CYNSERUS
PricingBlogAbout
Sign InGet Early Access
CYNSERUS

Last updated: March 15, 2026

Privacy Policy

1.Information We Collect

When you use Cynserus.com, we collect the following types of information:

  • Account Information. Name, email address, company name, and role provided during registration.
  • Intake Responses. Information you provide about your business, worksite, employees, and existing safety measures through our compliance intake forms.
  • Incident Reports. Reports submitted through your workplace incident reporting portal, including anonymous submissions.
  • Payment Information. Payment details processed securely by Stripe. We do not store credit card numbers on our servers.
  • Usage Data. Information about how you interact with our platform, including pages visited, features used, and timestamps.
  • Technical Information at Account Events. When you accept our Terms of Service or log into your account, we collect your IP address and browser user-agent string. This information is retained as part of your Terms of Service acceptance record for audit and legal compliance purposes. We do not use this information for advertising or sell it to third parties.

2.How We Use Your Information

We use the information we collect to:

  • Generate your customized Workplace Violence Prevention Plan and compliance documents
  • Send transactional emails including document delivery notifications, account updates, and security alerts
  • Send annual compliance reminders and renewal notices
  • Process payments and manage your subscription
  • Improve our services, including the accuracy and quality of generated compliance documents
  • Comply with legal obligations and respond to lawful requests from regulatory or law enforcement authorities

3.Third-Party Processors

We use the following third-party service providers to operate our platform. Each processor only receives the minimum data necessary to perform its function:

  • Stripe — Payment processing. Stripe handles all credit card data in accordance with PCI DSS standards.
  • Supabase — Database hosting and user authentication. Your account data and compliance records are stored with row-level security.
  • Anthropic, Inc. (Claude API) — We use Anthropic's Claude API to analyze your intake responses and generate your Workplace Violence Prevention Plan and compliance documents. This processing includes your business information, workplace details, and incident report data. Anthropic processes this data as our service provider under a Data Processing Addendum and is contractually prohibited from using your data for model training or any purpose other than providing the API service. Anthropic does not retain your data after processing is complete.
  • Browserless.io — PDF document generation. Document content is rendered to PDF format and not retained by the processor.
  • Resend — Transactional email delivery. Email addresses and message content are processed for delivery only.
  • Vercel — Application hosting and infrastructure.

We do not sell your personal information. We do not share your data with third parties for advertising or marketing purposes.

4.Data Retention

4.1 Active Accounts. While your account is active, we retain your compliance documents, intake responses, incident reports, and all associated data.

4.2 Account Deletion. If you delete your account, your compliance documents will remain available for download for 30 days. After 30 days, all your data will be permanently deleted from our systems, including your WVPP, incident logs, training records, and intake responses.

4.3 Your Recordkeeping Responsibility. California Labor Code Section 6401.9 requires employers to retain workplace violence prevention records for at least 5 years. You are responsible for downloading and retaining your own copies of all compliance documents before your account is deleted. We strongly recommend using the Export Data feature before requesting deletion.

5.Data Security

We implement the following security measures to protect your data:

  • Encryption in Transit. All data transmitted between your browser and our servers is encrypted using TLS (Transport Layer Security).
  • Row-Level Security. Database access is enforced at the row level, ensuring users can only access their own data.
  • Signed URLs. Compliance documents are accessed via time-limited signed URLs rather than permanent public links.
  • Server-Side Key Management. Sensitive API keys and service credentials are only accessible in server-side code and are never exposed to client browsers.

Security Breach Notification

If we become aware of a security incident that has resulted in unauthorized access to personal information we maintain, we will notify affected individuals within seventy-two (72) hours of confirmed discovery, consistent with California Civil Code §1798.82. We will send notice by email to the address associated with your account. The notice will describe the nature of the incident, the information involved, what we are doing in response, and what you can do to protect yourself.

6.Your Rights Under CCPA

As a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

  • Right to Know. You may request a copy of the personal information we have collected about you, the categories of sources, the business purpose for collecting it, and the categories of third parties with whom we share it.
  • Right to Delete. You may request that we delete your personal information, subject to certain exceptions including legal retention obligations.
  • Right to Opt Out of Sale. We do not sell your personal information. There is nothing to opt out of.
  • Right to Non-Discrimination. We will not discriminate against you for exercising any of your CCPA rights.

Deletion and Your Recordkeeping Obligations

If you request deletion of your account, we will honor that request. Your portal access will remain active for 30 days to allow you to download your compliance records. After 30 days, all personal information and compliance records will be permanently deleted. California Labor Code §6401.9 requires employers to retain workplace violence prevention records for at least 5 years. This is your obligation as the employer, not ours. Please download and retain your documents before your account is deleted.

How to Submit a Privacy Rights Request

To exercise your rights under CCPA/CPRA, email privacy@cynserus.com with the subject line "Privacy Rights Request."

Identity Verification: To protect your information, we must verify your identity before processing any request. For verified account holders, we will send a verification link to the email address on file for your account. For non-account holders requesting access to or deletion of their information (such as individuals named in incident reports), we require sufficient identifying information to locate your data and a signed declaration under penalty of perjury confirming your identity.

We will respond to all requests within 45 days. If we need additional time (up to 90 days total), we will notify you within the initial 45-day period.

Information About Third Parties in Incident Reports

Incident reports submitted through our platform may contain personal information about individuals who are not our clients — including witnesses, persons involved in incidents, and names referenced in law enforcement reports. This information is submitted by the employer-client and their employees.

Cynserus.com processes this third-party data as a service provider on behalf of the employer-client, who acts as the data controller for this information under the California Consumer Privacy Act (CCPA). The employer-client is responsible for their compliance obligations with respect to this data.

If you are a person named in an incident report and wish to exercise your privacy rights (including access, correction, or deletion), please contact the employer directly, as they are the controller of this data. You may also contact us at privacy@cynserus.com and we will direct your request to the appropriate employer-client. We will respond to all such inquiries within 5 business days.

7.Cookies and Tracking

7.1 Authentication Cookies. We use cookies solely for authentication and session management. These are essential for the platform to function and cannot be disabled.

7.2 No Third-Party Tracking. We do not use third-party tracking pixels, advertising cookies, or behavioral analytics tools.

7.3 No Advertising Cookies. We do not serve targeted advertisements and do not allow third-party ad networks to place cookies on our platform.

8.Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email at least 30 days before the changes take effect.

Your continued use of our services after the effective date of a revised Privacy Policy constitutes your acceptance of the revised terms.

9.Contact

If you have questions about this Privacy Policy or wish to exercise your rights under CCPA, contact us at:

privacy@cynserus.com

Cynserus.com
Santa Clara County, California

CYNSERUS

California SB 553 compliance, built by security experts.

Solutions

  • Enterprise
  • Restaurants
  • Retail
  • Salons & Spas
  • Startups

Company

  • About
  • Blog
  • Pricing
  • Contact

Resources

  • Incident Log Guide
  • 2026 Compliance Guide

Partners

  • Associations
  • Attorneys & Consultants
  • Payroll Platforms

Legal

  • Terms of Service
  • Privacy Policy
  • Employee Privacy

© 2026 Cynserus.com. All rights reserved. Cynserus.com provides compliance document tools and does not provide legal advice.