WHVP Risk Assessment Checklist
Back

Privacy Policy

Last updated: June 2026

1. Information We Collect

1.1 Assessment Data

We collect and store the information you provide during the risk assessment, including:

  • Organization details (company name, address, industry, size).
  • Assessor and partner contact information.
  • Assessment answers and triggered action items.
  • Your timezone, captured at the time of submission.

1.2 Cookies and Local Storage

We use cookies and similar storage technologies as described in our Cookie Policy. The following cookies and browser storage mechanisms are used:

  • ch_whvp_uid — A unique anonymous identifier assigned to your browser session. Used solely to maintain assessment continuity. Expires after 365 days.
  • ch_whvp_consent — Records your cookie consent preference (accepted or declined). Expires after 365 days.
  • Session storage — Temporarily holds organization information during the assessment flow; cleared upon completion.

2. Analytics

With your consent, we use Firebase Analytics (Google LLC) to collect anonymous usage data, including page views, section interactions, and feature usage. This helps us improve the Tool’s functionality and user experience.

Analytics events are prefixed with WHVP_ASSESSMENT_. Each event includes a client-side timestamp and your IANA timezone string. No personal information, company names, or specific assessment answers are sent to analytics.

Firebase Analytics may use cookies and local storage (IndexedDB) to queue events when offline. Data is handled in accordance with Google’s Privacy Policy. You may withdraw consent at any time by clearing the ch_whvp_consent cookie.

3. How We Store Your Data

Assessment submissions are stored in either Firebase Firestore or Supabase, depending on the configured provider. Both services use enterprise-grade encryption at rest and in transit. Access is restricted to authenticated server-side processes using service-role credentials.

We retain assessment records for as long as necessary to provide the service and comply with legal obligations. You should maintain your own copies of assessment results for your records.

4. Data Sharing

We do not sell, rent, or trade your personal information. Assessment data is accessible only to authorized personnel within your organization and the system administrators of the underlying infrastructure (Firebase / Supabase). We may disclose information if required by law or to protect our legal rights.

5. Third-Party Services

The Tool relies on the following third-party services:

  • Firebase (Google LLC) — Authentication, Firestore database, and Analytics. Privacy Policy
  • Supabase — Database storage (when configured). Privacy Policy

6. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Request correction or deletion of your data.
  • Withdraw consent for analytics at any time.
  • Export your assessment data in a portable format.

To exercise these rights, contact the designated employer representative within your organization or reach out to us.

7. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated “Last updated” date. We encourage you to review this page periodically.

If you have questions about this Privacy Policy, please contact your organization’s designated employer representative.