required to organize and report on your documentation. Your documents remain in your Google Drive.

AI Categorization: When you enable AI categorization, we may process document content transiently (in memory only) to classify documents and generate compliance outputs. This processing is temporary and the content is not permanently stored. We do not use your documents to train machine learning models.

3.4 Usage Data

We automatically collect certain information when you use our service:

  • Log data (IP address, browser type, pages visited, time spent)
  • Device information (device type, operating system)
  • Actions taken within the application

3.5 Billing Information

Payment processing is handled by Stripe. We do not store your full credit card number. We only store:

  • Last four digits of your card (for display purposes)
  • Subscription plan and status
  • Billing history and invoice records

3.6 Support Communications

When you contact us for support, we collect the content of your messages and any attachments you provide.

4. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Process your subscription and payments
  • Authenticate your identity and manage your account
  • Organize and categorize your documents for compliance purposes
  • Generate compliance reports and gap analyses
  • Send you service-related communications (account updates, security alerts)
  • Respond to your support requests
  • Analyze usage patterns to improve our service
  • Comply with legal obligations

5. How We Share Your Information

We do not sell your personal information. We may share your information with:

5.1 Service Providers (Subprocessors)

We use the following third-party services to operate our platform:

ProviderPurposeData Processed
Google Cloud PlatformAuthentication (OAuth)Account credentials
StripePayment processingBilling information
TiDB CloudDatabase hostingApplication data
CloudflareCDN and securityTraffic data
OpenAIAI categorizationDocument metadata (transient)

5.2 Legal Requirements

We may disclose your information if required by law, court order, or government request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

5.3 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

6. Data Retention

We retain your information for as long as your account is active or as needed to provide services:

  • Active accounts: Data retained while subscription is active
  • Free trial: Data retained for 30 days after trial ends if no subscription is purchased
  • Cancelled accounts: Data retained for 30 days after cancellation to allow reactivation
  • Deleted accounts: Data permanently deleted within 90 days of deletion request
  • Billing records: Retained for 7 years for tax and legal compliance

7. Security

We implement appropriate technical and organizational measures to protect your information:

  • TLS 1.3 encryption for all data in transit
  • AES-256 encryption for data at rest
  • Role-based access controls
  • Regular security audits and monitoring
  • Secure OAuth 2.0 authentication via Google

For more details, please see our Security Page.

8. Your Rights and Choices

You have the following rights regarding your personal information:

  • Access: Request a copy of your personal data
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your personal data
  • Export: Export your data in a portable format
  • Withdraw consent: Disconnect Google Drive access at any time

To exercise these rights, contact us at [email protected].

9. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to Know: Request information about the categories and specific pieces of personal information we collect
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: We do not sell personal information
  • Right to Non-Discrimination: We will not discriminate against you for exercising your rights

To submit a request, email [email protected]with the subject line "California Privacy Request."

10. International Users

Our services are hosted in the United States. If you access our services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States. By using our services, you consent to this transfer.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically.

12. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us:

Rueth Systems & Strategy LLC
Email: [email protected]
Website: ruethsystems.com